Skip to content

Commit

Permalink
ykcs11: Fixed calculating expected data length. Added tests for retur…
Browse files Browse the repository at this point in the history 
…ning data length
  • Loading branch information
@aveenismail
aveenismail committed Jan 28, 2020
1 parent 028ead9 commit f557e6c
Show file tree
Hide file tree
Showing 3 changed files with 81 additions and 52 deletions.
6 changes: 3 additions & 3 deletions ykcs11/tests/ykcs11_tests.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -771,9 +771,9 @@ static void test_decrypt_RSA() {
if (evp == NULL || rsak == NULL)
exit(EXIT_FAILURE);

//test_rsa_decrypt(funcs, session, obj_pvtkey, N_SELECTED_KEYS, rsak, CKM_RSA_PKCS, RSA_PKCS1_PADDING);
//test_rsa_decrypt(funcs, session, obj_pvtkey, N_SELECTED_KEYS, rsak, CKM_RSA_X_509, RSA_NO_PADDING);
//test_rsa_decrypt(funcs, session, obj_pvtkey, N_SELECTED_KEYS, rsak, CKM_RSA_PKCS_OAEP, RSA_PKCS1_OAEP_PADDING);
test_rsa_decrypt(funcs, session, obj_pvtkey, N_SELECTED_KEYS, rsak, CKM_RSA_PKCS, RSA_PKCS1_PADDING);
test_rsa_decrypt(funcs, session, obj_pvtkey, N_SELECTED_KEYS, rsak, CKM_RSA_X_509, RSA_NO_PADDING);
test_rsa_decrypt(funcs, session, obj_pvtkey, N_SELECTED_KEYS, rsak, CKM_RSA_PKCS_OAEP, RSA_PKCS1_OAEP_PADDING);

test_rsa_decrypt_oaep(funcs, session, obj_pvtkey, N_SELECTED_KEYS, CKM_SHA_1, rsak);
test_rsa_decrypt_oaep(funcs, session, obj_pvtkey, N_SELECTED_KEYS, CKM_SHA256, rsak);
Expand Down
92 changes: 56 additions & 36 deletions ykcs11/tests/ykcs11_tests_util.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -599,7 +599,7 @@ void test_ec_sign_simple(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session,
CK_BYTE data[32];
CK_ULONG data_len;
CK_BYTE sig[256];
CK_ULONG recv_len;
CK_ULONG sig_len;

CK_BYTE der_encoded[116];

Expand All @@ -614,8 +614,8 @@ void test_ec_sign_simple(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session,

asrt(funcs->C_SignInit(session, &mech, obj_pvtkey[i]), CKR_OK, "SignInit");
asrt(funcs->C_Login(session, CKU_CONTEXT_SPECIFIC, (CK_CHAR_PTR)"123456", 6), CKR_OK, "Re-Login USER");
recv_len = sizeof(sig);
asrt(funcs->C_Sign(session, data, sizeof(data), sig, &recv_len), CKR_OK, "Sign");
sig_len = sizeof(sig);
asrt(funcs->C_Sign(session, data, sizeof(data), sig, &sig_len), CKR_OK, "Sign");

if(eck != NULL) {
// External verification
Expand All @@ -624,7 +624,7 @@ void test_ec_sign_simple(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session,
} else {
// Internal verification
asrt(funcs->C_VerifyInit(session, &mech, get_public_key_handle(funcs, session, obj_pvtkey[i])), CKR_OK, "VerifyInit");
asrt(funcs->C_Verify(session, data, sizeof(data), sig, recv_len), CKR_OK, "Verify");
asrt(funcs->C_Verify(session, data, sizeof(data), sig, sig_len), CKR_OK, "Verify");
}
}
asrt(funcs->C_Logout(session), CKR_OK, "Logout USER");
Expand All @@ -633,15 +633,13 @@ void test_ec_sign_simple(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session,
void test_ec_sign_thorough(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE_PTR obj_pvtkey,
CK_MECHANISM_TYPE mech_type, EC_KEY *eck, CK_ULONG key_len) {

CK_BYTE i, j;
CK_BYTE data[32];
CK_ULONG data_len;
CK_BYTE hdata[64];
unsigned int hdata_len;
CK_BYTE sig[256];
CK_ULONG sig_len;
CK_BYTE sig_update[256];
CK_ULONG sig_update_len;
CK_BYTE i, j;
CK_BYTE data[32];
CK_ULONG data_len;
CK_BYTE hdata[64];
unsigned int hdata_len;
CK_BYTE* sig;
CK_ULONG sig_len;

CK_BYTE der_encoded[116];
const EVP_MD *md;
Expand All @@ -662,7 +660,9 @@ void test_ec_sign_thorough(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session
// Sign
asrt(funcs->C_SignInit(session, &mech, obj_pvtkey[i]), CKR_OK, "SignInit");
asrt(funcs->C_Login(session, CKU_CONTEXT_SPECIFIC, (CK_CHAR_PTR)"123456", 6), CKR_OK, "Re-Login USER");
sig_len = sizeof(sig);
sig_len = 0;
asrt(funcs->C_Sign(session, data, sizeof(data), NULL, &sig_len), CKR_OK, "Sign");
sig = malloc(sig_len);
asrt(funcs->C_Sign(session, data, sizeof(data), sig, &sig_len), CKR_OK, "Sign");
//Verify
asrt(funcs->C_VerifyInit(session, &mech, obj_pubkey), CKR_OK, "VerifyInit");
Expand All @@ -688,19 +688,18 @@ void test_ec_sign_thorough(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session

asrt(ECDSA_verify(0, hdata, hdata_len, der_encoded, der_encoded[1] + 2, eck), 1, "ECDSA VERIFICATION");
}
free(sig);
}
}
asrt(funcs->C_Logout(session), CKR_OK, "Logout USER");
}

void test_rsa_sign_simple(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE_PTR obj_pvtkey,
CK_BYTE n_keys, EVP_PKEY* evp) {
CK_BYTE i, j;
CK_BYTE i;
CK_BYTE data[32];
CK_BYTE sig[256];
CK_BYTE sig_update[256];
CK_ULONG sig_len;
CK_ULONG sig_update_len;
EVP_PKEY_CTX *ctx = NULL;

CK_BYTE hdata[512];
Expand Down Expand Up @@ -744,8 +743,8 @@ void test_rsa_sign_thorough(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE sessio
CK_BYTE n_keys, EVP_PKEY* evp, CK_MECHANISM_TYPE mech_type) {
CK_BYTE i, j;
CK_BYTE data[32];
CK_BYTE sig[256];
CK_BYTE sig_update[256];
CK_BYTE* sig;
CK_BYTE* sig_update;
CK_ULONG sig_len;
CK_ULONG sig_update_len;
EVP_PKEY_CTX *ctx = NULL;
Expand All @@ -768,7 +767,9 @@ void test_rsa_sign_thorough(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE sessio
// Sign
asrt(funcs->C_SignInit(session, &mech, obj_pvtkey[i]), CKR_OK, "SIGN INIT");
asrt(funcs->C_Login(session, CKU_CONTEXT_SPECIFIC, (CK_CHAR_PTR)"123456", 6), CKR_OK, "Re-Login USER");
sig_len = sizeof(sig);
sig_len = 0;
asrt(funcs->C_Sign(session, data, sizeof(data), NULL, &sig_len), CKR_OK, "SIGN");
sig = malloc(sig_len);
asrt(funcs->C_Sign(session, data, sizeof(data), sig, &sig_len), CKR_OK, "SIGN");

// External verification
Expand All @@ -788,20 +789,25 @@ void test_rsa_sign_thorough(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE sessio
// Sign Update
asrt(funcs->C_SignInit(session, &mech, obj_pvtkey[i]), CKR_OK, "SIGN INIT");
asrt(funcs->C_Login(session, CKU_CONTEXT_SPECIFIC, (CK_CHAR_PTR)"123456", 6), CKR_OK, "Re-Login USER");
sig_update_len = sizeof(sig_update);
sig_update_len = 0;
asrt(funcs->C_SignUpdate(session, data, 16), CKR_OK, "SIGN UPDATE 1");
asrt(funcs->C_SignUpdate(session, data + 16, 10), CKR_OK, "SIGN UPDATE 2");
asrt(funcs->C_SignUpdate(session, data + 26, 6), CKR_OK, "SIGN UPDATE 3");
asrt(funcs->C_SignFinal(session, sig_update, &sig_update_len), CKR_OK, "SIGN FINAL");
asrt(funcs->C_SignFinal(session, NULL, &sig_update_len), CKR_OK, "SIGN FINAL");
asrt(sig_update_len, sig_len, "SIGNATURE LENGTH");
sig_update = malloc(sig_update_len);
asrt(funcs->C_SignFinal(session, sig_update, &sig_update_len), CKR_OK, "SIGN FINAL");
// Compare signatures
asrt(memcmp(sig, sig_update, sig_len), 0, "SIGNATURE");

// Internal verification: Verify Update
asrt(funcs->C_VerifyInit(session, &mech, obj_pubkey), CKR_OK, "VERIFY INIT");
asrt(funcs->C_VerifyUpdate(session, data, 10), CKR_OK, "VERIFY UPDATE 1");
asrt(funcs->C_VerifyUpdate(session, data+10, 22), CKR_OK, "VERIFY UPDATE 2");
asrt(funcs->C_VerifyFinal(session, sig_update, sig_update_len), CKR_OK, "VERIFY FINAL");
asrt(funcs->C_VerifyFinal(session, sig_update, sig_update_len), CKR_OK, "VERIFY FINAL");

free(sig);
free(sig_update);
}
}

Expand All @@ -812,8 +818,8 @@ void test_rsa_sign_pss(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK
CK_BYTE n_keys, RSA* rsak, CK_MECHANISM_TYPE mech_type) {
CK_BYTE i, j;
CK_BYTE* data;
CK_BYTE sig[256];
CK_BYTE sig_update[256];
CK_BYTE* sig;
CK_BYTE* sig_update;
CK_ULONG sig_len;
CK_ULONG sig_update_len;

Expand Down Expand Up @@ -841,7 +847,9 @@ void test_rsa_sign_pss(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK
// Sign
asrt(funcs->C_SignInit(session, &mech, obj_pvtkey[i]), CKR_OK, "SIGN INIT");
asrt(funcs->C_Login(session, CKU_CONTEXT_SPECIFIC, (CK_CHAR_PTR)"123456", 6), CKR_OK, "Re-Login USER");
sig_len = sizeof(sig);
sig_len = 0;
asrt(funcs->C_Sign(session, data, pss_params.sLen, NULL, &sig_len), CKR_OK, "SIGN");
sig = malloc(sig_len);
asrt(funcs->C_Sign(session, data, pss_params.sLen, sig, &sig_len), CKR_OK, "SIGN");

// External verification
Expand Down Expand Up @@ -869,11 +877,13 @@ void test_rsa_sign_pss(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK
// Sign Update
asrt(funcs->C_SignInit(session, &mech, obj_pvtkey[i]), CKR_OK, "SIGN INIT");
asrt(funcs->C_Login(session, CKU_CONTEXT_SPECIFIC, (CK_CHAR_PTR)"123456", 6), CKR_OK, "Re-Login USER");
sig_update_len = sizeof(sig_update);
sig_update_len = 0;
asrt(funcs->C_SignUpdate(session, data, 10), CKR_OK, "SIGN UPDATE 1");
asrt(funcs->C_SignUpdate(session, data + 10, pss_params.sLen - 10), CKR_OK, "SIGN UPDATE 2");
asrt(funcs->C_SignFinal(session, sig_update, &sig_update_len), CKR_OK, "SIGN FINAL");
asrt(funcs->C_SignFinal(session, NULL, &sig_update_len), CKR_OK, "SIGN FINAL");
asrt(sig_update_len, sig_len, "SIGNATURE LENGTH");
sig_update = malloc(sig_update_len);
asrt(funcs->C_SignFinal(session, sig_update, &sig_update_len), CKR_OK, "SIGN FINAL");


// External verification
Expand All @@ -900,6 +910,8 @@ void test_rsa_sign_pss(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK
asrt(funcs->C_VerifyUpdate(session, data+5, pss_params.sLen-5), CKR_OK, "VERIFY UPDATE 2");
asrt(funcs->C_VerifyFinal(session, sig_update, sig_update_len), CKR_OK, "VERIFY FINAL");

free(sig);
free(sig_update);
}
}
free(data);
Expand Down Expand Up @@ -929,7 +941,7 @@ void test_rsa_decrypt(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK_
int data_len, enc_len;
CK_BYTE* data;
CK_BYTE enc[512];
CK_BYTE dec[512];
CK_BYTE* dec;
CK_ULONG dec_len;

if(padding == RSA_NO_PADDING) {
Expand Down Expand Up @@ -957,10 +969,13 @@ void test_rsa_decrypt(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK_
// Decrypt
asrt(funcs->C_DecryptInit(session, &mech, obj_pvtkey[i]), CKR_OK, "DECRYPT INIT");
asrt(funcs->C_Login(session, CKU_CONTEXT_SPECIFIC, (CK_CHAR_PTR)"123456", 6), CKR_OK, "Re-Login USER");
dec_len = sizeof(dec);
dec_len = 0;
asrt(funcs->C_Decrypt(session, enc, enc_len, NULL, &dec_len), CKR_OK, "DECRYPT");
dec = malloc(dec_len);
asrt(funcs->C_Decrypt(session, enc, enc_len, dec, &dec_len), CKR_OK, "DECRYPT");
asrt(dec_len, data_len, "DECRYPTED DATA LEN");
asrt(memcmp(data, dec, dec_len), 0, "DECRYPTED DATA");
free(dec);

// Decrypt Update
asrt(funcs->C_DecryptInit(session, &mech, obj_pvtkey[i]), CKR_OK, "DECRYPT INIT");
Expand All @@ -971,10 +986,13 @@ void test_rsa_decrypt(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK_
asrt(funcs->C_DecryptUpdate(session, enc+100, 8, dec, &dec_len), CKR_OK, "DECRYPT UPDATE");
dec_len = sizeof(dec);
asrt(funcs->C_DecryptUpdate(session, enc+108, 20, dec, &dec_len), CKR_OK, "DECRYPT UPDATE");
dec_len = sizeof(dec);
dec_len = 0;
asrt(funcs->C_DecryptFinal(session, NULL, &dec_len), CKR_OK, "DECRYPT FINAL");
dec = malloc(dec_len);
asrt(funcs->C_DecryptFinal(session, dec, &dec_len), CKR_OK, "DECRYPT FINAL");
asrt(dec_len, data_len, "DECRYPTED DATA LEN");
asrt(memcmp(data, dec, dec_len), 0, "DECRYPTED DATA");
free(dec);
}
}
free(data);
Expand Down Expand Up @@ -1045,7 +1063,7 @@ void test_rsa_encrypt(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK_
CK_ULONG i,j;
CK_BYTE data[32];
CK_ULONG data_len = sizeof(data);
CK_BYTE enc[512];
CK_BYTE enc[128];
CK_ULONG enc_len;
CK_BYTE dec[512];
CK_ULONG dec_len;
Expand All @@ -1065,9 +1083,10 @@ void test_rsa_encrypt(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK_

// Encrypt
asrt(funcs->C_EncryptInit(session, &mech, pubkey), CKR_OK, "ENCRYPT INIT CKM_RSA_PKCS");
enc_len = sizeof(enc);
asrt(funcs->C_Encrypt(session, data, data_len, enc, &enc_len), CKR_OK, "ENCRYPT CKM_RSA_PKCS");
enc_len = 0;
asrt(funcs->C_Encrypt(session, data, data_len, NULL, &enc_len), CKR_OK, "ENCRYPT CKM_RSA_PKCS");
asrt(enc_len, 128, "ENCRYPTED DATA LEN");
asrt(funcs->C_Encrypt(session, data, data_len, enc, &enc_len), CKR_OK, "ENCRYPT CKM_RSA_PKCS");

dec_len = RSA_private_decrypt(enc_len, enc, dec, rsak, padding);
if(padding == RSA_NO_PADDING) {
Expand All @@ -1084,9 +1103,10 @@ void test_rsa_encrypt(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK_
asrt(funcs->C_EncryptUpdate(session, data, 10, enc, &enc_len), CKR_OK, "ENCRYPT UPDATE CKM_RSA_PKCS");
enc_len = sizeof(enc);
asrt(funcs->C_EncryptUpdate(session, data+10, 22, enc, &enc_len), CKR_OK, "ENCRYPT UPDATE CKM_RSA_PKCS");
enc_len = sizeof(enc);
asrt(funcs->C_EncryptFinal(session, enc, &enc_len), CKR_OK, "ENCRYPT FINAL CKM_RSA_PKCS");
enc_len = 0;
asrt(funcs->C_EncryptFinal(session, NULL, &enc_len), CKR_OK, "ENCRYPT FINAL CKM_RSA_PKCS");
asrt(enc_len, 128, "ENCRYPTED DATA LEN");
asrt(funcs->C_EncryptFinal(session, enc, &enc_len), CKR_OK, "ENCRYPT FINAL CKM_RSA_PKCS");

dec_len = RSA_private_decrypt(enc_len, enc, dec, rsak, padding);
if(padding == RSA_NO_PADDING) {
Expand Down
35 changes: 22 additions & 13 deletions ykcs11/ykcs11.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2063,8 +2063,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_Encrypt)(
rv = CKR_OK;

enc_out:
session->op_info.type = YKCS11_NOOP;
session->op_info.buf_len = 0;
if(pEncryptedData) {
session->op_info.type = YKCS11_NOOP;
session->op_info.buf_len = 0;
}
DOUT;
return rv;
}
Expand Down Expand Up @@ -2177,8 +2179,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_EncryptFinal)(
rv = CKR_OK;

encfinal_out:
session->op_info.type = YKCS11_NOOP;
session->op_info.buf_len = 0;
if(pLastEncryptedPart) {
session->op_info.type = YKCS11_NOOP;
session->op_info.buf_len = 0;
}
DOUT;
return rv;
}
Expand Down Expand Up @@ -2300,8 +2304,13 @@ CK_DEFINE_FUNCTION(CK_RV, C_Decrypt)(
}

CK_ULONG key_len = do_get_key_size(session->op_info.op.encrypt.key);
CK_ULONG datalen = (key_len + 7) / 8 - 11;
DBG("The size of the data will be %lu", datalen);
CK_ULONG datalen = (key_len + 7) / 8; // When RSA_NO_PADDING is used
if(session->op_info.op.encrypt.padding == RSA_PKCS1_PADDING) {
datalen -= 11;
} else if(session->op_info.op.encrypt.padding == RSA_PKCS1_OAEP_PADDING) {
datalen -= 41;
}
DBG("The maximum size of the data will be %lu", datalen);

if (pData == NULL) {
// Just return the size of the decrypted data
Expand Down Expand Up @@ -2396,11 +2405,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_DecryptUpdate)(
rv = CKR_OK;

decrypt_out:
if(rv != CKR_OK) {
session->op_info.type = YKCS11_NOOP;
session->op_info.buf_len = 0;
}

DOUT;
return rv;
}
Expand Down Expand Up @@ -2441,8 +2445,13 @@ CK_DEFINE_FUNCTION(CK_RV, C_DecryptFinal)(
}

CK_ULONG key_len = do_get_key_size(session->op_info.op.encrypt.key);
CK_ULONG datalen = (key_len + 7) / 8 - 11;
DBG("The size of the data will be %lu", datalen);
CK_ULONG datalen = (key_len + 7) / 8; // When RSA_NO_PADDING is used
if(session->op_info.op.encrypt.padding == RSA_PKCS1_PADDING) {
datalen -= 11;
} else if(session->op_info.op.encrypt.padding == RSA_PKCS1_OAEP_PADDING) {
datalen -= 41;
}
DBG("The maximum size of the data will be %lu", datalen);

if (pLastPart == NULL) {
// Just return the size of the decrypted data
Expand Down

0 comments on commit f557e6c

Please sign in to comment.