From fd80d48ded8f550f9d2853721b5200bde0d951fa Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Tue, 2 Nov 2010 19:58:05 +0100 Subject: Add symmetric key extraction support Also allow marking keys as "sensitive" (= CKA_SENSITIVE = non-extractable), which is an API change. --- tests/symm_ciphers.c | 11 ++-- tests/symm_keys.c | 135 ++++++++++++++++++++++++++++++++++++++++++++++++ tests/symm_signatures.c | 11 ++-- 3 files changed, 148 insertions(+), 9 deletions(-) create mode 100644 tests/symm_keys.c (limited to 'tests') diff --git a/tests/symm_ciphers.c b/tests/symm_ciphers.c index 1995eeb..0722a0e 100644 --- a/tests/symm_ciphers.c +++ b/tests/symm_ciphers.c @@ -26,6 +26,7 @@ POSSIBILITY OF SUCH DAMAGE. Red Hat author: Miloslav Trmač */ #include +#include #include #include #include @@ -110,7 +111,7 @@ main (void) res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_create (&key, tvs[i].key_type, tvs[i].key, + res = ncr_symm_key_create (&key, tvs[i].key_type, true, tvs[i].key, tvs[i].key_size); assert (res == CKR_OK); @@ -165,7 +166,7 @@ main (void) res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_create (&key, tvs[i].key_type, tvs[i].key, + res = ncr_symm_key_create (&key, tvs[i].key_type, true, tvs[i].key, tvs[i].key_size); assert (res == CKR_OK); @@ -206,7 +207,8 @@ main (void) res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_generate (&key, tvs[i].key_gen_mech, tvs[i].key_size); + res = ncr_symm_key_generate (&key, tvs[i].key_gen_mech, true, + tvs[i].key_size); assert (res == CKR_OK); for (j = 0; j < 2; j++) @@ -258,7 +260,8 @@ main (void) res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_generate (&key, tvs[i].key_gen_mech, tvs[i].key_size); + res = ncr_symm_key_generate (&key, tvs[i].key_gen_mech, true, + tvs[i].key_size); assert (res == CKR_OK); for (j = 0; j < 2; j++) diff --git a/tests/symm_keys.c b/tests/symm_keys.c new file mode 100644 index 0000000..aee5396 --- /dev/null +++ b/tests/symm_keys.c @@ -0,0 +1,135 @@ +/* ncr_symm_key_* tests. + +Copyright 2010 Red Hat, Inc. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +EVENT SHALL CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER +IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +Red Hat author: Miloslav Trmač */ + +#include +#include +#include +#include +#include + +#include +#include + +static void +log_silent (const gchar *log_domain, GLogLevelFlags log_level, + const gchar *message, gpointer user_data) +{ + (void)log_domain; + (void)log_level; + (void)message; + (void)user_data; +} + +static void +check_set_sentitive_failure (struct ncr_symm_key *key) +{ + uint8_t dest[256]; + size_t dest_size; + CK_RV res; + + /* Extraction of a sensitive value is a programming error, so we complain to + stderr. Hide this in the test output. */ + + g_log_set_default_handler (log_silent, NULL); + + dest_size = sizeof (dest); + res = ncr_symm_key_export (key, dest, &dest_size); + assert (res == CKR_ATTRIBUTE_SENSITIVE); + + g_log_set_default_handler (g_log_default_handler, NULL); +} + +int +main (void) +{ + static const uint8_t input[32] + = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F"; + + uint8_t dest[256]; + size_t dest_size; + struct ncr_symm_key *key; + CK_RV res; + + res = ncr_symm_key_create (&key, CKK_AES, false, input, sizeof (input)); + assert (res == CKR_OK); + + dest_size = sizeof (dest); + res = ncr_symm_key_export (key, dest, &dest_size); + assert (res == CKR_OK); + assert (dest_size == sizeof (input)); + assert (memcmp (dest, input, dest_size) == 0); + + res = ncr_symm_key_set_sensitive (key); + assert (res == CKR_OK); + + res = ncr_symm_key_set_sensitive (key); + assert (res == CKR_OK); + + check_set_sentitive_failure (key); + + res = ncr_symm_key_destroy (key); + assert (res == CKR_OK); + + + res = ncr_symm_key_create (&key, CKK_AES, true, input, sizeof (input)); + assert (res == CKR_OK); + + check_set_sentitive_failure (key); + + res = ncr_symm_key_destroy (key); + assert (res == CKR_OK); + + + res = ncr_symm_key_generate (&key, CKM_AES_KEY_GEN, false, sizeof (input)); + assert (res == CKR_OK); + + dest_size = sizeof (dest); + res = ncr_symm_key_export (key, dest, &dest_size); + assert (res == CKR_OK); + assert (dest_size == sizeof (input)); + + res = ncr_symm_key_set_sensitive (key); + assert (res == CKR_OK); + + res = ncr_symm_key_set_sensitive (key); + assert (res == CKR_OK); + + check_set_sentitive_failure (key); + + res = ncr_symm_key_destroy (key); + assert (res == CKR_OK); + + + res = ncr_symm_key_generate (&key, CKM_AES_KEY_GEN, true, sizeof (input)); + assert (res == CKR_OK); + + check_set_sentitive_failure (key); + + res = ncr_symm_key_destroy (key); + assert (res == CKR_OK); + return EXIT_SUCCESS; +} diff --git a/tests/symm_signatures.c b/tests/symm_signatures.c index 003d19d..d53eeef 100644 --- a/tests/symm_signatures.c +++ b/tests/symm_signatures.c @@ -26,6 +26,7 @@ POSSIBILITY OF SUCH DAMAGE. Red Hat author: Miloslav Trmač */ #include +#include #include #include #include @@ -81,7 +82,7 @@ main (void) res = ncr_symm_signature_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_create (&key, CKK_GENERIC_SECRET, tvs[i].key, + res = ncr_symm_key_create (&key, CKK_GENERIC_SECRET, true, tvs[i].key, tvs[i].key_size); assert (res == CKR_OK); @@ -132,7 +133,7 @@ main (void) res = ncr_symm_signature_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_create (&key, CKK_GENERIC_SECRET, tvs[i].key, + res = ncr_symm_key_create (&key, CKK_GENERIC_SECRET, true, tvs[i].key, tvs[i].key_size); assert (res == CKR_OK); @@ -225,7 +226,7 @@ main (void) res = ncr_symm_signature_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_create (&key, CKK_GENERIC_SECRET, tvs[i].key, + res = ncr_symm_key_create (&key, CKK_GENERIC_SECRET, true, tvs[i].key, tvs[i].key_size); assert (res == CKR_OK); @@ -269,7 +270,7 @@ main (void) res = ncr_symm_signature_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_generate (&key, CKM_GENERIC_SECRET_KEY_GEN, + res = ncr_symm_key_generate (&key, CKM_GENERIC_SECRET_KEY_GEN, true, tvs[i].key_size); assert (res == CKR_OK); @@ -318,7 +319,7 @@ main (void) res = ncr_symm_signature_alloc (&sess, tvs[i].mech); assert (res == CKR_OK); - res = ncr_symm_key_generate (&key, CKM_GENERIC_SECRET_KEY_GEN, + res = ncr_symm_key_generate (&key, CKM_GENERIC_SECRET_KEY_GEN, true, tvs[i].key_size); assert (res == CKR_OK); -- cgit