From 46dd81455f2adc4db495b6f3aa70d02d60129008 Mon Sep 17 00:00:00 2001 From: Aveen Ismail Date: Thu, 12 Sep 2024 10:40:50 +0200 Subject: [PATCH] YKCS11: Test: Increase test coverage of X25519 keys --- ykcs11/tests/ykcs11_tests_util.c | 51 +++++++++++++++++++++++++++++--- 1 file changed, 47 insertions(+), 4 deletions(-) diff --git a/ykcs11/tests/ykcs11_tests_util.c b/ykcs11/tests/ykcs11_tests_util.c index 13a39ca3..00d644a5 100644 --- a/ykcs11/tests/ykcs11_tests_util.c +++ b/ykcs11/tests/ykcs11_tests_util.c @@ -373,8 +373,10 @@ void import_x25519key(CK_FUNCTION_LIST_3_0_PTR funcs, CK_SESSION_HANDLE session, CK_BYTE params[] = {0x13, 0x0b, 0x63, 0x75, 0x72, 0x76, 0x65, 0x32, 0x35, 0x35, 0x31, 0x39}; CK_ULONG class_k = CKO_PRIVATE_KEY; + CK_ULONG class_c = CKO_CERTIFICATE; CK_ULONG kt = CKK_EC_MONTGOMERY; CK_BYTE id = 1; + CK_BYTE value_c[255] = {0}; CK_CHAR pvt[255] = {0}; CK_ULONG pvt_len = sizeof(pvt); @@ -387,21 +389,62 @@ void import_x25519key(CK_FUNCTION_LIST_3_0_PTR funcs, CK_SESSION_HANDLE session, {CKA_VALUE, pvt, pvt_len} }; - EVP_PKEY *key = NULL; + CK_ATTRIBUTE certTemplate[] = { + {CKA_CLASS, &class_c, sizeof(class_c)}, + {CKA_ID, &id, sizeof(id)}, + {CKA_VALUE, value_c, sizeof(value_c)} + }; + + EVP_PKEY *xkey = NULL; EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); EVP_PKEY_keygen_init(ctx); - EVP_PKEY_keygen(ctx, &key); + EVP_PKEY_keygen(ctx, &xkey); EVP_PKEY_CTX_free(ctx); - asrt(EVP_PKEY_get_raw_private_key(key, pvt, &pvt_len), 1, "EXTRACTING PRIVATE ED25519 KEY"); + asrt(EVP_PKEY_get_raw_private_key(xkey, pvt, &pvt_len), 1, "EXTRACTING PRIVATE ED25519 KEY"); privateKeyTemplate[4].ulValueLen = pvt_len; + + // Generate a dummy ED25519 to sign an X509certificate for the X25519 keyt + EVP_PKEY *ed_key = NULL; + EVP_PKEY_CTX *ed_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); + EVP_PKEY_keygen_init(ed_ctx); + EVP_PKEY_keygen(ed_ctx, &ed_key); + EVP_PKEY_CTX_free(ed_ctx); + + X509 *cert = X509_new(); + X509_set_version(cert, 2); // Version 3 + X509_NAME_add_entry_by_txt(X509_get_issuer_name(cert), "CN", MBSTRING_ASC, (unsigned char*)"Test Issuer", -1, -1, 0); + X509_NAME_add_entry_by_txt(X509_get_subject_name(cert), "CN", MBSTRING_ASC, (unsigned char*)"Test Subject", -1, -1, 0); + ASN1_INTEGER_set(X509_get_serialNumber(cert), 0); + X509_gmtime_adj(X509_get_notBefore(cert), 0); + X509_gmtime_adj(X509_get_notAfter(cert), 0); + + if (X509_set_pubkey(cert, xkey) == 0) { + exit(EXIT_FAILURE); + } + + if (X509_sign(cert, ed_key, NULL) == 0) { + exit(EXIT_FAILURE); + } + EVP_PKEY_free(ed_key); + + CK_ULONG cert_len; + unsigned char *p = value_c; + if ((cert_len = (CK_ULONG) i2d_X509(cert, &p)) == 0 || cert_len > sizeof(value_c)) + exit(EXIT_FAILURE); + + certTemplate[2].ulValueLen = cert_len; + asrt(funcs->C_Login(session, CKU_SO, (CK_CHAR_PTR)"010203040506070801020304050607080102030405060708", 48), CKR_OK, "Login SO"); + asrt(funcs->C_CreateObject(session, certTemplate, 3, obj_cert), CKR_OK, "IMPORT CERT"); + asrt(*obj_cert, 37, "CERTIFICATE HANDLE"); asrt(funcs->C_CreateObject(session, privateKeyTemplate, 5, obj_pvtkey), CKR_OK, "IMPORT KEY"); asrt(*obj_pvtkey, 86, "PRIVATE KEY HANDLE"); asrt(funcs->C_Logout(session), CKR_OK, "Logout SO"); - EVP_PKEY_free(key); + X509_free(cert); + EVP_PKEY_free(xkey); } EC_KEY* import_ec_key(CK_FUNCTION_LIST_3_0_PTR funcs, CK_SESSION_HANDLE session, CK_BYTE n_keys, int curve, CK_ULONG key_len,