return 0;
}
+static void generate_keypair(gnutls_pk_algorithm_t algo, size_t bits,
+ const char *name, bool sensitive)
+{
+ gnutls_datum_t out;
+ unsigned int flags;
+ gnutls_pkcs11_obj_t obj;
+ char buf[128];
+ int ret;
+
+ flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
+ if (!sensitive) {
+ flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE;
+ }
+
+ ret = gnutls_pkcs11_privkey_generate3("pkcs11:token=test", algo, bits,
+ name, NULL, GNUTLS_X509_FMT_DER,
+ &out, 0, flags);
+ if (ret < 0) {
+ fail("%d: %s\n", ret, gnutls_strerror(ret));
+ }
+
+ success("generated %s key (%s)\n",
+ gnutls_pk_get_name(algo),
+ sensitive ? "sensitive" : "non sensitive");
+
+ assert(gnutls_pkcs11_obj_init(&obj) >= 0);
+ assert(out.size > 0);
+
+ gnutls_pkcs11_obj_set_pin_function(obj, pin_func, NULL);
+ assert(snprintf(buf, sizeof(buf),
+ "pkcs11:token=test;object=%s;type=private",
+ name) < (int)sizeof(buf));
+ assert(gnutls_pkcs11_obj_import_url(obj, buf,
+ GNUTLS_PKCS11_OBJ_FLAG_LOGIN) >= 0);
+
+ assert(gnutls_pkcs11_obj_get_flags(obj, &flags) >= 0);
+
+ if (sensitive) {
+ assert(!(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE));
+ assert(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
+ } else {
+ assert(!(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE));
+ assert(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE);
+ }
+
+ gnutls_free(out.data);
+ gnutls_pkcs11_obj_deinit(obj);
+}
+
void doit(void)
{
char buf[128];
int ret;
const char *lib, *bin;
- gnutls_datum_t out;
- unsigned flags;
- gnutls_pkcs11_obj_t obj;
if (gnutls_fips140_mode_enabled())
exit(77);
gnutls_pkcs11_set_pin_function(pin_func, NULL);
- /* generate sensitive */
- ret = gnutls_pkcs11_privkey_generate3("pkcs11:token=test",
- GNUTLS_PK_RSA, 2048, "testkey",
- NULL, GNUTLS_X509_FMT_DER, &out,
- 0, GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
- if (ret < 0) {
- fail("%d: %s\n", ret, gnutls_strerror(ret));
- exit(1);
- }
-
- success("generated RSA key\n");
-
- assert(gnutls_pkcs11_obj_init(&obj) >= 0);
- assert(out.size > 0);
-
- gnutls_pkcs11_obj_set_pin_function(obj, pin_func, NULL);
- assert(gnutls_pkcs11_obj_import_url(
- obj, "pkcs11:token=test;object=testkey;type=private",
- GNUTLS_PKCS11_OBJ_FLAG_LOGIN) >= 0);
-
- assert(gnutls_pkcs11_obj_get_flags(obj, &flags) >= 0);
-
- assert(!(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE));
- assert(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
-
- gnutls_free(out.data);
- gnutls_pkcs11_obj_deinit(obj);
-
- /* generate non-sensitive */
- ret = gnutls_pkcs11_privkey_generate3(
- "pkcs11:token=test", GNUTLS_PK_RSA, 2048, "testkey2", NULL,
- GNUTLS_X509_FMT_DER, &out, 0,
- GNUTLS_PKCS11_OBJ_FLAG_LOGIN |
- GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE);
- if (ret < 0) {
- fail("%d: %s\n", ret, gnutls_strerror(ret));
- exit(1);
- }
-
- success("generated RSA key (non-sensitive)\n");
-
- assert(gnutls_pkcs11_obj_init(&obj) >= 0);
- assert(out.size > 0);
-
- gnutls_pkcs11_obj_set_pin_function(obj, pin_func, NULL);
- assert(gnutls_pkcs11_obj_import_url(
- obj, "pkcs11:token=test;object=testkey2;type=private",
- GNUTLS_PKCS11_OBJ_FLAG_LOGIN) >= 0);
-
- assert(gnutls_pkcs11_obj_get_flags(obj, &flags) >= 0);
-
- assert(!(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE));
- assert(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE);
-
- gnutls_free(out.data);
- gnutls_pkcs11_obj_deinit(obj);
+ generate_keypair(GNUTLS_PK_RSA, 2048, "rsa-sensitive", true);
+ generate_keypair(GNUTLS_PK_RSA, 2048, "rsa-non-sensitive", false);
#ifdef CKM_EC_EDWARDS_KEY_PAIR_GEN
ret = gnutls_pkcs11_token_check_mechanism(
"pkcs11:token=test", CKM_EC_EDWARDS_KEY_PAIR_GEN, NULL, 0, 0);
if (ret != 0) {
- ret = gnutls_pkcs11_privkey_generate3(
- "pkcs11:token=test", GNUTLS_PK_EDDSA_ED25519, 256,
- "testkey-ed25519", NULL, GNUTLS_X509_FMT_DER, &out, 0,
- GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
- if (ret < 0) {
- fail("%d: %s\n", ret, gnutls_strerror(ret));
- exit(1);
- }
-
- success("generated Ed25519 key\n");
-
- assert(gnutls_pkcs11_obj_init(&obj) >= 0);
- assert(out.size > 0);
-
- gnutls_pkcs11_obj_set_pin_function(obj, pin_func, NULL);
- assert(gnutls_pkcs11_obj_import_url(
- obj,
- "pkcs11:token=test;object=testkey-ed25519;type=private",
- GNUTLS_PKCS11_OBJ_FLAG_LOGIN) >= 0);
-
- assert(gnutls_pkcs11_obj_get_flags(obj, &flags) >= 0);
-
- assert(!(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE));
- assert(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
-
- gnutls_free(out.data);
- gnutls_pkcs11_obj_deinit(obj);
+ generate_keypair(GNUTLS_PK_EDDSA_ED25519, 256,
+ "ed25519-sensitive", true);
+ generate_keypair(GNUTLS_PK_EDDSA_ED25519, 256,
+ "ed25519-non-sensitive", false);
}
#endif
projects / thirdparty / gnutls.git / commitdiff
