diff --git a/resources/scripts/opensc_tests.sh b/resources/scripts/opensc_tests.sh index f5ee874b..91f9a423 100755 --- a/resources/scripts/opensc_tests.sh +++ b/resources/scripts/opensc_tests.sh @@ -20,6 +20,8 @@ pkcs11-tool --module $MODULE --login --login-type so --so-pin 010203040506070801 pkcs11-tool --module $MODULE --login --login-type so --so-pin 010203040506070801020304050607080102030405060708 --keypairgen --id 2 --key-type EC:prime256v1 pkcs11-tool --module $MODULE --login --login-type so --so-pin 010203040506070801020304050607080102030405060708 --keypairgen --id 3 --key-type rsa:1024 pkcs11-tool --module $MODULE --login --login-type so --so-pin 010203040506070801020304050607080102030405060708 --keypairgen --id 4 --key-type rsa:2048 +pkcs11-tool --module $MODULE --login --login-type so --so-pin 010203040506070801020304050607080102030405060708 --keypairgen --id 5 --key-type rsa:3072 +pkcs11-tool --module $MODULE --login --login-type so --so-pin 010203040506070801020304050607080102030405060708 --keypairgen --id 6 --key-type rsa:4096 echo "******************* Signing Tests ********************* " echo "this is test data" > data.txt @@ -27,6 +29,8 @@ pkcs11-tool --module $MODULE --sign --pin 123456 --id 1 -m ECDSA-SHA1 --signatur pkcs11-tool --module $MODULE --sign --pin 123456 --id 2 -m ECDSA-SHA1 --signature-format openssl -i data.txt -o data.sig pkcs11-tool --module $MODULE --sign --pin 123456 --id 3 -i data.txt -o data.sig pkcs11-tool --module $MODULE --sign --pin 123456 --id 4 -i data.txt -o data.sig +pkcs11-tool --module $MODULE --sign --pin 123456 --id 5 -i data.txt -o data.sig +pkcs11-tool --module $MODULE --sign --pin 123456 --id 6 -i data.txt -o data.sig rm data.txt rm data.sig @@ -41,6 +45,14 @@ pkcs11-tool --module $MODULE --read-object --type cert --id 4 -o 9e_cert.crt openssl x509 -inform DER -outform PEM -in 9e_cert.crt -out 9e_cert.pem openssl x509 -in 9e_cert.pem -pubkey -noout > 9e_pubkey.pem +pkcs11-tool --module $MODULE --read-object --type cert --id 5 -o 5_cert.crt +openssl x509 -inform DER -outform PEM -in 5_cert.crt -out 5_cert.pem +openssl x509 -in 5_cert.pem -pubkey -noout > 5_pubkey.pem + +pkcs11-tool --module $MODULE --read-object --type cert --id 6 -o 6_cert.crt +openssl x509 -inform DER -outform PEM -in 6_cert.crt -out 6_cert.pem +openssl x509 -in 6_cert.pem -pubkey -noout > 6_pubkey.pem + openssl rsautl -encrypt -oaep -inkey 9d_pubkey.pem -pubin -in data.txt -out data.oaep pkcs11-tool --module $MODULE --decrypt --pin 123456 --id 3 -m RSA-PKCS-OAEP -i data.oaep rm data.oaep @@ -49,8 +61,18 @@ openssl rsautl -encrypt -oaep -inkey 9e_pubkey.pem -pubin -in data.txt -out data pkcs11-tool --module $MODULE --decrypt --pin 123456 --id 4 -m RSA-PKCS-OAEP -i data.oaep rm data.oaep +openssl rsautl -encrypt -oaep -inkey 5_pubkey.pem -pubin -in data.txt -out data.oaep +pkcs11-tool --module $MODULE --decrypt --pin 123456 --id 5 -m RSA-PKCS-OAEP -i data.oaep +rm data.oaep + +openssl rsautl -encrypt -oaep -inkey 6_pubkey.pem -pubin -in data.txt -out data.oaep +pkcs11-tool --module $MODULE --decrypt --pin 123456 --id 6 -m RSA-PKCS-OAEP -i data.oaep +rm data.oaep + rm 9d_cert.crt 9d_cert.pem 9d_pubkey.pem rm 9e_cert.crt 9e_cert.pem 9e_pubkey.pem +rm 5_cert.crt 5_cert.pem 5_pubkey.pem +rm 6_cert.crt 6_cert.pem 6_pubkey.pem rm data.txt echo "******************* Testing RSA Tests ********************* " diff --git a/ykcs11/mechanisms.c b/ykcs11/mechanisms.c index 7185908b..21fdd557 100644 --- a/ykcs11/mechanisms.c +++ b/ykcs11/mechanisms.c @@ -292,7 +292,7 @@ CK_RV sign_mechanism_final(ykcs11_session_t *session, CK_BYTE_PTR sig, CK_ULONG_ } // Sign with PIV - unsigned char sigbuf[256] = {0}; + unsigned char sigbuf[512] = {0}; size_t siglen = sizeof(sigbuf); ykpiv_rc rcc = ykpiv_sign_data(session->slot->piv_state, session->op_info.buf, session->op_info.buf_len, sigbuf, &siglen, session->op_info.op.sign.algorithm, session->op_info.op.sign.piv_key); if(rcc == YKPIV_OK) { diff --git a/ykcs11/objects.c b/ykcs11/objects.c index 966614d7..11593a9a 100644 --- a/ykcs11/objects.c +++ b/ykcs11/objects.c @@ -2171,7 +2171,7 @@ CK_RV check_create_rsa_key(CK_ATTRIBUTE_PTR templ, CK_ULONG n, CK_BYTE_PTR id, return CKR_TEMPLATE_INCOMPLETE; } - if (*p_len != 64 && *p_len != 128) { + if (*p_len != 64 && *p_len != 128 && *p_len != 192 && *p_len != 256) { DBG("Invalid RSA component lengths"); return CKR_ATTRIBUTE_VALUE_INVALID; }