WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add testing and sample for AES-CBC

pull/126/head
Sean Parkinson 2019-02-19 11:42:53 +10:00
parent cae49407e7
commit 45dfcd8e3a
5 changed files with 250 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -141,6 +141,7 @@ pkcs11/pkcs11_rsa
pkcs11/pkcs11_ecc
pkcs11/pkcs11_genecc
pkcs11/pkcs11_aesgcm
pkcs11/pkcs11_aescbc
pkcs11/server-tls-pkcs11
pkcs11/softhsm2.conf
pkcs11/softhsm2

3
pkcs11/opencryptoki.sh
View File

@ -15,6 +15,9 @@ echo
echo "# AES-GCM example"
./pkcs11_aesgcm /usr/local/lib/opencryptoki/libopencryptoki.so 3 SoftToken cryptoki
echo
echo "# AES-CBC example"
./pkcs11_aescbc /usr/local/lib/opencryptoki/libopencryptoki.so 3 SoftToken cryptoki
echo
echo "# PKCS #11 test"
./pkcs11_test /usr/local/lib/opencryptoki/libopencryptoki.so 3 SoftToken cryptoki

122
pkcs11/pkcs11_aescbc.c 100644
View File

@ -0,0 +1,122 @@
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/wc_pkcs11.h>
#include <wolfssl/wolfcrypt/asn_public.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
int aescbc_enc_dec(int devId)
{
Aes aesEnc;
Aes aesDec;
unsigned char key[AES_256_KEY_SIZE];
int ret = 0;
unsigned char data[32];
unsigned char enc[32];
unsigned char dec[32];
unsigned char iv[AES_BLOCK_SIZE];
memset(key, 9, sizeof(key));
memset(data, 9, sizeof(data));
memset(iv, 9, sizeof(iv));
fprintf(stderr, "Encrypt with AES128-CBC\n");
ret = wc_AesInit_Id(&aesEnc, NULL, 0, NULL, devId);
if (ret == 0) {
ret = wc_AesSetKey(&aesEnc, key, AES_128_KEY_SIZE, iv, AES_ENCRYPTION);
if (ret != 0)
fprintf(stderr, "Set Key failed: %d\n", ret);
}
if (ret == 0) {
ret = wc_AesCbcEncrypt(&aesEnc, enc, data, sizeof(data));
if (ret != 0)
fprintf(stderr, "Encrypt failed: %d\n", ret);
}
if (ret == 0) {
fprintf(stderr, "Decrypt with AES128-CBC\n");
ret = wc_AesInit_Id(&aesDec, NULL, 0, NULL, devId);
}
if (ret == 0) {
ret = wc_AesSetKey(&aesDec, key, AES_128_KEY_SIZE, iv, AES_DECRYPTION);
if (ret != 0)
fprintf(stderr, "Set Key failed: %d\n", ret);
}
if (ret == 0) {
ret = wc_AesCbcDecrypt(&aesDec, dec, enc, sizeof(enc));
if (ret != 0)
fprintf(stderr, "Decrypt failed: %d\n", ret);
}
return ret;
}
#endif
int main(int argc, char* argv[])
{
int ret;
const char* library;
const char* slot;
const char* tokenName;
const char* userPin;
Pkcs11Dev dev;
Pkcs11Token token;
int slotId;
int devId = 1;
if (argc != 5) {
fprintf(stderr,
"Usage: pkcs11_aescbc <libname> <slot> <tokenname> <userpin>\n");
return 1;
}
library = argv[1];
slot = argv[2];
tokenName = argv[3];
userPin = argv[4];
slotId = atoi(slot);
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
#endif
wolfCrypt_Init();
ret = wc_Pkcs11_Initialize(&dev, library, NULL);
if (ret != 0) {
fprintf(stderr, "Failed to initialize PKCS#11 library\n");
ret = 2;
}
if (ret == 0) {
ret = wc_Pkcs11Token_Init(&token, &dev, slotId, tokenName,
(byte*)userPin, strlen(userPin));
if (ret != 0) {
fprintf(stderr, "Failed to initialize PKCS#11 token\n");
ret = 2;
}
if (ret == 0) {
ret = wc_CryptoDev_RegisterDevice(devId, wc_Pkcs11_CryptoDevCb,
&token);
if (ret != 0) {
fprintf(stderr, "Failed to register PKCS#11 token\n");
ret = 2;
}
if (ret == 0) {
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
ret = aescbc_enc_dec(devId);
if (ret != 0)
ret = 1;
#endif
}
wc_Pkcs11Token_Final(&token);
}
wc_Pkcs11_Finalize(&dev);
}
wolfCrypt_Cleanup();
return ret;
}

120
pkcs11/pkcs11_test.c
View File

@ -667,6 +667,120 @@ int aesgcm_test(int devId, Pkcs11Token* token)
}
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
int aescbc_test(int devId, Pkcs11Token* token)
{
Aes aes;
unsigned char key[AES_256_KEY_SIZE];
int ret = 0;
unsigned char data[32];
unsigned char enc[32];
unsigned char dec[32];
unsigned char iv[AES_BLOCK_SIZE];
unsigned char exp[32] = {
0x84, 0xf9, 0xc2, 0x0e, 0x61, 0x4f, 0x86, 0x07,
0xbc, 0x13, 0xef, 0xeb, 0x59, 0x4b, 0xdf, 0x5a,
0x34, 0xa8, 0xbd, 0xc7, 0x29, 0x66, 0xa4, 0x03,
0x5f, 0x8a, 0x7d, 0x85, 0xda, 0xc8, 0x9a, 0xc1
};
unsigned char exp256[32] = {
0x3f, 0xb8, 0x65, 0xa2, 0xe2, 0x74, 0x04, 0x94,
0xff, 0xff, 0x67, 0xa0, 0x3e, 0x83, 0x0e, 0xa3,
0xa3, 0x9a, 0x4f, 0xd2, 0x33, 0x58, 0xf5, 0x90,
0x04, 0x8c, 0xd8, 0x9a, 0xd6, 0x61, 0x19, 0x4a
};
memset(key, 9, sizeof(key));
memset(data, 9, sizeof(data));
memset(iv, 9, sizeof(iv));
/* AES128-CBC */
ret = wc_AesInit_Id(&aes, NULL, 0, NULL, devId);
if (ret == 0) {
ret = wc_AesSetKey(&aes, key, AES_128_KEY_SIZE, iv, AES_ENCRYPTION);
if (ret != 0)
fprintf(stderr, "Set Key failed: %d\n", ret);
}
if (ret == 0) {
ret = wc_AesCbcEncrypt(&aes, enc, data, sizeof(data));
if (ret != 0)
fprintf(stderr, "Encrypt failed: %d\n", ret);
}
if (ret == 0) {
if (memcmp(enc, exp, sizeof(exp)) != 0) {
fprintf(stderr, "Encrypted data didn't match expected\n");
ret = -1;
}
}
if (ret == 0) {
ret = wc_AesSetKey(&aes, key, AES_128_KEY_SIZE, iv, AES_DECRYPTION);
if (ret != 0)
fprintf(stderr, "Set Key failed: %d\n", ret);
}
if (ret == 0) {
ret = wc_AesCbcDecrypt(&aes, dec, enc, sizeof(enc));
if (ret != 0)
fprintf(stderr, "Decrypt failed: %d\n", ret);
}
if (ret == 0) {
if (memcmp(dec, data, ret) != 0) {
fprintf(stderr, "Decrypted data didn't match plaintext\n");
ret = -1;
}
}
if (ret == 0) {
wc_Pkcs11Token_Open(token, 1);
/* AES256-CBC */
if (ret == 0)
ret = wc_AesInit_Id(&aes, (unsigned char*)"AES123", 6, NULL, devId);
if (ret == 0) {
ret = wc_AesSetKey(&aes, key, AES_256_KEY_SIZE, iv, AES_ENCRYPTION);
if (ret != 0)
fprintf(stderr, "Set Key failed: %d\n", ret);
}
if (ret == 0) {
ret = wc_Pkcs11StoreKey(token, PKCS11_KEY_TYPE_AES_CBC, 1,
(void*)&aes);
if (ret == NOT_COMPILED_IN)
ret = 0;
if (ret != 0)
fprintf(stderr, "Store Key failed: %d\n", ret);
}
if (ret == 0) {
ret = wc_AesCbcEncrypt(&aes, enc, data, sizeof(data));
if (ret != 0)
fprintf(stderr, "Encrypt failed: %d\n", ret);
}
if (ret == 0) {
if (memcmp(enc, exp256, sizeof(exp256)) != 0) {
fprintf(stderr, "Encrypted data didn't match expected\n");
ret = -1;
}
}
if (ret == 0) {
ret = wc_AesSetKey(&aes, key, AES_256_KEY_SIZE, iv, AES_DECRYPTION);
if (ret != 0)
fprintf(stderr, "Set Key failed: %d\n", ret);
}
if (ret == 0) {
ret = wc_AesCbcDecrypt(&aes, dec, enc, sizeof(enc));
if (ret != 0)
fprintf(stderr, "Decrypt failed: %d\n", ret);
}
if (ret == 0) {
if (memcmp(dec, data, ret) != 0) {
fprintf(stderr, "Decrypted data didn't match plaintext\n");
ret = -1;
}
}
wc_Pkcs11Token_Close(token);
}
return ret;
}
#endif
int pkcs11_test(int devId, Pkcs11Token* token)
{
int ret = 0;
@ -801,6 +915,12 @@ int pkcs11_test(int devId, Pkcs11Token* token)
ret = aesgcm_test(devId, token);
}
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
if (ret == 0) {
fprintf(stderr, "AES-CBC encrypt/decrypt\n");
ret = aescbc_test(devId, token);
}
#endif
if (ret == 0)
fprintf(stderr, "Success\n");

4
pkcs11/softhsm2.sh
View File

@ -19,6 +19,10 @@ echo
echo "# AES-GCM example"
./pkcs11_aesgcm /usr/local/lib/softhsm/libsofthsm2.so $SOFTHSM2_SLOTID SoftToken cryptoki
echo
echo "# AES-CBC example"
./pkcs11_aescbc /usr/local/lib/softhsm/libsofthsm2.so $SOFTHSM2_SLOTID SoftToken cryptoki
echo
echo
echo "# PKCS#11 test"
./pkcs11_test /usr/local/lib/softhsm/libsofthsm2.so $SOFTHSM2_SLOTID SoftToken cryptoki