pkcs11_protect_server 0.2.2-x86-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,79 @@
1
+ PKCS11_DEFINE_STRUCT(CK_DES_CBC_PARAMS);
2
+ PKCS11_DEFINE_MEMBER(CK_DES_CBC_PARAMS, iv);
3
+ PKCS11_DEFINE_MEMBER(CK_DES_CBC_PARAMS, data);
4
+
5
+ PKCS11_DEFINE_STRUCT(CK_DES2_CBC_PARAMS);
6
+ PKCS11_DEFINE_MEMBER(CK_DES2_CBC_PARAMS, iv);
7
+ PKCS11_DEFINE_MEMBER(CK_DES2_CBC_PARAMS, data);
8
+
9
+ PKCS11_DEFINE_STRUCT(CK_DES3_CBC_PARAMS);
10
+ PKCS11_DEFINE_MEMBER(CK_DES3_CBC_PARAMS, iv);
11
+ PKCS11_DEFINE_MEMBER(CK_DES3_CBC_PARAMS, data);
12
+
13
+ PKCS11_DEFINE_STRUCT(CK_TIMESTAMP_PARAMS);
14
+ PKCS11_DEFINE_MEMBER(CK_TIMESTAMP_PARAMS, useMilliseconds);
15
+ PKCS11_DEFINE_MEMBER(CK_TIMESTAMP_PARAMS, timestampFormat);
16
+
17
+ PKCS11_DEFINE_STRUCT(CK_ATTRIBUTES);
18
+ PKCS11_DEFINE_MEMBER(CK_ATTRIBUTES, attributes);
19
+
20
+ PKCS11_DEFINE_STRUCT(CK_MECH_AND_OBJECT);
21
+ PKCS11_DEFINE_MEMBER(CK_MECH_AND_OBJECT, mechanism);
22
+ PKCS11_DEFINE_MEMBER(CK_MECH_AND_OBJECT, obj);
23
+
24
+ PKCS11_DEFINE_STRUCT(CK_MECH_TYPE_AND_OBJECT);
25
+ PKCS11_DEFINE_MEMBER(CK_MECH_TYPE_AND_OBJECT, mechanism);
26
+ PKCS11_DEFINE_MEMBER(CK_MECH_TYPE_AND_OBJECT, obj);
27
+
28
+ PKCS11_DEFINE_STRUCT(CK_MECH_AND_OBJECTS);
29
+ PKCS11_DEFINE_MEMBER(CK_MECH_AND_OBJECTS, mechanism);
30
+
31
+ PKCS11_DEFINE_STRUCT(CK_PKCS_7_PARAMS);
32
+ PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, flags);
33
+ PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, length);
34
+ PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, signature);
35
+ PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, encryption);
36
+ PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, extensions);
37
+
38
+ PKCS11_DEFINE_STRUCT(CK_PP_LOAD_SECRET_PARAMS);
39
+ PKCS11_DEFINE_MEMBER(CK_PP_LOAD_SECRET_PARAMS, prompt);
40
+ PKCS11_DEFINE_MEMBER(CK_PP_LOAD_SECRET_PARAMS, bMaskInput);
41
+ PKCS11_DEFINE_MEMBER(CK_PP_LOAD_SECRET_PARAMS, cConvert);
42
+ /* unimplemented attr CK_CHAR cTimeout */
43
+ /* unimplemented attr CK_CHAR reserved */
44
+
45
+ PKCS11_DEFINE_STRUCT(CK_REPLICATE_TOKEN_PARAMS);
46
+ PKCS11_DEFINE_MEMBER(CK_REPLICATE_TOKEN_PARAMS, peerId);
47
+
48
+ PKCS11_DEFINE_STRUCT(CK_SECRET_SHARE_PARAMS);
49
+ PKCS11_DEFINE_MEMBER(CK_SECRET_SHARE_PARAMS, n);
50
+ PKCS11_DEFINE_MEMBER(CK_SECRET_SHARE_PARAMS, m);
51
+
52
+ PKCS11_DEFINE_STRUCT(CK_PKCS12_PBE_EXPORT_PARAMS);
53
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, passwordAuthSafe);
54
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, passwordHMAC);
55
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, keyCert);
56
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, safeBagKgMech);
57
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, safeContentKgMech);
58
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, hmacKgMech);
59
+
60
+ PKCS11_DEFINE_STRUCT(CK_PKCS12_PBE_IMPORT_PARAMS);
61
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_IMPORT_PARAMS, certAttr);
62
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_IMPORT_PARAMS, passwordAuthSafe);
63
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_IMPORT_PARAMS, passwordHMAC);
64
+ /* unimplemented attr CK_OBJECT_HANDLE_PTR hCert */
65
+ PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_IMPORT_PARAMS, hCertCount);
66
+
67
+ PKCS11_DEFINE_STRUCT(CK_ECIES_PARAMS);
68
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, pSharedData1);
69
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, pSharedData2);
70
+ /* unimplemented attr CK_EC_DH_PRIMITIVE dhPrimitive */
71
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, kdf);
72
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulSharedDataLen1);
73
+ /* unimplemented attr CK_EC_ENC_SCHEME encScheme */
74
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulEncKeyLenInBits);
75
+ /* unimplemented attr CK_EC_MAC_SCHEME macScheme */
76
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulMacKeyLenInBits);
77
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulMacLenInBits);
78
+ PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulSharedDataLen2);
79
+
@@ -0,0 +1,79 @@
1
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_DES_CBC_PARAMS);
2
+ PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES_CBC_PARAMS, iv);
3
+ PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES_CBC_PARAMS, data);
4
+
5
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_DES2_CBC_PARAMS);
6
+ PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES2_CBC_PARAMS, iv);
7
+ PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES2_CBC_PARAMS, data);
8
+
9
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_DES3_CBC_PARAMS);
10
+ PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES3_CBC_PARAMS, iv);
11
+ PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES3_CBC_PARAMS, data);
12
+
13
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_TIMESTAMP_PARAMS);
14
+ PKCS11_IMPLEMENT_BOOL_ACCESSOR(CK_TIMESTAMP_PARAMS, useMilliseconds);
15
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_TIMESTAMP_PARAMS, timestampFormat);
16
+
17
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_ATTRIBUTES);
18
+ PKCS11_IMPLEMENT_PKCS11_STRUCT_PTR_ARRAY_ACCESSOR(CK_ATTRIBUTES, CK_ATTRIBUTE, attributes, count);
19
+
20
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_MECH_AND_OBJECT);
21
+ PKCS11_IMPLEMENT_PKCS11_STRUCT_ACCESSOR(CK_MECH_AND_OBJECT, CK_MECHANISM, mechanism);
22
+ PKCS11_IMPLEMENT_HANDLE_ACCESSOR(CK_MECH_AND_OBJECT, obj);
23
+
24
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_MECH_TYPE_AND_OBJECT);
25
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_MECH_TYPE_AND_OBJECT, mechanism);
26
+ PKCS11_IMPLEMENT_HANDLE_ACCESSOR(CK_MECH_TYPE_AND_OBJECT, obj);
27
+
28
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_MECH_AND_OBJECTS);
29
+ PKCS11_IMPLEMENT_STRUCT_PTR_ARRAY_ACCESSOR(CK_MECH_AND_OBJECTS, CK_MECH_AND_OBJECT, mechanism, count);
30
+
31
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_PKCS_7_PARAMS);
32
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS_7_PARAMS, flags);
33
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS_7_PARAMS, length);
34
+ PKCS11_IMPLEMENT_STRUCT_ACCESSOR(CK_PKCS_7_PARAMS, CK_MECH_AND_OBJECTS, signature);
35
+ PKCS11_IMPLEMENT_STRUCT_ACCESSOR(CK_PKCS_7_PARAMS, CK_MECH_AND_OBJECTS, encryption);
36
+ PKCS11_IMPLEMENT_STRUCT_ACCESSOR(CK_PKCS_7_PARAMS, CK_ATTRIBUTES, extensions);
37
+
38
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_PP_LOAD_SECRET_PARAMS);
39
+ PKCS11_IMPLEMENT_STRING_PTR_ACCESSOR(CK_PP_LOAD_SECRET_PARAMS, prompt);
40
+ PKCS11_IMPLEMENT_BOOL_ACCESSOR(CK_PP_LOAD_SECRET_PARAMS, bMaskInput);
41
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PP_LOAD_SECRET_PARAMS, cConvert);
42
+ /* unimplemented attr CK_CHAR cTimeout */
43
+ /* unimplemented attr CK_CHAR reserved */
44
+
45
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_REPLICATE_TOKEN_PARAMS);
46
+ PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_REPLICATE_TOKEN_PARAMS, peerId);
47
+
48
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_SECRET_SHARE_PARAMS);
49
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_SECRET_SHARE_PARAMS, n);
50
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_SECRET_SHARE_PARAMS, m);
51
+
52
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_PKCS12_PBE_EXPORT_PARAMS);
53
+ PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, passwordAuthSafe, passwordAuthSafeLen);
54
+ PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, passwordHMAC, passwordHMACLen);
55
+ PKCS11_IMPLEMENT_HANDLE_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, keyCert);
56
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, safeBagKgMech);
57
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, safeContentKgMech);
58
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, hmacKgMech);
59
+
60
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_PKCS12_PBE_IMPORT_PARAMS);
61
+ PKCS11_IMPLEMENT_PKCS11_STRUCT_PTR_ARRAY_ACCESSOR(CK_PKCS12_PBE_IMPORT_PARAMS, CK_ATTRIBUTE, certAttr, certAttrCount);
62
+ PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(CK_PKCS12_PBE_IMPORT_PARAMS, passwordAuthSafe, passwordAuthSafeLen);
63
+ PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(CK_PKCS12_PBE_IMPORT_PARAMS, passwordHMAC, passwordHMACLen);
64
+ /* unimplemented attr CK_OBJECT_HANDLE_PTR hCert */
65
+ PKCS11_IMPLEMENT_ULONG_PTR_ACCESSOR(CK_PKCS12_PBE_IMPORT_PARAMS, hCertCount);
66
+
67
+ PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_ECIES_PARAMS);
68
+ PKCS11_IMPLEMENT_STRING_PTR_ACCESSOR(CK_ECIES_PARAMS, pSharedData1);
69
+ PKCS11_IMPLEMENT_STRING_PTR_ACCESSOR(CK_ECIES_PARAMS, pSharedData2);
70
+ /* unimplemented attr CK_EC_DH_PRIMITIVE dhPrimitive */
71
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, kdf);
72
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulSharedDataLen1);
73
+ /* unimplemented attr CK_EC_ENC_SCHEME encScheme */
74
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulEncKeyLenInBits);
75
+ /* unimplemented attr CK_EC_MAC_SCHEME macScheme */
76
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulMacKeyLenInBits);
77
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulMacLenInBits);
78
+ PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulSharedDataLen2);
79
+
@@ -0,0 +1,11 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ # Extend the search path for Windows binary gem, depending of the current ruby version
4
+ major_minor = RUBY_VERSION[ /^(\d+\.\d+)/ ] or
5
+ raise "Oops, can't extract the major/minor version from #{RUBY_VERSION.dump}"
6
+ $: << File.join(File.dirname(__FILE__), major_minor)
7
+
8
+ require 'rubygems'
9
+ require 'pkcs11'
10
+ require 'pkcs11_protect_server_ext'
11
+ require 'pkcs11_protect_server/extensions'
@@ -0,0 +1,113 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ module PKCS11
4
+ module ProtectServer
5
+ # Derive CK_ATTRIBUTE to get converted attributes.
6
+ class CK_ATTRIBUTE < PKCS11::CK_ATTRIBUTE
7
+ ATTRIBUTES = {
8
+ CKA_EXPORT => :bool,
9
+ CKA_EXPORTABLE => :bool,
10
+ CKA_TRUSTED => :bool,
11
+ CKA_DELETABLE => :bool,
12
+ CKA_SIGN_LOCAL_CERT => :bool,
13
+ CKA_IMPORT => :bool,
14
+ CKA_USAGE_COUNT => :ulong,
15
+ CKA_KEY_SIZE => :ulong,
16
+ }
17
+
18
+ def value
19
+ case ATTRIBUTES[type]
20
+ when :bool
21
+ super != "\0"
22
+ when :ulong
23
+ super.unpack("L!")[0]
24
+ else
25
+ super
26
+ end
27
+ end
28
+ end
29
+
30
+ # A ProtectServer::Library instance holds a handle to the opened +cryptoki.dll+ or +cryptoki.so+ file.
31
+ #
32
+ # This class is derived from
33
+ # PKCS11::Library[http://pkcs11.rubyforge.org/pkcs11/PKCS11/Library.html] of pkcs11.gem.
34
+ class Library < PKCS11::Library
35
+ MechanismParameters = {
36
+ CKM_DES_DERIVE_CBC => CK_DES_CBC_PARAMS,
37
+ CKM_DES3_DERIVE_CBC => CK_DES3_CBC_PARAMS,
38
+ CKM_ECIES => CK_ECIES_PARAMS,
39
+ CKM_ENCODE_X_509 => CK_MECH_TYPE_AND_OBJECT,
40
+ CKM_PKCS12_PBE_EXPORT => CK_PKCS12_PBE_EXPORT_PARAMS,
41
+ CKM_PKCS12_PBE_IMPORT => CK_PKCS12_PBE_IMPORT_PARAMS,
42
+ CKM_PP_LOAD_SECRET => CK_PP_LOAD_SECRET_PARAMS,
43
+ CKM_REPLICATE_TOKEN_RSA_AES => CK_REPLICATE_TOKEN_PARAMS,
44
+ CKM_SECRET_RECOVER_WITH_ATTRIBUTES => CK_SECRET_SHARE_PARAMS,
45
+ CKM_SHA1_RSA_PKCS_TIMESTAMP => CK_TIMESTAMP_PARAMS,
46
+ }
47
+
48
+ # Path and file name of the loaded cryptoki library.
49
+ attr_reader :so_path
50
+
51
+ # Load and initialize a pkcs11 dynamic library with Safenet Protect Server extensions.
52
+ #
53
+ # Set +so_path+ to +:hsm+, +:sw+ or +:logger+ in order to autodetect the cryptoki-HSM or
54
+ # software emulation library file.
55
+ #
56
+ # @param [String, Symbol, nil] so_path Shortcut-Symbol or path to the *.so or *.dll file to load.
57
+ # @param [Hash, CK_C_INITIALIZE_ARGS] args A Hash or CK_C_INITIALIZE_ARGS instance with load params.
58
+ #
59
+ # See also PKCS11::Library#initialize[http://pkcs11.rubyforge.org/pkcs11/PKCS11/Library.html#initialize-instance_method] of pkcs11.gem
60
+ def initialize(so_path = nil, args = {})
61
+ if [:sw, :hsm].include?(so_path)
62
+ if RUBY_PLATFORM =~ /mswin|mingw/
63
+ libctsw_so = "cryptoki.dll"
64
+ libctsw_so_paths = [
65
+ File.join(ENV['ProgramFiles'], "SafeNet/ProtectToolkit C SDK/bin/#{so_path}"),
66
+ ]
67
+ else
68
+ libctsw_so = "libct#{so_path}.so"
69
+ libctsw_so_paths = [
70
+ "/opt/ETcpsdk/lib/linux-i386",
71
+ "/opt/ETcpsdk/lib/linux-x86_64",
72
+ "/opt/PTK/lib",
73
+ ]
74
+ end
75
+
76
+ unless so_path=ENV['CRYPTOKI_SO']
77
+ paths = libctsw_so_paths.collect{|path| File.join(path, libctsw_so) }
78
+ so_path = paths.find{|path| File.exist?(path) }
79
+ end
80
+
81
+ raise "#{libctsw_so} not found - please install ProtectServer PTK-C or set ENV['CRYPTOKI_SO']" unless so_path
82
+ end
83
+
84
+ @so_path = so_path
85
+ super(so_path, args)
86
+ end
87
+
88
+ def vendor_const_get(name)
89
+ return ProtectServer.const_get(name) if ProtectServer.const_defined?(name)
90
+ super
91
+ end
92
+
93
+ def vendor_all_attribute_names
94
+ return ProtectServer::ATTRIBUTES.values + super
95
+ end
96
+
97
+ def vendor_mechanism_parameter_struct(mech)
98
+ MechanismParameters[mech] || super
99
+ end
100
+
101
+ def vendor_raise_on_return_value(rv)
102
+ if ex=ProtectServer::RETURN_VALUES[rv]
103
+ raise(ex, rv.to_s)
104
+ end
105
+ super
106
+ end
107
+
108
+ def vendor_class_CK_ATTRIBUTE
109
+ ProtectServer::CK_ATTRIBUTE
110
+ end
111
+ end
112
+ end
113
+ end
data/test/helper.rb ADDED
@@ -0,0 +1,14 @@
1
+ def open_ctsw
2
+ PKCS11::ProtectServer::Library.new(:sw, :flags=>0)
3
+ end
4
+
5
+ def adjust_parity(data)
6
+ out = []
7
+ count_digit = "1"
8
+ data.each_byte{|b|
9
+ b &= 0xfe
10
+ b |= 1 if b.to_s(2).count(count_digit) % 2 == 0
11
+ out << b
12
+ }
13
+ return out.pack("C*")
14
+ end
@@ -0,0 +1,50 @@
1
+ require "test/unit"
2
+ require "pkcs11_protect_server"
3
+ require "test/helper"
4
+
5
+ class TestPkcs11ProtectServer < Test::Unit::TestCase
6
+ include PKCS11
7
+
8
+ def test_CStruct
9
+ s = ProtectServer::CK_SECRET_SHARE_PARAMS.new
10
+ s.n, s.m = 2, 3
11
+
12
+ assert_match( /m=3/, s.inspect, 'There should be a n value in CK_SECRET_SHARE_PARAMS')
13
+ assert_equal ["n", "m"], s.members, 'CK_SECRET_SHARE_PARAMS should contain some attributes'
14
+ assert_equal [2, 3], s.values, 'values of CK_SECRET_SHARE_PARAMS'
15
+ assert_equal( {:n=>2, :m=>3}, s.to_hash, 'CK_SECRET_SHARE_PARAMS as hash' )
16
+ end
17
+
18
+ def test_CK_PKCS12_PBE_IMPORT_PARAMS
19
+ s = ProtectServer::CK_PKCS12_PBE_IMPORT_PARAMS.new
20
+ assert_equal [], s.certAttr
21
+ s1 = CK_ATTRIBUTE.new ProtectServer::CKA_EXPORT, true
22
+ s2 = CK_ATTRIBUTE.new ProtectServer::CKA_EXPORTABLE, false
23
+ s.certAttr = [s1, s2]
24
+ assert_equal [s1.to_hash, s2.to_hash], s.certAttr.map{|e| e.to_hash }
25
+ GC.start
26
+ assert_raise(ArgumentError){ s.certAttr = [s1, s2, nil] }
27
+ assert_equal [s1.to_hash, s2.to_hash], s.certAttr.map{|e| e.to_hash }
28
+
29
+ s.certAttr = []
30
+ assert_equal [], s.certAttr
31
+ end
32
+
33
+ def test_constants
34
+ assert_equal 0x80000990, ProtectServer::CKM_OS_UPGRADE, "CKM_OS_UPGRADE should be defined"
35
+ assert_equal 0x80000128, ProtectServer::CKA_EXPORT, "CKA_EXPORT should be defined"
36
+ assert_equal 0x80000129, ProtectServer::CKA_EXPORTABLE, "CKA_EXPORTABLE should be defined"
37
+ assert ProtectServer::CKR_ET_NOT_ODD_PARITY.ancestors.include?(PKCS11::Error), "CKR_ET_NOT_ODD_PARITY should be defined"
38
+ assert_equal 0x8000020c, ProtectServer::CKO_FM, "CKO_FM should be defined"
39
+ end
40
+
41
+ def test_loading
42
+ pk = PKCS11::ProtectServer::Library.new(:sw, :flags=>0)
43
+ so_path = pk.so_path
44
+ pk.close
45
+ assert !so_path.empty?, "Used path shouldn't be empty"
46
+
47
+ pk = PKCS11::ProtectServer::Library.new(so_path, :flags=>0)
48
+ pk.close
49
+ end
50
+ end
@@ -0,0 +1,103 @@
1
+ require "test/unit"
2
+ require "pkcs11_protect_server"
3
+ require "test/helper"
4
+
5
+ class TestPkcs11ProtectServerCrypt < Test::Unit::TestCase
6
+ include PKCS11
7
+ attr_reader :slots
8
+ attr_reader :slot
9
+ attr_reader :session
10
+ attr_reader :secret_key
11
+
12
+ def setup
13
+ $pkcs11 ||= open_ctsw
14
+ @slots = pk.active_slots
15
+ @slot = slots.first
16
+
17
+ # Init SO-PIN if not already done.
18
+ if slot.token_info.flags & CKF_TOKEN_INITIALIZED == 0
19
+ slot.init_token('1234', 'test-token')
20
+ assert_match(/^test-token/, slot.token_info.label, "Token label should be set now")
21
+ end
22
+ assert_equal CKF_TOKEN_INITIALIZED, slot.token_info.flags & CKF_TOKEN_INITIALIZED, "Token should be initialized"
23
+
24
+ # Init USER-PIN if not already done.
25
+ if slot.token_info.flags & CKF_USER_PIN_INITIALIZED == 0
26
+ s = slot.open(CKF_SERIAL_SESSION | CKF_RW_SESSION)
27
+ assert_equal CKF_RW_SESSION, s.info.flags & CKF_RW_SESSION, "Session should be read/write"
28
+ assert_equal CKS_RW_PUBLIC_SESSION, s.info.state, "Session should be in logoff state"
29
+ s.login(:SO, '1234')
30
+ assert_equal CKS_RW_SO_FUNCTIONS, s.info.state, "Session should be in SO state"
31
+ s.init_pin('1234')
32
+ s.close
33
+ end
34
+ assert_equal CKF_USER_PIN_INITIALIZED, slot.token_info.flags & CKF_USER_PIN_INITIALIZED, "User PIN should be initialized"
35
+
36
+ @session = slot.open
37
+ assert_equal CKS_RO_PUBLIC_SESSION, session.info.state, "Session should be in logoff state"
38
+ session.login(:USER, ENV['CRYPTOKI_PIN'] || '1234')
39
+ assert_equal CKS_RO_USER_FUNCTIONS, session.info.state, "Session should be in USER state"
40
+
41
+ @secret_key = session.create_object(
42
+ :CLASS=>CKO_SECRET_KEY,
43
+ :KEY_TYPE=>CKK_DES2,
44
+ :ENCRYPT=>true, :WRAP=>true, :DECRYPT=>true, :UNWRAP=>true, :TOKEN=>false, :DERIVE=>true,
45
+ :USAGE_COUNT=>0, :EXPORTABLE=>true,
46
+ :VALUE=>adjust_parity("0123456789abcdef"),
47
+ :LABEL=>'test_secret_key')
48
+ end
49
+
50
+ def teardown
51
+ @secret_key.destroy
52
+ @session.logout
53
+ @session.close
54
+ end
55
+
56
+ def pk
57
+ $pkcs11
58
+ end
59
+
60
+ def test_bad_parity
61
+ assert_raise(ProtectServer::CKR_ET_NOT_ODD_PARITY) do
62
+ session.create_object(
63
+ :CLASS=>CKO_SECRET_KEY,
64
+ :KEY_TYPE=>CKK_DES2,
65
+ :VALUE=>"0123456789abcdef",
66
+ :LABEL=>'test_secret_key2')
67
+ end
68
+ end
69
+
70
+ def test_derive_des_cbc
71
+ pa = ProtectServer::CK_DES3_CBC_PARAMS.new
72
+ pa.data = "1"*16
73
+ pa.iv = "2"*8
74
+
75
+ new_key1 = session.derive_key( {ProtectServer::CKM_DES3_DERIVE_CBC => pa}, secret_key,
76
+ :CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_DES2, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>false )
77
+ assert_not_equal secret_key[:VALUE], new_key1[:VALUE], 'Derived key shouldn\'t have equal key value'
78
+
79
+ new_key2 = session.derive_key( {:DES3_DERIVE_CBC => {:data=>"1"*16, :iv=>"2"*16}}, secret_key,
80
+ :CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_DES2, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>false )
81
+ assert_equal new_key1[:VALUE], new_key2[:VALUE], 'Both derived key should be equal'
82
+
83
+ encrypted_key_value = session.encrypt( {:DES3_CBC => "2"*8}, secret_key, "1"*16)
84
+ encrypted_key_value = adjust_parity(encrypted_key_value)
85
+ assert_equal new_key1[:VALUE], encrypted_key_value, 'Encrypted data should equal derived key value'
86
+
87
+ assert_equal 3, secret_key[:USAGE_COUNT], 'The secret key should be used 3 times'
88
+ end
89
+
90
+
91
+ def test_attributes
92
+ assert_equal true, secret_key[:EXPORTABLE], 'CKA_EXTRACTABLE should be usable'
93
+ secret_key[:EXPORTABLE] = false
94
+ assert_equal false, secret_key[:EXPORTABLE], 'CKA_EXTRACTABLE should be usable'
95
+
96
+ assert_equal 0, secret_key[:USAGE_COUNT], 'CKA_USAGE_COUNT should be usable'
97
+ secret_key[:USAGE_COUNT] = 5
98
+ assert_equal 5, secret_key[:USAGE_COUNT], 'CKA_USAGE_COUNT should be usable'
99
+
100
+ assert_equal false, secret_key[:IMPORT], 'CKA_IMPORT should default to false'
101
+ assert_not_nil secret_key.attributes.find{|a| a.type==ProtectServer::CKA_EXPORT}, 'CKA_EXPORT should be returned for Object#attributes'
102
+ end
103
+ end