From fe08915dea22d4ce1c4923edf3644da7ee995f1a Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 25 Jun 2020 09:13:48 +1000 Subject: [PATCH] Add PKCS#11 random number generator example Add copyright notices to files. --- .gitignore | 1 + pkcs11/opencryptoki.sh | 3 + pkcs11/pkcs11_aescbc.c | 20 ++++++ pkcs11/pkcs11_aesgcm.c | 20 ++++++ pkcs11/pkcs11_ecc.c | 20 ++++++ pkcs11/pkcs11_genecc.c | 20 ++++++ pkcs11/pkcs11_hmac.c | 20 ++++++ pkcs11/pkcs11_rand.c | 117 +++++++++++++++++++++++++++++++++ pkcs11/pkcs11_rsa.c | 20 ++++++ pkcs11/pkcs11_test.c | 20 ++++++ pkcs11/server-tls-pkcs11-ecc.c | 2 +- pkcs11/server-tls-pkcs11.c | 2 +- pkcs11/softhsm2.sh | 3 + 13 files changed, 266 insertions(+), 2 deletions(-) create mode 100644 pkcs11/pkcs11_rand.c diff --git a/.gitignore b/.gitignore index 285ebcb6..30918763 100644 --- a/.gitignore +++ b/.gitignore @@ -163,6 +163,7 @@ pkcs11/pkcs11_genecc pkcs11/pkcs11_aesgcm pkcs11/pkcs11_aescbc pkcs11/pkcs11_hmac +pkcs11/pkcs11_rand pkcs11/server-tls-pkcs11 pkcs11/server-tls-pkcs11-ecc pkcs11/softhsm2.conf diff --git a/pkcs11/opencryptoki.sh b/pkcs11/opencryptoki.sh index fbf40358..40564c06 100755 --- a/pkcs11/opencryptoki.sh +++ b/pkcs11/opencryptoki.sh @@ -21,6 +21,9 @@ echo echo "# HMAC example" ./pkcs11_hmac /usr/local/lib/opencryptoki/libopencryptoki.so 3 SoftToken cryptoki echo +echo "# Random Number Generation example" +./pkcs11_rand /usr/local/lib/opencryptoki/libopencryptoki.so 3 SoftToken cryptoki +echo echo "# PKCS #11 test" ./pkcs11_test /usr/local/lib/opencryptoki/libopencryptoki.so 3 SoftToken cryptoki diff --git a/pkcs11/pkcs11_aescbc.c b/pkcs11/pkcs11_aescbc.c index a8844689..8bb599c0 100644 --- a/pkcs11/pkcs11_aescbc.c +++ b/pkcs11/pkcs11_aescbc.c @@ -1,3 +1,23 @@ +/* pkcs11_aescbc.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ #include diff --git a/pkcs11/pkcs11_aesgcm.c b/pkcs11/pkcs11_aesgcm.c index 53ddb334..f31fb5af 100644 --- a/pkcs11/pkcs11_aesgcm.c +++ b/pkcs11/pkcs11_aesgcm.c @@ -1,3 +1,23 @@ +/* pkcs11_aesgcm.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ #include diff --git a/pkcs11/pkcs11_ecc.c b/pkcs11/pkcs11_ecc.c index 727fd29a..f88cea9b 100644 --- a/pkcs11/pkcs11_ecc.c +++ b/pkcs11/pkcs11_ecc.c @@ -1,3 +1,23 @@ +/* pkcs11_ecc.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ #include diff --git a/pkcs11/pkcs11_genecc.c b/pkcs11/pkcs11_genecc.c index 94ba11be..b8922dc0 100644 --- a/pkcs11/pkcs11_genecc.c +++ b/pkcs11/pkcs11_genecc.c @@ -1,3 +1,23 @@ +/* pkcs11_genecc.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ #include diff --git a/pkcs11/pkcs11_hmac.c b/pkcs11/pkcs11_hmac.c index b515ab88..1dac3c25 100644 --- a/pkcs11/pkcs11_hmac.c +++ b/pkcs11/pkcs11_hmac.c @@ -1,3 +1,23 @@ +/* pkcs11_hmac.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ #include diff --git a/pkcs11/pkcs11_rand.c b/pkcs11/pkcs11_rand.c new file mode 100644 index 00000000..6cabdacd --- /dev/null +++ b/pkcs11/pkcs11_rand.c @@ -0,0 +1,117 @@ +/* pkcs11_rand.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#include +#include +#include +#include +#include + + +int pkcs11_rand(WC_RNG* rng) +{ + int ret; + unsigned char buffer[32] = { 0, }; + + ret = wc_RNG_GenerateBlock(rng, buffer, sizeof(buffer)); + if (ret != 0) { + fprintf(stderr, "Failed to generate random data\n"); + } + else { + int i; + for (i = 0; i < (int)sizeof(buffer); i++) { + printf("%02x", buffer[i]); + } + printf("\n"); + } + + return ret; +} + +int main(int argc, char* argv[]) +{ + int ret; + const char* library; + const char* slot; + const char* tokenName; + const char* userPin; + Pkcs11Dev dev; + Pkcs11Token token; + int slotId; + int devId = 1; + WC_RNG rng; + + if (argc != 5) { + fprintf(stderr, + "Usage: pkcs11_test \n"); + return 1; + } + + library = argv[1]; + slot = argv[2]; + tokenName = argv[3]; + userPin = argv[4]; + slotId = atoi(slot); + +#if defined(DEBUG_WOLFSSL) + wolfSSL_Debugging_ON(); +#endif + wolfCrypt_Init(); + + ret = wc_Pkcs11_Initialize(&dev, library, NULL); + if (ret != 0) { + fprintf(stderr, "Failed to initialize PKCS#11 library\n"); + ret = 2; + } + if (ret == 0) { + ret = wc_Pkcs11Token_Init(&token, &dev, slotId, tokenName, + (byte*)userPin, strlen(userPin)); + if (ret != 0) { + fprintf(stderr, "Failed to initialize PKCS#11 token\n"); + ret = 2; + } + if (ret == 0) { + ret = wc_CryptoDev_RegisterDevice(devId, wc_Pkcs11_CryptoDevCb, + &token); + if (ret != 0) { + fprintf(stderr, "Failed to register PKCS#11 token\n"); + ret = 2; + } + if (ret == 0) { + wc_InitRng_ex(&rng, NULL, devId); + + ret = pkcs11_rand(&rng); + if (ret != 0) + ret = 1; + + wc_FreeRng(&rng); + } + wc_Pkcs11Token_Final(&token); + } + wc_Pkcs11_Finalize(&dev); + } + + wolfCrypt_Cleanup(); + + return ret; +} + diff --git a/pkcs11/pkcs11_rsa.c b/pkcs11/pkcs11_rsa.c index eb09c4a1..5628e7ce 100644 --- a/pkcs11/pkcs11_rsa.c +++ b/pkcs11/pkcs11_rsa.c @@ -1,3 +1,23 @@ +/* pkcs11_rsa.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ #include diff --git a/pkcs11/pkcs11_test.c b/pkcs11/pkcs11_test.c index 2cc5b70d..903e92b7 100644 --- a/pkcs11/pkcs11_test.c +++ b/pkcs11/pkcs11_test.c @@ -1,3 +1,23 @@ +/* pkcs11_test.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ #include diff --git a/pkcs11/server-tls-pkcs11-ecc.c b/pkcs11/server-tls-pkcs11-ecc.c index 298c61b8..94ddd621 100644 --- a/pkcs11/server-tls-pkcs11-ecc.c +++ b/pkcs11/server-tls-pkcs11-ecc.c @@ -1,4 +1,4 @@ -/* server-tls.c +/* server-tls-pkcs11-ecc.c * * Copyright (C) 2006-2020 wolfSSL Inc. * diff --git a/pkcs11/server-tls-pkcs11.c b/pkcs11/server-tls-pkcs11.c index a3730e39..6b5caa2c 100644 --- a/pkcs11/server-tls-pkcs11.c +++ b/pkcs11/server-tls-pkcs11.c @@ -1,4 +1,4 @@ -/* server-tls.c +/* server-tls-pkcs11.c * * Copyright (C) 2006-2020 wolfSSL Inc. * diff --git a/pkcs11/softhsm2.sh b/pkcs11/softhsm2.sh index 5fa02d9f..31964c89 100755 --- a/pkcs11/softhsm2.sh +++ b/pkcs11/softhsm2.sh @@ -25,6 +25,9 @@ echo echo "# HMAC example" ./pkcs11_hmac /usr/local/lib/softhsm/libsofthsm2.so $SOFTHSM2_SLOTID SoftToken cryptoki echo +echo "# Random Number Generation example" +./pkcs11_rand /usr/local/lib/softhsm/libsofthsm2.so $SOFTHSM2_SLOTID SoftToken cryptoki +echo echo "# PKCS#11 test" ./pkcs11_test /usr/local/lib/softhsm/libsofthsm2.so $SOFTHSM2_SLOTID SoftToken cryptoki