My apologies, but the prior patch I sent for this was trampled on
by my mail program. Sending as two attachments for now.
PKCS11v2-20rc3, page 178 states,
C_WrapKey can be used to wrap a private key with any secret key.
This patch allows that to happen.
The testcase patch fixes a problem such that when testing with AES keys
the template contains CKA_VALUE_LEN for newly unwrapped keys.
Also removed references to CKM_GENERIC_SECRET_KEY_GEN since none
of the stdlls appeared to support it.
I will integrate on Monday if there are no objections.
Thanks!
regards,
Joy
>From 96de27a4e310652e0623f77d839693f40fc10237 Mon Sep 17 00:00:00 2001
From: Joy Latten <[email protected]>
Date: Fri, 8 Jul 2011 15:37:30 -0500
Subject: [PATCH] Fixes SF #3349099 Wrapping a private key with a secret key fails.
Signed-off-by: Joy Latten <[email protected]>
---
usr/lib/pkcs11/cca_stdll/key_mgr.c | 100 +++++++++++----------------
usr/lib/pkcs11/common/key_mgr.c | 131 +++++++++++++----------------------
usr/lib/pkcs11/tpm_stdll/key_mgr.c | 89 +++++++++---------------
3 files changed, 123 insertions(+), 197 deletions(-)
diff --git a/usr/lib/pkcs11/cca_stdll/key_mgr.c b/usr/lib/pkcs11/cca_stdll/key_mgr.c
index a319236..a93277e 100644
--- a/usr/lib/pkcs11/cca_stdll/key_mgr.c
+++ b/usr/lib/pkcs11/cca_stdll/key_mgr.c
@@ -848,10 +848,24 @@ key_mgr_wrap_key( SESSION * sess,
else
class = *(CK_OBJECT_CLASS *)attr->pValue;
+ // pkcs11v2-20rc3, page 178
+ // C_WrapKey can be used in following situations:
+ // - To wrap any secret key with a public key that supports encryption
+ // and decryption.
+ // - To wrap any secret key with any other secret key. Consideration
+ // must be given to key size and mechanism strength or the token may
+ // not allow the operation.
+ // - To wrap a private key with any secret key.
+ //
+ // These can be deduced to:
+ // A public key or a secret key can be used to wrap a secret key.
+ // A secret key can be used to wrap a private key.
+
switch (mech->mechanism) {
#if !(NOCDMF)
case CKM_CDMF_ECB:
case CKM_CDMF_CBC:
+ case CKM_CDMF_CBC_PAD:
#endif
case CKM_DES_ECB:
case CKM_DES_CBC:
@@ -859,20 +873,13 @@ key_mgr_wrap_key( SESSION * sess,
case CKM_DES3_CBC:
case CKM_AES_ECB:
case CKM_AES_CBC:
- if (class != CKO_SECRET_KEY){
- OCK_LOG_ERR(ERR_KEY_NOT_WRAPPABLE);
- return CKR_KEY_NOT_WRAPPABLE;
- }
- break;
-
-#if !(NOCDMF)
- case CKM_CDMF_CBC_PAD:
-#endif
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
case CKM_AES_CBC_PAD:
- // these mechanisms can wrap any type of key
- //
+ if ((class != CKO_SECRET_KEY) && (class != CKO_PRIVATE_KEY)) {
+ OCK_LOG_ERR(ERR_KEY_NOT_WRAPPABLE);
+ return CKR_KEY_NOT_WRAPPABLE;
+ }
break;
case CKM_RSA_PKCS:
@@ -1081,10 +1088,19 @@ key_mgr_unwrap_key( SESSION * sess,
found_class = FALSE;
found_type = FALSE;
- // some mechanisms are restricted to wrapping certain types of keys.
- // in these cases, the CKA_CLASS attribute is implied and isn't required
- // to be specified in the template (though it still may appear)
+ // pkcs11v2-20rc3, page 178
+ // C_WrapKey can be used in following situations:
+ // - To wrap any secret key with a public key that supports encryption
+ // and decryption.
+ // - To wrap any secret key with any other secret key. Consideration
+ // must be given to key size and mechanism strength or the token may
+ // not allow the operation.
+ // - To wrap a private key with any secret key.
//
+ // These can be deduced to:
+ // A public key or a secret key can be used to wrap a secret key.
+ // A secret key can be used to wrap a private key.
+
switch (mech->mechanism) {
case CKM_RSA_PKCS:
case CKM_RSA_X_509:
@@ -1095,6 +1111,7 @@ key_mgr_unwrap_key( SESSION * sess,
#if !(NOCMF)
case CKM_CDMF_ECB:
case CKM_CDMF_CBC:
+ case CKM_CDMF_CBC_PAD:
#endif
case CKM_DES_ECB:
case CKM_DES_CBC:
@@ -1102,19 +1119,16 @@ key_mgr_unwrap_key( SESSION * sess,
case CKM_DES3_CBC:
case CKM_AES_ECB:
case CKM_AES_CBC:
- keyclass = CKO_SECRET_KEY;
- found_class = TRUE;
- break;
-
-#if !(NOCMF)
- case CKM_CDMF_CBC_PAD:
-#endif
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
case CKM_AES_CBC_PAD:
// these mechanisms can wrap any type of key so nothing is implied
//
break;
+
+ default:
+ OCK_LOG_ERR(ERR_MECHANISM_INVALID);
+ return CKR_MECHANISM_INVALID;
}
@@ -1145,47 +1159,15 @@ CKO_PRIVATE_KEY)){
return CKR_TEMPLATE_INCOMPLETE;
}
- // final check to see if mechanism is allowed to unwrap such a key
+ // Check again that a public key only wraps/unwraps a secret key.
//
- switch (mech->mechanism) {
- case CKM_RSA_PKCS:
- case CKM_RSA_X_509:
- if (keyclass != CKO_SECRET_KEY){
- OCK_LOG_ERR(ERR_TEMPLATE_INCONSISTENT);
- return CKR_TEMPLATE_INCONSISTENT;
- }
- break;
-
-#if !(NOCMF)
- case CKM_CDMF_ECB:
- case CKM_CDMF_CBC:
-#endif
- case CKM_DES_ECB:
- case CKM_DES_CBC:
- case CKM_DES3_ECB:
- case CKM_DES3_CBC:
- case CKM_AES_ECB:
- case CKM_AES_CBC:
- if (keyclass != CKO_SECRET_KEY){
- OCK_LOG_ERR(ERR_TEMPLATE_INCONSISTENT);
- return CKR_TEMPLATE_INCONSISTENT;
- }
- break;
-
-#if !(NOCMF)
- case CKM_CDMF_CBC_PAD:
-#endif
- case CKM_DES_CBC_PAD:
- case CKM_DES3_CBC_PAD:
- case CKM_AES_CBC_PAD:
- break;
-
- default:
- OCK_LOG_ERR(ERR_MECHANISM_INVALID);
- return CKR_MECHANISM_INVALID;
+ if ((mech->mechanism == CKM_RSA_PKCS) || (mech->mechanism == CKM_RSA_X_509)) {
+ if (keyclass != CKO_SECRET_KEY){
+ OCK_LOG_ERR(ERR_TEMPLATE_INCONSISTENT);
+ return CKR_TEMPLATE_INCONSISTENT;
+ }
}
-
// looks okay...do the decryption
//
ctx = (ENCR_DECR_CONTEXT *)malloc(sizeof(ENCR_DECR_CONTEXT));
diff --git a/usr/lib/pkcs11/common/key_mgr.c b/usr/lib/pkcs11/common/key_mgr.c
index 5666d36..a0a2504 100755
--- a/usr/lib/pkcs11/common/key_mgr.c
+++ b/usr/lib/pkcs11/common/key_mgr.c
@@ -825,22 +825,35 @@ key_mgr_wrap_key( SESSION * sess,
}
}
-
// what kind of key are we trying to wrap? make sure the mechanism is
// allowed to wrap this kind of key
//
rc = template_attribute_find( key2_obj->template, CKA_CLASS, &attr );
- if (rc == FALSE){
+ if (rc == FALSE) {
OCK_LOG_ERR(ERR_KEY_NOT_WRAPPABLE);
return CKR_KEY_NOT_WRAPPABLE;
}
else
class = *(CK_OBJECT_CLASS *)attr->pValue;
+ // pkcs11v2-20rc3, page 178
+ // C_WrapKey can be used in following situations:
+ // - To wrap any secret key with a public key that supports encryption
+ // and decryption.
+ // - To wrap any secret key with any other secret key. Consideration
+ // must be given to key size and mechanism strength or the token may
+ // not allow the operation.
+ // - To wrap a private key with any secret key.
+ //
+ // These can be deduced to:
+ // A public key or a secret key can be used to wrap a secret key.
+ // A secret key can be used to wrap a private key.
+
switch (mech->mechanism) {
#if !(NOCDMF)
case CKM_CDMF_ECB:
case CKM_CDMF_CBC:
+ case CKM_CDMF_CBC_PAD:
#endif
case CKM_DES_ECB:
case CKM_DES_CBC:
@@ -848,28 +861,15 @@ key_mgr_wrap_key( SESSION * sess,
case CKM_DES3_CBC:
case CKM_AES_ECB:
case CKM_AES_CBC:
- if (class != CKO_SECRET_KEY){
- OCK_LOG_ERR(ERR_KEY_NOT_WRAPPABLE);
- return CKR_KEY_NOT_WRAPPABLE;
- }
- break;
case CKM_AES_CTR:
- if (class != CKO_SECRET_KEY)
- {
- OCK_LOG_ERR(ERR_KEY_NOT_WRAPPABLE);
- return CKR_KEY_NOT_WRAPPABLE;
- }
- break;
-
-#if !(NOCDMF)
- case CKM_CDMF_CBC_PAD:
-#endif
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
case CKM_AES_CBC_PAD:
- // these mechanisms can wrap any type of key
- //
- break;
+ if ((class != CKO_SECRET_KEY) && (class != CKO_PRIVATE_KEY)) {
+ OCK_LOG_ERR(ERR_KEY_NOT_WRAPPABLE);
+ return CKR_KEY_NOT_WRAPPABLE;
+ }
+ break;
case CKM_RSA_PKCS:
case CKM_RSA_X_509:
@@ -975,6 +975,7 @@ key_mgr_wrap_key( SESSION * sess,
#ifndef NOAES
case CKM_AES_ECB:
case CKM_AES_CBC:
+ case CKM_AES_CTR:
rc = ckm_aes_wrap_format( length_only, &data, &data_len );
if (rc != CKR_OK) {
OCK_LOG_ERR(ERR_AES_WRAP_FORMAT);
@@ -982,15 +983,6 @@ key_mgr_wrap_key( SESSION * sess,
return rc;
}
break;
- case CKM_AES_CTR:
- rc = ckm_aes_wrap_format( length_only, &data, &data_len );
- if (rc != CKR_OK)
- {
- OCK_LOG_ERR(ERR_AES_WRAP_FORMAT);
- if (data) free( data );
- return rc;
- }
- break;
#endif
#if !(NOCMF)
case CKM_CDMF_CBC_PAD:
@@ -1078,16 +1070,30 @@ key_mgr_unwrap_key( SESSION * sess,
found_class = FALSE;
found_type = FALSE;
- // some mechanisms are restricted to wrapping certain types of keys.
- // in these cases, the CKA_CLASS attribute is implied and isn't required
- // to be specified in the template (though it still may appear)
+ // pkcs11v2-20rc3, page 178
+ // C_WrapKey can be used in following situations:
+ // - To wrap any secret key with a public key that supports encryption
+ // and decryption.
+ // - To wrap any secret key with any other secret key. Consideration
+ // must be given to key size and mechanism strength or the token may
+ // not allow the operation.
+ // - To wrap a private key with any secret key.
//
+ // These can be deduced to:
+ // A public key or a secret key can be used to wrap a secret key.
+ // A secret key can be used to wrap a private key.
+
switch (mech->mechanism) {
case CKM_RSA_PKCS:
case CKM_RSA_X_509:
+ keyclass = CKO_SECRET_KEY;
+ found_class = TRUE;
+ break;
+
#if !(NOCMF)
case CKM_CDMF_ECB:
case CKM_CDMF_CBC:
+ case CKM_CDMF_CBC_PAD:
#endif
case CKM_DES_ECB:
case CKM_DES_CBC:
@@ -1095,23 +1101,17 @@ key_mgr_unwrap_key( SESSION * sess,
case CKM_DES3_CBC:
case CKM_AES_ECB:
case CKM_AES_CBC:
- keyclass = CKO_SECRET_KEY;
- found_class = TRUE;
- break;
case CKM_AES_CTR:
- keyclass = CKO_SECRET_KEY;
- found_class = TRUE;
- break;
-
-#if !(NOCMF)
- case CKM_CDMF_CBC_PAD:
-#endif
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
case CKM_AES_CBC_PAD:
// these mechanisms can wrap any type of key so nothing is implied
//
break;
+
+ default:
+ OCK_LOG_ERR(ERR_MECHANISM_INVALID);
+ return CKR_MECHANISM_INVALID;
}
@@ -1135,55 +1135,22 @@ key_mgr_unwrap_key( SESSION * sess,
// if we're unwrapping a private key, we can extract the key type from
// the BER-encoded information
- //
+
if (found_class == FALSE || (found_type == FALSE && keyclass !=
CKO_PRIVATE_KEY)){
OCK_LOG_ERR(ERR_TEMPLATE_INCOMPLETE);
return CKR_TEMPLATE_INCOMPLETE;
}
- // final check to see if mechanism is allowed to unwrap such a key
- //
- switch (mech->mechanism) {
- case CKM_RSA_PKCS:
- case CKM_RSA_X_509:
-#if !(NOCMF)
- case CKM_CDMF_ECB:
- case CKM_CDMF_CBC:
-#endif
- case CKM_DES_ECB:
- case CKM_DES_CBC:
- case CKM_DES3_ECB:
- case CKM_DES3_CBC:
- case CKM_AES_ECB:
- case CKM_AES_CBC:
- if (keyclass != CKO_SECRET_KEY){
- OCK_LOG_ERR(ERR_TEMPLATE_INCONSISTENT);
- return CKR_TEMPLATE_INCONSISTENT;
- }
- break;
- case CKM_AES_CTR:
- if (keyclass != CKO_SECRET_KEY){
- OCK_LOG_ERR(ERR_TEMPLATE_INCONSISTENT);
- return CKR_TEMPLATE_INCONSISTENT;
- }
- break;
-
+ // Check again that a public key only wraps/unwraps a secret key.
-#if !(NOCMF)
- case CKM_CDMF_CBC_PAD:
-#endif
- case CKM_DES_CBC_PAD:
- case CKM_DES3_CBC_PAD:
- case CKM_AES_CBC_PAD:
- break;
-
- default:
- OCK_LOG_ERR(ERR_MECHANISM_INVALID);
- return CKR_MECHANISM_INVALID;
+ if ((mech->mechanism == CKM_RSA_PKCS) || (mech->mechanism == CKM_RSA_X_509)){
+ if (keyclass != CKO_SECRET_KEY) {
+ OCK_LOG_ERR(ERR_TEMPLATE_INCONSISTENT);
+ return CKR_TEMPLATE_INCONSISTENT;
+ }
}
-
// looks okay...do the decryption
//
ctx = (ENCR_DECR_CONTEXT *)malloc(sizeof(ENCR_DECR_CONTEXT));
diff --git a/usr/lib/pkcs11/tpm_stdll/key_mgr.c b/usr/lib/pkcs11/tpm_stdll/key_mgr.c
index 0b8cea4..118f68c 100644
--- a/usr/lib/pkcs11/tpm_stdll/key_mgr.c
+++ b/usr/lib/pkcs11/tpm_stdll/key_mgr.c
@@ -572,10 +572,24 @@ key_mgr_wrap_key( SESSION * sess,
else
class = *(CK_OBJECT_CLASS *)attr->pValue;
+ // pkcs11v2-20rc3, page 178
+ // C_WrapKey can be used in following situations:
+ // - To wrap any secret key with a public key that supports encryption
+ // and decryption.
+ // - To wrap any secret key with any other secret key. Consideration
+ // must be given to key size and mechanism strength or the token may
+ // not allow the operation.
+ // - To wrap a private key with any secret key.
+ //
+ // These can be deduced to:
+ // A public key or a secret key can be used to wrap a secret key.
+ // A secret key can be used to wrap a private key.
+
switch (mech->mechanism) {
#if !(NOCDMF)
case CKM_CDMF_ECB:
case CKM_CDMF_CBC:
+ case CKM_CDMF_CBC_PAD:
#endif
case CKM_DES_ECB:
case CKM_DES_CBC:
@@ -583,20 +597,13 @@ key_mgr_wrap_key( SESSION * sess,
case CKM_DES3_CBC:
case CKM_AES_ECB:
case CKM_AES_CBC:
- if (class != CKO_SECRET_KEY){
- OCK_LOG_ERR(ERR_KEY_NOT_WRAPPABLE);
- return CKR_KEY_NOT_WRAPPABLE;
- }
- break;
-
-#if !(NOCDMF)
- case CKM_CDMF_CBC_PAD:
-#endif
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
case CKM_AES_CBC_PAD:
- // these mechanisms can wrap any type of key
- //
+ if ((class != CKO_SECRET_KEY) && (class != CKO_PRIVATE_KEY)) {
+ OCK_LOG_ERR(ERR_KEY_NOT_WRAPPABLE);
+ return CKR_KEY_NOT_WRAPPABLE;
+ }
break;
case CKM_RSA_PKCS:
@@ -800,10 +807,19 @@ key_mgr_unwrap_key( SESSION * sess,
found_class = FALSE;
found_type = FALSE;
- // some mechanisms are restricted to wrapping certain types of keys.
- // in these cases, the CKA_CLASS attribute is implied and isn't required
- // to be specified in the template (though it still may appear)
+ // pkcs11v2-20rc3, page 178
+ // C_WrapKey can be used in following situations:
+ // - To wrap any secret key with a public key that supports encryption
+ // and decryption.
+ // - To wrap any secret key with any other secret key. Consideration
+ // must be given to key size and mechanism strength or the token may
+ // not allow the operation.
+ // - To wrap a private key with any secret key.
//
+ // These can be deduced to:
+ // A public key or a secret key can be used to wrap a secret key.
+ // A secret key can be used to wrap a private key.
+
switch (mech->mechanism) {
case CKM_RSA_PKCS:
keyclass = CKO_SECRET_KEY;
@@ -813,6 +829,7 @@ key_mgr_unwrap_key( SESSION * sess,
#if !(NOCMF)
case CKM_CDMF_ECB:
case CKM_CDMF_CBC:
+ case CKM_CDMF_CBC_PAD:
#endif
case CKM_DES_ECB:
case CKM_DES_CBC:
@@ -820,13 +837,6 @@ key_mgr_unwrap_key( SESSION * sess,
case CKM_DES3_CBC:
case CKM_AES_ECB:
case CKM_AES_CBC:
- keyclass = CKO_SECRET_KEY;
- found_class = TRUE;
- break;
-
-#if !(NOCMF)
- case CKM_CDMF_CBC_PAD:
-#endif
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
case CKM_AES_CBC_PAD:
@@ -835,7 +845,6 @@ key_mgr_unwrap_key( SESSION * sess,
break;
}
-
// extract key type and key class from the template if they exist. we
// have to scan the entire template in case the CKA_CLASS or CKA_KEY_TYPE
// attributes are duplicated
@@ -863,46 +872,14 @@ CKO_PRIVATE_KEY)){
return CKR_TEMPLATE_INCOMPLETE;
}
- // final check to see if mechanism is allowed to unwrap such a key
- //
- switch (mech->mechanism) {
- case CKM_RSA_PKCS:
+ // Check again that a public key only wraps/unwraps a secret key.
+ if (mech->mechanism == CKM_RSA_PKCS) {
if (keyclass != CKO_SECRET_KEY){
OCK_LOG_ERR(ERR_TEMPLATE_INCONSISTENT);
return CKR_TEMPLATE_INCONSISTENT;
}
- break;
-
-#if !(NOCMF)
- case CKM_CDMF_ECB:
- case CKM_CDMF_CBC:
-#endif
- case CKM_DES_ECB:
- case CKM_DES_CBC:
- case CKM_DES3_ECB:
- case CKM_DES3_CBC:
- case CKM_AES_ECB:
- case CKM_AES_CBC:
- if (keyclass != CKO_SECRET_KEY){
- OCK_LOG_ERR(ERR_TEMPLATE_INCONSISTENT);
- return CKR_TEMPLATE_INCONSISTENT;
- }
- break;
-
-#if !(NOCMF)
- case CKM_CDMF_CBC_PAD:
-#endif
- case CKM_DES_CBC_PAD:
- case CKM_DES3_CBC_PAD:
- case CKM_AES_CBC_PAD:
- break;
-
- default:
- OCK_LOG_ERR(ERR_MECHANISM_INVALID);
- return CKR_MECHANISM_INVALID;
}
-
// looks okay...do the decryption
//
ctx = (ENCR_DECR_CONTEXT *)malloc(sizeof(ENCR_DECR_CONTEXT));
--
1.7.1
>From b9534cfca581a1f197bafad337eebc718ce5e9ac Mon Sep 17 00:00:00 2001
From: Joy Latten <[email protected]>
Date: Fri, 8 Jul 2011 15:47:53 -0500
Subject: [PATCH] Correct rsa testcase such that the newly unwrapped AES key
contains a CKA_VALUE_LEN attribute.
Remove references to CKM_GENERIC_SECRET_KEY_GEN since none of
the stdlls appear to support this.
Signed-off-by: Joy Latten <[email protected]>
---
testcases/driver/rsa_func.c | 64 +------------------------------------------
1 files changed, 1 insertions(+), 63 deletions(-)
diff --git a/testcases/driver/rsa_func.c b/testcases/driver/rsa_func.c
index 5d1db7b..a0aa60f 100755
--- a/testcases/driver/rsa_func.c
+++ b/testcases/driver/rsa_func.c
@@ -1313,7 +1313,7 @@ CK_RV do_GenerateWrapUnwrapRSA(
* specified in the template for the length of the key are taken
* from the end of this sequence of bytes."
*/
- if (mechtype == CKM_RSA_X_509 && keytype == CKM_AES_KEY_GEN) {
+ if ((keytype == CKM_AES_KEY_GEN) || (keytype == CKM_AES_KEY_GEN)) {
unwrap_tmpl[2].type = CKA_VALUE_LEN;
unwrap_tmpl[2].ulValueLen = sizeof(keylen);
unwrap_tmpl[2].pValue = &keylen;
@@ -2563,107 +2563,82 @@ CK_RV run_GenerateWrapUnwrapRSAPKCS()
// mod bits = 512. Secret keys up to 64 bytes
// publ exp = 3
- { CKM_RSA_PKCS, 512 , 1, { 0x03, 0x00, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 1, { 0x03, 0x00, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 1, { 0x03, 0x00, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 1, { 0x03, 0x00, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_PKCS, 512 , 1, { 0x03, 0x00, 0x00, 0x00 }, 64 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 17 (big endian format)
- { CKM_RSA_PKCS, 512 , 2, { 0x00, 0x11, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 2, { 0x00, 0x11, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 2, { 0x00, 0x11, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 2, { 0x00, 0x11, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_PKCS, 512 , 2, { 0x00, 0x11, 0x00, 0x00 }, 64 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 65537
- { CKM_RSA_PKCS, 512 , 3, { 0x01, 0x00, 0x01, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 3, { 0x01, 0x00, 0x01, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 3, { 0x01, 0x00, 0x01, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_PKCS, 512 , 3, { 0x01, 0x00, 0x01, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_PKCS, 512 , 3, { 0x01, 0x00, 0x01, 0x00 }, 64 , CKM_GENERIC_SECRET_KEY_GEN },
// mod bits = 768. Secret keys up to 96 bytes
// publ exp = 3
- { CKM_RSA_PKCS, 768 , 1, { 0x03, 0x00, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 1, { 0x03, 0x00, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 1, { 0x03, 0x00, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 1, { 0x03, 0x00, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_PKCS, 768 , 1, { 0x03, 0x00, 0x00, 0x00 }, 96 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 17 (big endian format)
- { CKM_RSA_PKCS, 768 , 2, { 0x00, 0x11, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 2, { 0x00, 0x11, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 2, { 0x00, 0x11, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 2, { 0x00, 0x11, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_PKCS, 768 , 2, { 0x00, 0x11, 0x00, 0x00 }, 96 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 65537
- { CKM_RSA_PKCS, 768 , 3, { 0x01, 0x00, 0x01, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 3, { 0x01, 0x00, 0x01, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 3, { 0x01, 0x00, 0x01, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_PKCS, 768 , 3, { 0x01, 0x00, 0x01, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_PKCS, 768 , 3, { 0x01, 0x00, 0x01, 0x00 }, 96 , CKM_GENERIC_SECRET_KEY_GEN },
// mod bits = 1024. Secret keys up to 128 bytes
// publ exp = 3
- { CKM_RSA_PKCS, 1024, 1, { 0x03, 0x00, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 1, { 0x03, 0x00, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 1, { 0x03, 0x00, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 1, { 0x03, 0x00, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_PKCS, 1024, 1, { 0x03, 0x00, 0x00, 0x00 }, 128 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 17 (big endian format)
- { CKM_RSA_PKCS, 1024, 2, { 0x00, 0x11, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 2, { 0x00, 0x11, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 2, { 0x00, 0x11, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 2, { 0x00, 0x11, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_PKCS, 1024, 2, { 0x00, 0x11, 0x00, 0x00 }, 128 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 65537
- { CKM_RSA_PKCS, 1024, 3, { 0x01, 0x00, 0x01, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 3, { 0x01, 0x00, 0x01, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 3, { 0x01, 0x00, 0x01, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_PKCS, 1024, 3, { 0x01, 0x00, 0x01, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_PKCS, 1024, 3, { 0x01, 0x00, 0x01, 0x00 }, 128 , CKM_GENERIC_SECRET_KEY_GEN },
// mod bits = 2048. Secret keys up to 256 bytes
// publ exp = 3
- { CKM_RSA_PKCS, 2048, 1, { 0x03, 0x00, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 1, { 0x03, 0x00, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 1, { 0x03, 0x00, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 1, { 0x03, 0x00, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_PKCS, 2048, 1, { 0x03, 0x00, 0x00, 0x00 }, 256 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 17 (big endian format)
- { CKM_RSA_PKCS, 2048, 2, { 0x00, 0x11, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 2, { 0x00, 0x11, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 2, { 0x00, 0x11, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 2, { 0x00, 0x11, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_PKCS, 2048, 2, { 0x00, 0x11, 0x00, 0x00 }, 256 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 65537
- { CKM_RSA_PKCS, 2048, 3, { 0x01, 0x00, 0x01, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 3, { 0x01, 0x00, 0x01, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 3, { 0x01, 0x00, 0x01, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_PKCS, 2048, 3, { 0x01, 0x00, 0x01, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_PKCS, 2048, 3, { 0x01, 0x00, 0x01, 0x00 }, 256 , CKM_GENERIC_SECRET_KEY_GEN },
// mod bits = 4096. Secret keys up to 512 bytes
// publ exp = 3
- { CKM_RSA_PKCS, 4096, 1, { 0x03, 0x00, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_PKCS, 4096, 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_PKCS, 4096, 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_PKCS, 4096, 1, { 0x03, 0x00, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
@@ -2677,19 +2652,14 @@ CK_RV run_GenerateWrapUnwrapRSAPKCS()
{ CKM_RSA_PKCS, 4096, 2, { 0x00, 0x11, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_PKCS, 4096, 2, { 0x00, 0x11, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_PKCS, 4096, 2, { 0x00, 0x11, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_PKCS, 4096, 2, { 0x00, 0x11, 0x00, 0x00 }, 512 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 65537
- { CKM_RSA_PKCS, 4096, 3, { 0x01, 0x00, 0x01, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_PKCS, 4096, 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_PKCS, 4096, 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_PKCS, 4096, 3, { 0x01, 0x00, 0x01, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_PKCS, 4096, 3, { 0x01, 0x00, 0x01, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_PKCS, 4096, 3, { 0x01, 0x00, 0x01, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_PKCS, 4096, 3, { 0x01, 0x00, 0x01, 0x00 }, 512 , CKM_GENERIC_SECRET_KEY_GEN },
};
-
-
for (i = 0;
i < (sizeof(inputdata) / sizeof(struct _inputparam));
i++) {
@@ -2729,133 +2699,101 @@ CK_RV run_GenerateWrapUnwrapRSAX509()
// mod bits = 512. Secret keys up to 64 bytes
// publ exp = 3
- { CKM_RSA_X_509, 512 , 1, { 0x03, 0x00, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 512 , 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 512 , 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 512 , 1, { 0x03, 0x00, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 512 , 1, { 0x03, 0x00, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 512 , 1, { 0x03, 0x00, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 512 , 1, { 0x03, 0x00, 0x00, 0x00 }, 64 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 17 (big endian format)
- { CKM_RSA_X_509, 512 , 2, { 0x00, 0x11, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 512 , 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 512 , 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 512 , 2, { 0x00, 0x11, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 512 , 2, { 0x00, 0x11, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 512 , 2, { 0x00, 0x11, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 512 , 2, { 0x00, 0x11, 0x00, 0x00 }, 64 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 65537
- { CKM_RSA_X_509, 512 , 3, { 0x01, 0x00, 0x01, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 512 , 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 512 , 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 512 , 3, { 0x01, 0x00, 0x01, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 512 , 3, { 0x01, 0x00, 0x01, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 512 , 3, { 0x01, 0x00, 0x01, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 512 , 3, { 0x01, 0x00, 0x01, 0x00 }, 64 , CKM_GENERIC_SECRET_KEY_GEN },
// mod bits = 768. Secret keys up to 96 bytes
// publ exp = 3
- { CKM_RSA_X_509, 768 , 1, { 0x03, 0x00, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 768 , 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 768 , 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 768 , 1, { 0x03, 0x00, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 768 , 1, { 0x03, 0x00, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 768 , 1, { 0x03, 0x00, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 768 , 1, { 0x03, 0x00, 0x00, 0x00 }, 96 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 17 (big endian format)
- { CKM_RSA_X_509, 768 , 2, { 0x00, 0x11, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 768 , 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 768 , 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 768 , 2, { 0x00, 0x11, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 768 , 2, { 0x00, 0x11, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 768 , 2, { 0x00, 0x11, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 768 , 2, { 0x00, 0x11, 0x00, 0x00 }, 96 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 65537
- { CKM_RSA_X_509, 768 , 3, { 0x01, 0x00, 0x01, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 768 , 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 768 , 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 768 , 3, { 0x01, 0x00, 0x01, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 768 , 3, { 0x01, 0x00, 0x01, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 768 , 3, { 0x01, 0x00, 0x01, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 768 , 3, { 0x01, 0x00, 0x01, 0x00 }, 96 , CKM_GENERIC_SECRET_KEY_GEN },
// mod bits = 1024. Secret keys up to 128 bytes
// publ exp = 3
- { CKM_RSA_X_509, 1024, 1, { 0x03, 0x00, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 1024, 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 1024, 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 1024, 1, { 0x03, 0x00, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 1024, 1, { 0x03, 0x00, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 1024, 1, { 0x03, 0x00, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 1024, 1, { 0x03, 0x00, 0x00, 0x00 }, 128 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 17 (big endian format)
- { CKM_RSA_X_509, 1024, 2, { 0x00, 0x11, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 1024, 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 1024, 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 1024, 2, { 0x00, 0x11, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 1024, 2, { 0x00, 0x11, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 1024, 2, { 0x00, 0x11, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 1024, 2, { 0x00, 0x11, 0x00, 0x00 }, 128 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 65537
- { CKM_RSA_X_509, 1024, 3, { 0x01, 0x00, 0x01, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 1024, 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 1024, 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 1024, 3, { 0x01, 0x00, 0x01, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 1024, 3, { 0x01, 0x00, 0x01, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 1024, 3, { 0x01, 0x00, 0x01, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 1024, 3, { 0x01, 0x00, 0x01, 0x00 }, 128 , CKM_GENERIC_SECRET_KEY_GEN },
// mod bits = 2048. Secret keys up to 256 bytes
// publ exp = 3
- { CKM_RSA_X_509, 2048, 1, { 0x03, 0x00, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 2048, 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 2048, 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 2048, 1, { 0x03, 0x00, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 2048, 1, { 0x03, 0x00, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 2048, 1, { 0x03, 0x00, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 2048, 1, { 0x03, 0x00, 0x00, 0x00 }, 256 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 17 (big endian format)
- { CKM_RSA_X_509, 2048, 2, { 0x00, 0x11, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 2048, 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 2048, 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 2048, 2, { 0x00, 0x11, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 2048, 2, { 0x00, 0x11, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 2048, 2, { 0x00, 0x11, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 2048, 2, { 0x00, 0x11, 0x00, 0x00 }, 256 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 65537
- { CKM_RSA_X_509, 2048, 3, { 0x01, 0x00, 0x01, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 2048, 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 2048, 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 2048, 3, { 0x01, 0x00, 0x01, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 2048, 3, { 0x01, 0x00, 0x01, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 2048, 3, { 0x01, 0x00, 0x01, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 2048, 3, { 0x01, 0x00, 0x01, 0x00 }, 256 , CKM_GENERIC_SECRET_KEY_GEN },
// mod bits = 4096. Secret keys up to 512 bytes
// publ exp = 3
- { CKM_RSA_X_509, 4096, 1, { 0x03, 0x00, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 4096, 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 4096, 1, { 0x03, 0x00, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 4096, 1, { 0x03, 0x00, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 4096, 1, { 0x03, 0x00, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 4096, 1, { 0x03, 0x00, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 4096, 1, { 0x03, 0x00, 0x00, 0x00 }, 512 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 17 (big endian format)
- { CKM_RSA_X_509, 4096, 2, { 0x00, 0x11, 0x00, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 4096, 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 4096, 2, { 0x00, 0x11, 0x00, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 4096, 2, { 0x00, 0x11, 0x00, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 4096, 2, { 0x00, 0x11, 0x00, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 4096, 2, { 0x00, 0x11, 0x00, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 4096, 2, { 0x00, 0x11, 0x00, 0x00 }, 512 , CKM_GENERIC_SECRET_KEY_GEN },
// publ exp = 65537
- { CKM_RSA_X_509, 4096, 3, { 0x01, 0x00, 0x01, 0x00 }, 1 , CKM_GENERIC_SECRET_KEY_GEN },
{ CKM_RSA_X_509, 4096, 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_CDMF_KEY_GEN },
{ CKM_RSA_X_509, 4096, 3, { 0x01, 0x00, 0x01, 0x00 }, 8 , CKM_DES_KEY_GEN },
{ CKM_RSA_X_509, 4096, 3, { 0x01, 0x00, 0x01, 0x00 }, 24 , CKM_DES3_KEY_GEN },
{ CKM_RSA_X_509, 4096, 3, { 0x01, 0x00, 0x01, 0x00 }, 16 , CKM_AES_KEY_GEN },
{ CKM_RSA_X_509, 4096, 3, { 0x01, 0x00, 0x01, 0x00 }, 32 , CKM_AES_KEY_GEN },
- { CKM_RSA_X_509, 4096, 3, { 0x01, 0x00, 0x01, 0x00 }, 512 , CKM_GENERIC_SECRET_KEY_GEN },
};
-
-
for (i = 0;
i < (sizeof(inputdata) / sizeof(struct _inputparam));
i++) {
--
1.7.1
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Opencryptoki-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
