diff options
author | Miloslav Trmač <mitr@redhat.com> | 2010-11-02 20:12:05 +0100 |
---|---|---|
committer | Miloslav Trmač <mitr@redhat.com> | 2010-11-02 20:12:05 +0100 |
commit | bd08fece6e5c509dc22588c93303b067c6900b56 (patch) | |
tree | b5554704b3c1b48915256fb48112871da87d3160 | |
parent | e6b6e8785e16f1c824fd1f1f333ef2591f6f0a10 (diff) | |
parent | 278a10d4af56af2af8fcb4aa81f492db6109ef58 (diff) | |
download | ncrypto-bd08fece6e5c509dc22588c93303b067c6900b56.tar.gz ncrypto-bd08fece6e5c509dc22588c93303b067c6900b56.tar.xz ncrypto-bd08fece6e5c509dc22588c93303b067c6900b56.zip |
Merge branch 'local'
-rw-r--r-- | Makefile.am | 6 | ||||
-rw-r--r-- | include/ncrypto/ncrypto.h | 12 | ||||
-rw-r--r-- | lib/internal.h | 2 | ||||
-rw-r--r-- | lib/ncrypto_local.c | 57 | ||||
-rw-r--r-- | tests/symm_ciphers.c | 12 | ||||
-rw-r--r-- | tests/symm_keys.c | 135 | ||||
-rw-r--r-- | tests/symm_signatures.c | 11 |
7 files changed, 205 insertions, 30 deletions
diff --git a/Makefile.am b/Makefile.am index 2a95d2f..1631982 100644 --- a/Makefile.am +++ b/Makefile.am @@ -35,7 +35,8 @@ AM_CPPFLAGS = -I $(top_srcdir)/include $(GLIB_CFLAGS) $(NSS_CFLAGS) \ ## Targets lib_LTLIBRARIES = lib/libncrypto.la pkginclude_HEADERS = include/ncrypto/ncrypto.h -TESTS = tests/digests tests/rsa tests/symm_ciphers tests/symm_signatures +TESTS = tests/digests tests/rsa tests/symm_ciphers tests/symm_keys \ + tests/symm_signatures ## Rules noinst_PROGRAMS = $(TESTS) @@ -53,5 +54,8 @@ tests_rsa_LDFLAGS = -no-install tests_symm_ciphers_LDADD = lib/libncrypto.la $(GLIB_LIBS) tests_symm_ciphers_LDFLAGS = -no-install +tests_symm_keys_LDADD = lib/libncrypto.la $(GLIB_LIBS) +tests_symm_keys_LDFLAGS = -no-install + tests_symm_signatures_LDADD = lib/libncrypto.la $(GLIB_LIBS) tests_symm_signatures_LDFLAGS = -no-install diff --git a/include/ncrypto/ncrypto.h b/include/ncrypto/ncrypto.h index 01964f9..024d5a7 100644 --- a/include/ncrypto/ncrypto.h +++ b/include/ncrypto/ncrypto.h @@ -55,10 +55,15 @@ CK_RV ncr_get_random_bytes (void *dest, size_t size); struct ncr_symm_key; +/* "Sensitive" corresponds to CKA_SENSITIVE. */ CK_RV ncr_symm_key_create (struct ncr_symm_key **key, CK_KEY_TYPE type, - const void *value, size_t value_size); + _Bool sensitive, const void *value, + size_t value_size); CK_RV ncr_symm_key_generate (struct ncr_symm_key **key, CK_MECHANISM_TYPE mech, - size_t value_size); + _Bool sensitive, size_t value_size); +CK_RV ncr_symm_key_set_sensitive (struct ncr_symm_key *key); +CK_RV ncr_symm_key_export (struct ncr_symm_key *key, void *dest, + size_t *dest_size_ptr); CK_RV ncr_symm_key_destroy (struct ncr_symm_key *key); /* Asymmetric keys */ @@ -147,8 +152,7 @@ CK_RV ncr_digest_standalone (CK_MECHANISM_TYPE mech, void *dest, struct ncr_symm_cipher_session; -/* Note that for *_ECB and *_CBC, the input must be block-aligned. For - *_CBC_PAD, it does not have to be. */ +/* Note that for *_ECB and *_CBC, the input must be block-aligned. */ /* Session lifetime management. */ CK_RV ncr_symm_cipher_alloc (struct ncr_symm_cipher_session **sess, diff --git a/lib/internal.h b/lib/internal.h index 97fb77d..8b6d25b 100644 --- a/lib/internal.h +++ b/lib/internal.h @@ -29,12 +29,14 @@ Red Hat author: Miloslav Trmač <mitr@redhat.com> */ #include <config.h> +#include <stdbool.h> #include <stdint.h> #include <ncrypto/ncrypto.h> struct ncr_symm_key { CK_KEY_TYPE type; + bool sensitive; size_t size; uint8_t value[]; }; diff --git a/lib/ncrypto_local.c b/lib/ncrypto_local.c index 0dc9cbe..6d7af27 100644 --- a/lib/ncrypto_local.c +++ b/lib/ncrypto_local.c @@ -62,7 +62,7 @@ ncr_get_random_bytes (void *dest, size_t size) CK_RV ncr_symm_key_create (struct ncr_symm_key **key, CK_KEY_TYPE type, - const void *value, size_t value_size) + _Bool sensitive, const void *value, size_t value_size) { struct ncr_symm_key *k; @@ -76,6 +76,7 @@ ncr_symm_key_create (struct ncr_symm_key **key, CK_KEY_TYPE type, return CKR_HOST_MEMORY; k->type = type; + k->sensitive = sensitive; k->size = value_size; memcpy (k->value, value, value_size); *key = k; @@ -137,7 +138,7 @@ des3_fixup_key (uint8_t value[static 3 * DES_KEY_SIZE]) CK_RV ncr_symm_key_generate (struct ncr_symm_key **key, CK_MECHANISM_TYPE mech, - size_t value_size) + _Bool sensitive, size_t value_size) { struct ncr_symm_key *k; CK_KEY_TYPE type; @@ -174,6 +175,7 @@ ncr_symm_key_generate (struct ncr_symm_key **key, CK_MECHANISM_TYPE mech, return CKR_HOST_MEMORY; k->type = type; + k->sensitive = sensitive; k->size = value_size; regenerate: res = ncr_get_random_bytes (k->value, value_size); @@ -194,6 +196,41 @@ ncr_symm_key_generate (struct ncr_symm_key **key, CK_MECHANISM_TYPE mech, } CK_RV +ncr_symm_key_set_sensitive (struct ncr_symm_key *key) +{ + g_return_val_if_fail (key != NULL, CKR_KEY_HANDLE_INVALID); + key->sensitive = true; + return CKR_OK; +} + +CK_RV +ncr_symm_key_export (struct ncr_symm_key *key, void *dest, + size_t *dest_size_ptr) +{ + g_return_val_if_fail (key != NULL, CKR_KEY_HANDLE_INVALID); + g_return_val_if_fail (dest_size_ptr != NULL, CKR_ARGUMENTS_BAD); + + g_return_val_if_fail (!key->sensitive, CKR_ATTRIBUTE_SENSITIVE); + + if (dest == NULL) + { + *dest_size_ptr = key->size; + return CKR_OK; + } + if (*dest_size_ptr < key->size) + { + *dest_size_ptr = key->size; + return CKR_BUFFER_TOO_SMALL; + } + + g_return_val_if_fail (dest != NULL, CKR_ARGUMENTS_BAD); + + memcpy (dest, key->value, key->size); + *dest_size_ptr = key->size; + return CKR_OK; +} + +CK_RV ncr_symm_key_destroy (struct ncr_symm_key *key) { g_return_val_if_fail (key != NULL, CKR_KEY_HANDLE_INVALID); @@ -209,7 +246,6 @@ struct ncr_symm_cipher_session { EVP_CIPHER_CTX ctx; CK_MECHANISM_TYPE mech; - size_t padding_size; /* Additional space to reserve for padding */ bool encrypting; /* Debugging only */ enum { NSCS_NEW, NSCS_INITIALIZED, NSCS_UPDATED, NSCS_FINISHED } state; @@ -251,7 +287,6 @@ symm_cipher_init (struct ncr_symm_cipher_session *sess, bool encrypt, size_t param_size) { const EVP_CIPHER *type; - bool padding; g_return_val_if_fail (sess != NULL, CKR_SESSION_HANDLE_INVALID); g_return_val_if_fail (sess->state == NSCS_NEW || sess->state == NSCS_FINISHED, @@ -279,15 +314,12 @@ symm_cipher_init (struct ncr_symm_cipher_session *sess, bool encrypt, g_return_val_if_fail (key->type == CKK_AES, CKR_KEY_TYPE_INCONSISTENT); g_return_val_if_fail (param_size == 0, CKR_MECHANISM_PARAM_INVALID); AES_SWITCH (ecb); - padding = false; break; case CKM_AES_CBC: - case CKM_AES_CBC_PAD: g_return_val_if_fail (key->type == CKK_AES, CKR_KEY_TYPE_INCONSISTENT); g_return_val_if_fail (param_size == 16, CKR_MECHANISM_PARAM_INVALID); AES_SWITCH (cbc); - padding = sess->mech == CKM_AES_CBC_PAD; break; #undef AES_ENTRY @@ -296,16 +328,13 @@ symm_cipher_init (struct ncr_symm_cipher_session *sess, bool encrypt, g_return_val_if_fail (key->size == 24, CKR_KEY_SIZE_RANGE); g_return_val_if_fail (param_size == 0, CKR_MECHANISM_PARAM_INVALID); type = EVP_des_ede3 (); - padding = false; break; case CKM_DES3_CBC: - case CKM_DES3_CBC_PAD: g_return_val_if_fail (key->type == CKK_DES3, CKR_KEY_TYPE_INCONSISTENT); g_return_val_if_fail (key->size == 24, CKR_KEY_SIZE_RANGE); g_return_val_if_fail (param_size == 8, CKR_MECHANISM_PARAM_INVALID); type = EVP_des_ede3_cbc (); - padding = sess->mech == CKM_DES3_CBC_PAD; break; default: @@ -315,10 +344,9 @@ symm_cipher_init (struct ncr_symm_cipher_session *sess, bool encrypt, if (EVP_CipherInit_ex (&sess->ctx, type, NULL, key->value, param_size != 0 ? param : NULL, encrypt ? 1 : 0) == 0) return ckr_openssl (); - if (!padding && EVP_CIPHER_CTX_set_padding (&sess->ctx, 0) == 0) + if (EVP_CIPHER_CTX_set_padding (&sess->ctx, 0) == 0) return ckr_openssl (); - sess->padding_size = padding ? EVP_CIPHER_block_size (type) : 0; sess->encrypting = encrypt; sess->state = NSCS_INITIALIZED; return CKR_OK; @@ -341,7 +369,7 @@ symm_cipher_update (struct ncr_symm_cipher_session *sess, bool encrypt, if (dest == NULL) { - *dest_size_ptr = src_size + sess->padding_size; + *dest_size_ptr = src_size; return CKR_OK; } if (*dest_size_ptr < src_size) /* FIXME? this does not handle partial data */ @@ -377,10 +405,9 @@ do_symm_cipher_update_final (struct ncr_symm_cipher_session *sess, if (dest == NULL) { - *dest_size_ptr = src_size + sess->padding_size; + *dest_size_ptr = src_size; return CKR_OK; } - /* FIXME? this does not handle partial data or padding. */ if (*dest_size_ptr < src_size) { *dest_size_ptr = src_size; diff --git a/tests/symm_ciphers.c b/tests/symm_ciphers.c index 1995eeb..27a9752 100644 --- a/tests/symm_ciphers.c +++ b/tests/symm_ciphers.c @@ -26,6 +26,7 @@ POSSIBILITY OF SUCH DAMAGE. Red Hat author: Miloslav Trmač <mitr@redhat.com> */ #include <assert.h> +#include <stdbool.h> #include <stdint.h> #include <stdlib.h> #include <string.h> @@ -48,7 +49,6 @@ struct tv size_t output_size; }; -/* FIXME: Test CBC_PAD as well. */ static const struct tv tvs[] = { #define TV(M, GM, K, KEY, IV, IN, OUT) \ @@ -110,7 +110,7 @@ main (void) res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_create (&key, tvs[i].key_type, tvs[i].key, + res = ncr_symm_key_create (&key, tvs[i].key_type, true, tvs[i].key, tvs[i].key_size); assert (res == CKR_OK); @@ -165,7 +165,7 @@ main (void) res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_create (&key, tvs[i].key_type, tvs[i].key, + res = ncr_symm_key_create (&key, tvs[i].key_type, true, tvs[i].key, tvs[i].key_size); assert (res == CKR_OK); @@ -206,7 +206,8 @@ main (void) res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_generate (&key, tvs[i].key_gen_mech, tvs[i].key_size); + res = ncr_symm_key_generate (&key, tvs[i].key_gen_mech, true, + tvs[i].key_size); assert (res == CKR_OK); for (j = 0; j < 2; j++) @@ -258,7 +259,8 @@ main (void) res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_generate (&key, tvs[i].key_gen_mech, tvs[i].key_size); + res = ncr_symm_key_generate (&key, tvs[i].key_gen_mech, true, + tvs[i].key_size); assert (res == CKR_OK); for (j = 0; j < 2; j++) diff --git a/tests/symm_keys.c b/tests/symm_keys.c new file mode 100644 index 0000000..aee5396 --- /dev/null +++ b/tests/symm_keys.c @@ -0,0 +1,135 @@ +/* ncr_symm_key_* tests. + +Copyright 2010 Red Hat, Inc. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +EVENT SHALL CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER +IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +Red Hat author: Miloslav Trmač <mitr@redhat.com> */ + +#include <assert.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> + +#include <glib.h> +#include <ncrypto/ncrypto.h> + +static void +log_silent (const gchar *log_domain, GLogLevelFlags log_level, + const gchar *message, gpointer user_data) +{ + (void)log_domain; + (void)log_level; + (void)message; + (void)user_data; +} + +static void +check_set_sentitive_failure (struct ncr_symm_key *key) +{ + uint8_t dest[256]; + size_t dest_size; + CK_RV res; + + /* Extraction of a sensitive value is a programming error, so we complain to + stderr. Hide this in the test output. */ + + g_log_set_default_handler (log_silent, NULL); + + dest_size = sizeof (dest); + res = ncr_symm_key_export (key, dest, &dest_size); + assert (res == CKR_ATTRIBUTE_SENSITIVE); + + g_log_set_default_handler (g_log_default_handler, NULL); +} + +int +main (void) +{ + static const uint8_t input[32] + = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F"; + + uint8_t dest[256]; + size_t dest_size; + struct ncr_symm_key *key; + CK_RV res; + + res = ncr_symm_key_create (&key, CKK_AES, false, input, sizeof (input)); + assert (res == CKR_OK); + + dest_size = sizeof (dest); + res = ncr_symm_key_export (key, dest, &dest_size); + assert (res == CKR_OK); + assert (dest_size == sizeof (input)); + assert (memcmp (dest, input, dest_size) == 0); + + res = ncr_symm_key_set_sensitive (key); + assert (res == CKR_OK); + + res = ncr_symm_key_set_sensitive (key); + assert (res == CKR_OK); + + check_set_sentitive_failure (key); + + res = ncr_symm_key_destroy (key); + assert (res == CKR_OK); + + + res = ncr_symm_key_create (&key, CKK_AES, true, input, sizeof (input)); + assert (res == CKR_OK); + + check_set_sentitive_failure (key); + + res = ncr_symm_key_destroy (key); + assert (res == CKR_OK); + + + res = ncr_symm_key_generate (&key, CKM_AES_KEY_GEN, false, sizeof (input)); + assert (res == CKR_OK); + + dest_size = sizeof (dest); + res = ncr_symm_key_export (key, dest, &dest_size); + assert (res == CKR_OK); + assert (dest_size == sizeof (input)); + + res = ncr_symm_key_set_sensitive (key); + assert (res == CKR_OK); + + res = ncr_symm_key_set_sensitive (key); + assert (res == CKR_OK); + + check_set_sentitive_failure (key); + + res = ncr_symm_key_destroy (key); + assert (res == CKR_OK); + + + res = ncr_symm_key_generate (&key, CKM_AES_KEY_GEN, true, sizeof (input)); + assert (res == CKR_OK); + + check_set_sentitive_failure (key); + + res = ncr_symm_key_destroy (key); + assert (res == CKR_OK); + return EXIT_SUCCESS; +} diff --git a/tests/symm_signatures.c b/tests/symm_signatures.c index 003d19d..d53eeef 100644 --- a/tests/symm_signatures.c +++ b/tests/symm_signatures.c @@ -26,6 +26,7 @@ POSSIBILITY OF SUCH DAMAGE. Red Hat author: Miloslav Trmač <mitr@redhat.com> */ #include <assert.h> +#include <stdbool.h> #include <stdint.h> #include <stdlib.h> #include <string.h> @@ -81,7 +82,7 @@ main (void) res = ncr_symm_signature_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_create (&key, CKK_GENERIC_SECRET, tvs[i].key, + res = ncr_symm_key_create (&key, CKK_GENERIC_SECRET, true, tvs[i].key, tvs[i].key_size); assert (res == CKR_OK); @@ -132,7 +133,7 @@ main (void) res = ncr_symm_signature_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_create (&key, CKK_GENERIC_SECRET, tvs[i].key, + res = ncr_symm_key_create (&key, CKK_GENERIC_SECRET, true, tvs[i].key, tvs[i].key_size); assert (res == CKR_OK); @@ -225,7 +226,7 @@ main (void) res = ncr_symm_signature_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_create (&key, CKK_GENERIC_SECRET, tvs[i].key, + res = ncr_symm_key_create (&key, CKK_GENERIC_SECRET, true, tvs[i].key, tvs[i].key_size); assert (res == CKR_OK); @@ -269,7 +270,7 @@ main (void) res = ncr_symm_signature_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_generate (&key, CKM_GENERIC_SECRET_KEY_GEN, + res = ncr_symm_key_generate (&key, CKM_GENERIC_SECRET_KEY_GEN, true, tvs[i].key_size); assert (res == CKR_OK); @@ -318,7 +319,7 @@ main (void) res = ncr_symm_signature_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_generate (&key, CKM_GENERIC_SECRET_KEY_GEN, + res = ncr_symm_key_generate (&key, CKM_GENERIC_SECRET_KEY_GEN, true, tvs[i].key_size); assert (res == CKR_OK); |