pkcs11_protect_server 0.2.2-x86-mingw32

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,79 @@
1
+ PKCS11_DEFINE_STRUCT(CK_DES_CBC_PARAMS);
2
+ PKCS11_DEFINE_MEMBER(CK_DES_CBC_PARAMS, iv);
3
+ PKCS11_DEFINE_MEMBER(CK_DES_CBC_PARAMS, data);
4
+
5
+ PKCS11_DEFINE_STRUCT(CK_DES2_CBC_PARAMS);
6
+ PKCS11_DEFINE_MEMBER(CK_DES2_CBC_PARAMS, iv);
7
+ PKCS11_DEFINE_MEMBER(CK_DES2_CBC_PARAMS, data);
8
+
9
+ PKCS11_DEFINE_STRUCT(CK_DES3_CBC_PARAMS);
10
+ PKCS11_DEFINE_MEMBER(CK_DES3_CBC_PARAMS, iv);
11
+ PKCS11_DEFINE_MEMBER(CK_DES3_CBC_PARAMS, data);
12
+
13
+ PKCS11_DEFINE_STRUCT(CK_TIMESTAMP_PARAMS);
14
+ PKCS11_DEFINE_MEMBER(CK_TIMESTAMP_PARAMS, useMilliseconds);
15
+ PKCS11_DEFINE_MEMBER(CK_TIMESTAMP_PARAMS, timestampFormat);
16
+
17
+ PKCS11_DEFINE_STRUCT(CK_ATTRIBUTES);
18
+ PKCS11_DEFINE_MEMBER(CK_ATTRIBUTES, attributes);
19
+
20
+ PKCS11_DEFINE_STRUCT(CK_MECH_AND_OBJECT);
21
+ PKCS11_DEFINE_MEMBER(CK_MECH_AND_OBJECT, mechanism);
22
+ PKCS11_DEFINE_MEMBER(CK_MECH_AND_OBJECT, obj);
23
+
24
+ PKCS11_DEFINE_STRUCT(CK_MECH_TYPE_AND_OBJECT);
25
+ PKCS11_DEFINE_MEMBER(CK_MECH_TYPE_AND_OBJECT, mechanism);
26
+ PKCS11_DEFINE_MEMBER(CK_MECH_TYPE_AND_OBJECT, obj);
27
+
28
+ PKCS11_DEFINE_STRUCT(CK_MECH_AND_OBJECTS);
29
+ PKCS11_DEFINE_MEMBER(CK_MECH_AND_OBJECTS, mechanism);
30
+
31
+ PKCS11_DEFINE_STRUCT(CK_PKCS_7_PARAMS);
32
+ PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, flags);
33
+ PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, length);
34
+ PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, signature);
35
+ PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, encryption);
36
+ PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, extensions);
37
+
38
+ PKCS11_DEFINE_STRUCT(CK_PP_LOAD_SECRET_PARAMS);
39
+ PKCS11_DEFINE_MEMBER(CK_PP_LOAD_SECRET_PARAMS, prompt);
40
+ PKCS11_DEFINE_MEMBER(CK_PP_LOAD_SECRET_PARAMS, bMaskInput);
41
+ PKCS11_DEFINE_MEMBER(CK_PP_LOAD_SECRET_PARAMS, cConvert);
42
+ /* unimplemented attr CK_CHAR cTimeout */
43
+ /* unimplemented attr CK_CHAR reserved */
44
+
45
+ PKCS11_DEFINE_STRUCT(CK_REPLICATE_TOKEN_PARAMS);
46
+ PKCS11_DEFINE_MEMBER(CK_REPLICATE_TOKEN_PARAMS, peerId);
47
+
48
+ PKCS11_DEFINE_STRUCT(CK_SECRET_SHARE_PARAMS);
49
+ PKCS11_DEFINE_MEMBER(CK_SECRET_SHARE_PARAMS, n);
50
+ PKCS11_DEFINE_MEMBER(CK_SECRET_SHARE_PARAMS, m);
51
+
52
+ PKCS11_DEFINE_STRUCT(CK_PKCS12_PBE_EXPORT_PARAMS);
53
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, passwordAuthSafe);
54
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, passwordHMAC);
55
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, keyCert);
56
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, safeBagKgMech);
57
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, safeContentKgMech);
58
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, hmacKgMech);
59
+
60
+ PKCS11_DEFINE_STRUCT(CK_PKCS12_PBE_IMPORT_PARAMS);
61
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_IMPORT_PARAMS, certAttr);
62
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_IMPORT_PARAMS, passwordAuthSafe);
63
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_IMPORT_PARAMS, passwordHMAC);
64
+ /* unimplemented attr CK_OBJECT_HANDLE_PTR hCert */
65
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_IMPORT_PARAMS, hCertCount);
66
+
67
+ PKCS11_DEFINE_STRUCT(CK_ECIES_PARAMS);
68
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, pSharedData1);
69
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, pSharedData2);
70
+ /* unimplemented attr CK_EC_DH_PRIMITIVE dhPrimitive */
71
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, kdf);
72
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulSharedDataLen1);
73
+ /* unimplemented attr CK_EC_ENC_SCHEME encScheme */
74
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulEncKeyLenInBits);
75
+ /* unimplemented attr CK_EC_MAC_SCHEME macScheme */
76
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulMacKeyLenInBits);
77
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulMacLenInBits);
78
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulSharedDataLen2);
79
+
@@ -0,0 +1,79 @@
1
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_DES_CBC_PARAMS);
2
+ PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES_CBC_PARAMS, iv);
3
+ PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES_CBC_PARAMS, data);
4
+
5
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_DES2_CBC_PARAMS);
6
+ PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES2_CBC_PARAMS, iv);
7
+ PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES2_CBC_PARAMS, data);
8
+
9
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_DES3_CBC_PARAMS);
10
+ PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES3_CBC_PARAMS, iv);
11
+ PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES3_CBC_PARAMS, data);
12
+
13
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_TIMESTAMP_PARAMS);
14
+ PKCS11_IMPLEMENT_BOOL_ACCESSOR(CK_TIMESTAMP_PARAMS, useMilliseconds);
15
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_TIMESTAMP_PARAMS, timestampFormat);
16
+
17
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_ATTRIBUTES);
18
+ PKCS11_IMPLEMENT_PKCS11_STRUCT_PTR_ARRAY_ACCESSOR(CK_ATTRIBUTES, CK_ATTRIBUTE, attributes, count);
19
+
20
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_MECH_AND_OBJECT);
21
+ PKCS11_IMPLEMENT_PKCS11_STRUCT_ACCESSOR(CK_MECH_AND_OBJECT, CK_MECHANISM, mechanism);
22
+ PKCS11_IMPLEMENT_HANDLE_ACCESSOR(CK_MECH_AND_OBJECT, obj);
23
+
24
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_MECH_TYPE_AND_OBJECT);
25
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_MECH_TYPE_AND_OBJECT, mechanism);
26
+ PKCS11_IMPLEMENT_HANDLE_ACCESSOR(CK_MECH_TYPE_AND_OBJECT, obj);
27
+
28
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_MECH_AND_OBJECTS);
29
+ PKCS11_IMPLEMENT_STRUCT_PTR_ARRAY_ACCESSOR(CK_MECH_AND_OBJECTS, CK_MECH_AND_OBJECT, mechanism, count);
30
+
31
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_PKCS_7_PARAMS);
32
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS_7_PARAMS, flags);
33
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS_7_PARAMS, length);
34
+ PKCS11_IMPLEMENT_STRUCT_ACCESSOR(CK_PKCS_7_PARAMS, CK_MECH_AND_OBJECTS, signature);
35
+ PKCS11_IMPLEMENT_STRUCT_ACCESSOR(CK_PKCS_7_PARAMS, CK_MECH_AND_OBJECTS, encryption);
36
+ PKCS11_IMPLEMENT_STRUCT_ACCESSOR(CK_PKCS_7_PARAMS, CK_ATTRIBUTES, extensions);
37
+
38
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_PP_LOAD_SECRET_PARAMS);
39
+ PKCS11_IMPLEMENT_STRING_PTR_ACCESSOR(CK_PP_LOAD_SECRET_PARAMS, prompt);
40
+ PKCS11_IMPLEMENT_BOOL_ACCESSOR(CK_PP_LOAD_SECRET_PARAMS, bMaskInput);
41
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PP_LOAD_SECRET_PARAMS, cConvert);
42
+ /* unimplemented attr CK_CHAR cTimeout */
43
+ /* unimplemented attr CK_CHAR reserved */
44
+
45
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_REPLICATE_TOKEN_PARAMS);
46
+ PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_REPLICATE_TOKEN_PARAMS, peerId);
47
+
48
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_SECRET_SHARE_PARAMS);
49
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_SECRET_SHARE_PARAMS, n);
50
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_SECRET_SHARE_PARAMS, m);
51
+
52
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_PKCS12_PBE_EXPORT_PARAMS);
53
+ PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, passwordAuthSafe, passwordAuthSafeLen);
54
+ PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, passwordHMAC, passwordHMACLen);
55
+ PKCS11_IMPLEMENT_HANDLE_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, keyCert);
56
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, safeBagKgMech);
57
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, safeContentKgMech);
58
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, hmacKgMech);
59
+
60
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_PKCS12_PBE_IMPORT_PARAMS);
61
+ PKCS11_IMPLEMENT_PKCS11_STRUCT_PTR_ARRAY_ACCESSOR(CK_PKCS12_PBE_IMPORT_PARAMS, CK_ATTRIBUTE, certAttr, certAttrCount);
62
+ PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(CK_PKCS12_PBE_IMPORT_PARAMS, passwordAuthSafe, passwordAuthSafeLen);
63
+ PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(CK_PKCS12_PBE_IMPORT_PARAMS, passwordHMAC, passwordHMACLen);
64
+ /* unimplemented attr CK_OBJECT_HANDLE_PTR hCert */
65
+ PKCS11_IMPLEMENT_ULONG_PTR_ACCESSOR(CK_PKCS12_PBE_IMPORT_PARAMS, hCertCount);
66
+
67
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_ECIES_PARAMS);
68
+ PKCS11_IMPLEMENT_STRING_PTR_ACCESSOR(CK_ECIES_PARAMS, pSharedData1);
69
+ PKCS11_IMPLEMENT_STRING_PTR_ACCESSOR(CK_ECIES_PARAMS, pSharedData2);
70
+ /* unimplemented attr CK_EC_DH_PRIMITIVE dhPrimitive */
71
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, kdf);
72
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulSharedDataLen1);
73
+ /* unimplemented attr CK_EC_ENC_SCHEME encScheme */
74
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulEncKeyLenInBits);
75
+ /* unimplemented attr CK_EC_MAC_SCHEME macScheme */
76
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulMacKeyLenInBits);
77
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulMacLenInBits);
78
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulSharedDataLen2);
79
+
@@ -0,0 +1,11 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ # Extend the search path for Windows binary gem, depending of the current ruby version
4
+ major_minor = RUBY_VERSION[ /^(\d+\.\d+)/ ] or
5
+ raise "Oops, can't extract the major/minor version from #{RUBY_VERSION.dump}"
6
+ $: << File.join(File.dirname(__FILE__), major_minor)
7
+
8
+ require 'rubygems'
9
+ require 'pkcs11'
10
+ require 'pkcs11_protect_server_ext'
11
+ require 'pkcs11_protect_server/extensions'
@@ -0,0 +1,113 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ module PKCS11
4
+ module ProtectServer
5
+ # Derive CK_ATTRIBUTE to get converted attributes.
6
+ class CK_ATTRIBUTE < PKCS11::CK_ATTRIBUTE
7
+ ATTRIBUTES = {
8
+ CKA_EXPORT => :bool,
9
+ CKA_EXPORTABLE => :bool,
10
+ CKA_TRUSTED => :bool,
11
+ CKA_DELETABLE => :bool,
12
+ CKA_SIGN_LOCAL_CERT => :bool,
13
+ CKA_IMPORT => :bool,
14
+ CKA_USAGE_COUNT => :ulong,
15
+ CKA_KEY_SIZE => :ulong,
16
+ }
17
+
18
+ def value
19
+ case ATTRIBUTES[type]
20
+ when :bool
21
+ super != "\0"
22
+ when :ulong
23
+ super.unpack("L!")[0]
24
+ else
25
+ super
26
+ end
27
+ end
28
+ end
29
+
30
+ # A ProtectServer::Library instance holds a handle to the opened +cryptoki.dll+ or +cryptoki.so+ file.
31
+ #
32
+ # This class is derived from
33
+ # PKCS11::Library[http://pkcs11.rubyforge.org/pkcs11/PKCS11/Library.html] of pkcs11.gem.
34
+ class Library < PKCS11::Library
35
+ MechanismParameters = {
36
+ CKM_DES_DERIVE_CBC => CK_DES_CBC_PARAMS,
37
+ CKM_DES3_DERIVE_CBC => CK_DES3_CBC_PARAMS,
38
+ CKM_ECIES => CK_ECIES_PARAMS,
39
+ CKM_ENCODE_X_509 => CK_MECH_TYPE_AND_OBJECT,
40
+ CKM_PKCS12_PBE_EXPORT => CK_PKCS12_PBE_EXPORT_PARAMS,
41
+ CKM_PKCS12_PBE_IMPORT => CK_PKCS12_PBE_IMPORT_PARAMS,
42
+ CKM_PP_LOAD_SECRET => CK_PP_LOAD_SECRET_PARAMS,
43
+ CKM_REPLICATE_TOKEN_RSA_AES => CK_REPLICATE_TOKEN_PARAMS,
44
+ CKM_SECRET_RECOVER_WITH_ATTRIBUTES => CK_SECRET_SHARE_PARAMS,
45
+ CKM_SHA1_RSA_PKCS_TIMESTAMP => CK_TIMESTAMP_PARAMS,
46
+ }
47
+
48
+ # Path and file name of the loaded cryptoki library.
49
+ attr_reader :so_path
50
+
51
+ # Load and initialize a pkcs11 dynamic library with Safenet Protect Server extensions.
52
+ #
53
+ # Set +so_path+ to +:hsm+, +:sw+ or +:logger+ in order to autodetect the cryptoki-HSM or
54
+ # software emulation library file.
55
+ #
56
+ # @param [String, Symbol, nil] so_path Shortcut-Symbol or path to the *.so or *.dll file to load.
57
+ # @param [Hash, CK_C_INITIALIZE_ARGS] args A Hash or CK_C_INITIALIZE_ARGS instance with load params.
58
+ #
59
+ # See also PKCS11::Library#initialize[http://pkcs11.rubyforge.org/pkcs11/PKCS11/Library.html#initialize-instance_method] of pkcs11.gem
60
+ def initialize(so_path = nil, args = {})
61
+ if [:sw, :hsm].include?(so_path)
62
+ if RUBY_PLATFORM =~ /mswin|mingw/
63
+ libctsw_so = "cryptoki.dll"
64
+ libctsw_so_paths = [
65
+ File.join(ENV['ProgramFiles'], "SafeNet/ProtectToolkit C SDK/bin/#{so_path}"),
66
+ ]
67
+ else
68
+ libctsw_so = "libct#{so_path}.so"
69
+ libctsw_so_paths = [
70
+ "/opt/ETcpsdk/lib/linux-i386",
71
+ "/opt/ETcpsdk/lib/linux-x86_64",
72
+ "/opt/PTK/lib",
73
+ ]
74
+ end
75
+
76
+ unless so_path=ENV['CRYPTOKI_SO']
77
+ paths = libctsw_so_paths.collect{|path| File.join(path, libctsw_so) }
78
+ so_path = paths.find{|path| File.exist?(path) }
79
+ end
80
+
81
+ raise "#{libctsw_so} not found - please install ProtectServer PTK-C or set ENV['CRYPTOKI_SO']" unless so_path
82
+ end
83
+
84
+ @so_path = so_path
85
+ super(so_path, args)
86
+ end
87
+
88
+ def vendor_const_get(name)
89
+ return ProtectServer.const_get(name) if ProtectServer.const_defined?(name)
90
+ super
91
+ end
92
+
93
+ def vendor_all_attribute_names
94
+ return ProtectServer::ATTRIBUTES.values + super
95
+ end
96
+
97
+ def vendor_mechanism_parameter_struct(mech)
98
+ MechanismParameters[mech] || super
99
+ end
100
+
101
+ def vendor_raise_on_return_value(rv)
102
+ if ex=ProtectServer::RETURN_VALUES[rv]
103
+ raise(ex, rv.to_s)
104
+ end
105
+ super
106
+ end
107
+
108
+ def vendor_class_CK_ATTRIBUTE
109
+ ProtectServer::CK_ATTRIBUTE
110
+ end
111
+ end
112
+ end
113
+ end
data/test/helper.rb ADDED
@@ -0,0 +1,14 @@
1
+ def open_ctsw
2
+ PKCS11::ProtectServer::Library.new(:sw, :flags=>0)
3
+ end
4
+
5
+ def adjust_parity(data)
6
+ out = []
7
+ count_digit = "1"
8
+ data.each_byte{|b|
9
+ b &= 0xfe
10
+ b |= 1 if b.to_s(2).count(count_digit) % 2 == 0
11
+ out << b
12
+ }
13
+ return out.pack("C*")
14
+ end
@@ -0,0 +1,50 @@
1
+ require "test/unit"
2
+ require "pkcs11_protect_server"
3
+ require "test/helper"
4
+
5
+ class TestPkcs11ProtectServer < Test::Unit::TestCase
6
+ include PKCS11
7
+
8
+ def test_CStruct
9
+ s = ProtectServer::CK_SECRET_SHARE_PARAMS.new
10
+ s.n, s.m = 2, 3
11
+
12
+ assert_match( /m=3/, s.inspect, 'There should be a n value in CK_SECRET_SHARE_PARAMS')
13
+ assert_equal ["n", "m"], s.members, 'CK_SECRET_SHARE_PARAMS should contain some attributes'
14
+ assert_equal [2, 3], s.values, 'values of CK_SECRET_SHARE_PARAMS'
15
+ assert_equal( {:n=>2, :m=>3}, s.to_hash, 'CK_SECRET_SHARE_PARAMS as hash' )
16
+ end
17
+
18
+ def test_CK_PKCS12_PBE_IMPORT_PARAMS
19
+ s = ProtectServer::CK_PKCS12_PBE_IMPORT_PARAMS.new
20
+ assert_equal [], s.certAttr
21
+ s1 = CK_ATTRIBUTE.new ProtectServer::CKA_EXPORT, true
22
+ s2 = CK_ATTRIBUTE.new ProtectServer::CKA_EXPORTABLE, false
23
+ s.certAttr = [s1, s2]
24
+ assert_equal [s1.to_hash, s2.to_hash], s.certAttr.map{|e| e.to_hash }
25
+ GC.start
26
+ assert_raise(ArgumentError){ s.certAttr = [s1, s2, nil] }
27
+ assert_equal [s1.to_hash, s2.to_hash], s.certAttr.map{|e| e.to_hash }
28
+
29
+ s.certAttr = []
30
+ assert_equal [], s.certAttr
31
+ end
32
+
33
+ def test_constants
34
+ assert_equal 0x80000990, ProtectServer::CKM_OS_UPGRADE, "CKM_OS_UPGRADE should be defined"
35
+ assert_equal 0x80000128, ProtectServer::CKA_EXPORT, "CKA_EXPORT should be defined"
36
+ assert_equal 0x80000129, ProtectServer::CKA_EXPORTABLE, "CKA_EXPORTABLE should be defined"
37
+ assert ProtectServer::CKR_ET_NOT_ODD_PARITY.ancestors.include?(PKCS11::Error), "CKR_ET_NOT_ODD_PARITY should be defined"
38
+ assert_equal 0x8000020c, ProtectServer::CKO_FM, "CKO_FM should be defined"
39
+ end
40
+
41
+ def test_loading
42
+ pk = PKCS11::ProtectServer::Library.new(:sw, :flags=>0)
43
+ so_path = pk.so_path
44
+ pk.close
45
+ assert !so_path.empty?, "Used path shouldn't be empty"
46
+
47
+ pk = PKCS11::ProtectServer::Library.new(so_path, :flags=>0)
48
+ pk.close
49
+ end
50
+ end
@@ -0,0 +1,103 @@
1
+ require "test/unit"
2
+ require "pkcs11_protect_server"
3
+ require "test/helper"
4
+
5
+ class TestPkcs11ProtectServerCrypt < Test::Unit::TestCase
6
+ include PKCS11
7
+ attr_reader :slots
8
+ attr_reader :slot
9
+ attr_reader :session
10
+ attr_reader :secret_key
11
+
12
+ def setup
13
+ $pkcs11 ||= open_ctsw
14
+ @slots = pk.active_slots
15
+ @slot = slots.first
16
+
17
+ # Init SO-PIN if not already done.
18
+ if slot.token_info.flags & CKF_TOKEN_INITIALIZED == 0
19
+ slot.init_token('1234', 'test-token')
20
+ assert_match(/^test-token/, slot.token_info.label, "Token label should be set now")
21
+ end
22
+ assert_equal CKF_TOKEN_INITIALIZED, slot.token_info.flags & CKF_TOKEN_INITIALIZED, "Token should be initialized"
23
+
24
+ # Init USER-PIN if not already done.
25
+ if slot.token_info.flags & CKF_USER_PIN_INITIALIZED == 0
26
+ s = slot.open(CKF_SERIAL_SESSION | CKF_RW_SESSION)
27
+ assert_equal CKF_RW_SESSION, s.info.flags & CKF_RW_SESSION, "Session should be read/write"
28
+ assert_equal CKS_RW_PUBLIC_SESSION, s.info.state, "Session should be in logoff state"
29
+ s.login(:SO, '1234')
30
+ assert_equal CKS_RW_SO_FUNCTIONS, s.info.state, "Session should be in SO state"
31
+ s.init_pin('1234')
32
+ s.close
33
+ end
34
+ assert_equal CKF_USER_PIN_INITIALIZED, slot.token_info.flags & CKF_USER_PIN_INITIALIZED, "User PIN should be initialized"
35
+
36
+ @session = slot.open
37
+ assert_equal CKS_RO_PUBLIC_SESSION, session.info.state, "Session should be in logoff state"
38
+ session.login(:USER, ENV['CRYPTOKI_PIN'] || '1234')
39
+ assert_equal CKS_RO_USER_FUNCTIONS, session.info.state, "Session should be in USER state"
40
+
41
+ @secret_key = session.create_object(
42
+ :CLASS=>CKO_SECRET_KEY,
43
+ :KEY_TYPE=>CKK_DES2,
44
+ :ENCRYPT=>true, :WRAP=>true, :DECRYPT=>true, :UNWRAP=>true, :TOKEN=>false, :DERIVE=>true,
45
+ :USAGE_COUNT=>0, :EXPORTABLE=>true,
46
+ :VALUE=>adjust_parity("0123456789abcdef"),
47
+ :LABEL=>'test_secret_key')
48
+ end
49
+
50
+ def teardown
51
+ @secret_key.destroy
52
+ @session.logout
53
+ @session.close
54
+ end
55
+
56
+ def pk
57
+ $pkcs11
58
+ end
59
+
60
+ def test_bad_parity
61
+ assert_raise(ProtectServer::CKR_ET_NOT_ODD_PARITY) do
62
+ session.create_object(
63
+ :CLASS=>CKO_SECRET_KEY,
64
+ :KEY_TYPE=>CKK_DES2,
65
+ :VALUE=>"0123456789abcdef",
66
+ :LABEL=>'test_secret_key2')
67
+ end
68
+ end
69
+
70
+ def test_derive_des_cbc
71
+ pa = ProtectServer::CK_DES3_CBC_PARAMS.new
72
+ pa.data = "1"*16
73
+ pa.iv = "2"*8
74
+
75
+ new_key1 = session.derive_key( {ProtectServer::CKM_DES3_DERIVE_CBC => pa}, secret_key,
76
+ :CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_DES2, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>false )
77
+ assert_not_equal secret_key[:VALUE], new_key1[:VALUE], 'Derived key shouldn\'t have equal key value'
78
+
79
+ new_key2 = session.derive_key( {:DES3_DERIVE_CBC => {:data=>"1"*16, :iv=>"2"*16}}, secret_key,
80
+ :CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_DES2, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>false )
81
+ assert_equal new_key1[:VALUE], new_key2[:VALUE], 'Both derived key should be equal'
82
+
83
+ encrypted_key_value = session.encrypt( {:DES3_CBC => "2"*8}, secret_key, "1"*16)
84
+ encrypted_key_value = adjust_parity(encrypted_key_value)
85
+ assert_equal new_key1[:VALUE], encrypted_key_value, 'Encrypted data should equal derived key value'
86
+
87
+ assert_equal 3, secret_key[:USAGE_COUNT], 'The secret key should be used 3 times'
88
+ end
89
+
90
+
91
+ def test_attributes
92
+ assert_equal true, secret_key[:EXPORTABLE], 'CKA_EXTRACTABLE should be usable'
93
+ secret_key[:EXPORTABLE] = false
94
+ assert_equal false, secret_key[:EXPORTABLE], 'CKA_EXTRACTABLE should be usable'
95
+
96
+ assert_equal 0, secret_key[:USAGE_COUNT], 'CKA_USAGE_COUNT should be usable'
97
+ secret_key[:USAGE_COUNT] = 5
98
+ assert_equal 5, secret_key[:USAGE_COUNT], 'CKA_USAGE_COUNT should be usable'
99
+
100
+ assert_equal false, secret_key[:IMPORT], 'CKA_IMPORT should default to false'
101
+ assert_not_nil secret_key.attributes.find{|a| a.type==ProtectServer::CKA_EXPORT}, 'CKA_EXPORT should be returned for Object#attributes'
102
+ end
103
+ end