diff --git a/Test_OAEP/Cargo.toml b/Test_OAEP/Cargo.toml new file mode 100644 index 00000000..682e7b01 --- /dev/null +++ b/Test_OAEP/Cargo.toml @@ -0,0 +1,9 @@ +[package] +name = "Test_OAEP" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +cryptoki = "0.5.0" \ No newline at end of file diff --git a/Test_OAEP/Read me.txt b/Test_OAEP/Read me.txt new file mode 100644 index 00000000..d3aac433 --- /dev/null +++ b/Test_OAEP/Read me.txt @@ -0,0 +1 @@ +The Oaep test case is in the src folder. Please make sure to setup softhsm by either downloading it or using the portable version attached in this PR.The code automatically opens a slot at position 0 and sets the default SO and User pin. I have tested the test case and it gives the same issue as the one raised. Thank you diff --git a/Test_OAEP/SoftHSM2/README.txt b/Test_OAEP/SoftHSM2/README.txt new file mode 100644 index 00000000..ae5a26ac --- /dev/null +++ b/Test_OAEP/SoftHSM2/README.txt @@ -0,0 +1,32 @@ +SoftHSM2 for Windows +==================== + +SoftHSM is an implementation of a cryptographic store accessible through +a PKCS#11 interface. You can use it to explore PKCS#11 without having +a Hardware Security Module. It is being developed as a part of the OpenDNSSEC +project: + + https://www.opendnssec.org/softhsm/ + +This package includes both 32-bit and 64-bit build of SoftHSM 2.5.0 statically +linked to OpenSSL 1.1.1. Latest version of SoftHSM2 for Windows can be +downloaded from: + + https://github.com/disig/SoftHSM2-for-Windows + +SoftHSM2 searches for its configuration file in the following locations: + + 1. Path specified by SOFTHSM2_CONF environment variable + 2. User specific path %HOMEDRIVE%%HOMEPATH%\softhsm2.conf + 3. File softhsm2.conf in the current working directory + +Following modifications of environment variables are required before using +portable (not installed from MSI) version extracted in C:\SoftHSM2\ directory: + + set SOFTHSM2_CONF=C:\SoftHSM2\etc\softhsm2.conf + set PATH=%PATH%;C:\SoftHSM2\lib\ + +First token can be initialized with PKCS#11 function C_InitToken or with +the following command: + + softhsm2-util.exe --init-token --slot 0 --label "My token 1" diff --git a/Test_OAEP/SoftHSM2/bin/softhsm2-dump-file.exe b/Test_OAEP/SoftHSM2/bin/softhsm2-dump-file.exe new file mode 100644 index 00000000..32dde3ca Binary files /dev/null and b/Test_OAEP/SoftHSM2/bin/softhsm2-dump-file.exe differ diff --git a/Test_OAEP/SoftHSM2/bin/softhsm2-keyconv.exe b/Test_OAEP/SoftHSM2/bin/softhsm2-keyconv.exe new file mode 100644 index 00000000..016befa6 Binary files /dev/null and b/Test_OAEP/SoftHSM2/bin/softhsm2-keyconv.exe differ diff --git a/Test_OAEP/SoftHSM2/bin/softhsm2-util.exe b/Test_OAEP/SoftHSM2/bin/softhsm2-util.exe new file mode 100644 index 00000000..db6d6137 Binary files /dev/null and b/Test_OAEP/SoftHSM2/bin/softhsm2-util.exe differ diff --git a/Test_OAEP/SoftHSM2/etc/softhsm2.conf b/Test_OAEP/SoftHSM2/etc/softhsm2.conf new file mode 100644 index 00000000..12aee2d8 --- /dev/null +++ b/Test_OAEP/SoftHSM2/etc/softhsm2.conf @@ -0,0 +1,6 @@ +# SoftHSM v2 configuration file + +directories.tokendir =C:\Users\Nachi\Desktop\Test_OAEP\SoftHSM2\var\softhsm2\tokens\ +objectstore.backend = file +log.level = INFO +slots.removable = false diff --git a/Test_OAEP/SoftHSM2/etc/softhsm2.conf.sample b/Test_OAEP/SoftHSM2/etc/softhsm2.conf.sample new file mode 100644 index 00000000..a877d1f6 --- /dev/null +++ b/Test_OAEP/SoftHSM2/etc/softhsm2.conf.sample @@ -0,0 +1,6 @@ +# SoftHSM v2 configuration file + +directories.tokendir = .\tokens +objectstore.backend = file +log.level = INFO +slots.removable = false diff --git a/Test_OAEP/SoftHSM2/lib/softhsm2-x64.dll b/Test_OAEP/SoftHSM2/lib/softhsm2-x64.dll new file mode 100644 index 00000000..56d5b37c Binary files /dev/null and b/Test_OAEP/SoftHSM2/lib/softhsm2-x64.dll differ diff --git a/Test_OAEP/SoftHSM2/lib/softhsm2.dll b/Test_OAEP/SoftHSM2/lib/softhsm2.dll new file mode 100644 index 00000000..74088f4a Binary files /dev/null and b/Test_OAEP/SoftHSM2/lib/softhsm2.dll differ diff --git a/Test_OAEP/SoftHSM2/share/doc/openssl/LICENSE.txt b/Test_OAEP/SoftHSM2/share/doc/openssl/LICENSE.txt new file mode 100644 index 00000000..e953f590 --- /dev/null +++ b/Test_OAEP/SoftHSM2/share/doc/openssl/LICENSE.txt @@ -0,0 +1,125 @@ + + LICENSE ISSUES + ============== + + The OpenSSL toolkit stays under a double license, i.e. both the conditions of + the OpenSSL License and the original SSLeay license apply to the toolkit. + See below for the actual license texts. + + OpenSSL License + --------------- + +/* ==================================================================== + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + Original SSLeay License + ----------------------- + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + diff --git a/Test_OAEP/SoftHSM2/share/doc/softhsm2/CHANGELOG.txt b/Test_OAEP/SoftHSM2/share/doc/softhsm2/CHANGELOG.txt new file mode 100644 index 00000000..bc32026c --- /dev/null +++ b/Test_OAEP/SoftHSM2/share/doc/softhsm2/CHANGELOG.txt @@ -0,0 +1,321 @@ +NEWS for SoftHSM -- History of user visible changes + +SoftHSM 2.5.0 - 2018-09-24 + +* Issue #323: Support for EDDSA with vendor defined mechanisms. + (Patch from Francis Dupont) +* Issue #362: CMake Build System Support for SoftHSM. + (Patch from Constantine Grantcharov) +* Issue #368: Support migrating 32-bit SoftHSMv1 DB on 64-bit system (LP64). +* Issue #385: Default is not to build EDDSA since it has not been released in + OpenSSL. +* Issue #387: Windows: Add VS2017 detection to Configure.py. + (Patch from Jaroslav Imrich) +* Issue #412: Replace PKCS11 headers with a version from p11-kit. + (Patch from Alexander Bokovoy) + +Bugfixes: +* Issue #366: Support cross-compilation. + (Patch from Michael Weiser) +* Issue #377: Duplicate symbol error with custom p11test. +* Issue #386: Use RDRAND in OpenSSL if that engine is available. +* Issue #388: Update DBTests.cpp to fix x86 test failure. + (Patch from tcely) +* Issue #393: Not setting CKA_PUBLIC_KEY_INFO correctly. + (Patch from pkalapat) +* Issue #401: Wrong key and keyserver mentioned in installation documentation. + (Patch from Berry A.W. van Halderen) +* Issue #408: Remove mutex callbacks after C_Finalize(). + (Patch from Alexander Bokovoy) + + +SoftHSM 2.4.0 - 2018-02-27 + +* Issue #135: Support PKCS#8 for GOST. +* Issue #140: Support for CKA_ALLOWED_MECHANISMS. + (Patch from Brad Hess) +* Issue #141: Support CKA_ALWAYS_AUTHENTICATE for private key objects. +* Issue #220: Support for CKM_DES3_CMAC and CKM_AES_CMAC. +* Issue #226: Configuration option for Windows build to enable build with + static CRT (/MT). +* Issue #325: Support for CKM_AES_GCM. +* Issue #334: Document that initialized tokens will be reassigned to another + slot (based on the token serial number). +* Issue #335: Support for CKM_RSA_PKCS_PSS. + (Patch from Nikos Mavrogiannopoulos) +* Issue #341: Import AES keys with softhsm2-util. + (Patch from Pavel Cherezov) +* Issue #348: Document that OSX needs pkg-config to detect cppunit. +* Issue #349: softhsm2-util will check the configuration and report any + issues before loading the PKCS#11 library. + +Bugfixes: +* Issue #345: Private objects are presented to security officer in search + results. +* Issue #358: Race condition when multiple applications are creating and + reading object files. + + +SoftHSM 2.3.0 - 2017-07-03 + +* Issue #130: Upgraded to PKCS#11 v2.40. + * Minor changes to some return values. + * Added CKA_DESTROYABLE to all objects. Used by C_DestroyObject(). + * Added CKA_PUBLIC_KEY_INFO to certificates, private, and public key + objects. Will be accepted from application, but SoftHSM will + currently not calculate it. +* Issue #142: Support for CKM_AES_CTR. +* Issue #155: Add unit tests for SessionManager. +* Issue #189: C_DigestKey returns CKR_KEY_INDIGESTIBLE when key + attribute CKA_EXTRACTABLE = false. Whitelist SHA algorithms to allow + C_DigestKey in this case. +* Issue #225: Show slot id after initialization. +* Issue #247: Run AppVeyor (Windows CI) for each PR and merge. +* Issue #257: Set CKA_DECRYPT/CKA_ENCRYPT flags on key import to true. + (Patch from Martin Domke) +* Issue #261: Add support for libeaycompat lib for FIPS on Windows. + (Patch from Matt Hauck) +* Issue #262: Support importing ECDSA P-521 in softhsm-util. +* Issue #276: Support for Botan 2.0. +* Issue #279: Editorial changes from Mountain Lion to Sierra. + (Patch from Mike Neumann) +* Issue #283: More detailed error messages when initializing SoftHSM. +* Issue #285: Support for LibreSSL. + (Patch from Alon Bar-Lev) +* Issue #286: Update .gitignore. + (Patch from Alon Bar-Lev) +* Issue #291: Change to enable builds and reports on new Jenkinks + environment. +* Issue #293: Detect cppunit in autoconf. + (Patch from Alon Bar-Lev) +* Issue #309: CKO_CERTIFICATE and CKO_PUBLIC_KEY now defaults to + CKA_PRIVATE=false. +* Issue #314: Update README with information about logging. +* Issue #330: Adjust log levels for failing to enumerate object store. + (Patch from Nikos Mavrogiannopoulos) + +Bugfixes: +* Issue #216: Better handling of CRYPTO_set_locking_callback() for OpenSSL. +* Issue #265: Fix deriving shared secret with ECC. +* Issue #280: HMAC with sizes less than L bytes is strongly discouraged. + Set a lower bound equal to L bytes in ulMinKeySize and check it when + initializing the operation. +* Issue #281: Fix test of p11 shared library. + (Patch from Lars Silvén) +* Issue #289: Minor fix of 'EVP_CipherFinal_ex'. + (Patch from Viktor Tarasov) +* Issue #297: Fix build with cppunit. + (Patch from Ludovic Rousseau) +* Issue #302: Export PKCS#11 symbols from the library. + (Patch from Ludovic Rousseau) +* Issue #305: Zero pad key to fit the block in CKM_AES_KEY_WRAP. +* Issue #313: Detecting CppUnit when using Macports. + (Patch from mouse07410) + + +SoftHSM 2.2.0 - 2016-12-05 + +* Issue #143: Delete a token using softhsm2-util. +* Issue #185: Change access mode bits for /var/lib/softhsm/tokens/ + to 1777. All users can now create tokens, but only access their own. + (Patch from Rick van Rein) +* Issue #186: Reinitializing a token will now keep the token, but all + token objects are deleted, the user PIN is removed and the token + label is updated. +* Issue #190: Support for OpenSSL 1.1.0. +* Issue #198: Calling C_GetSlotList with NULL_PTR will make sure that + there is always a slot with an uninitialized token available. +* Issue #199: The token serial number will be used when setting the slot + number. The serial number is set after the token has been initialized. + (Patch from Lars Silvén) +* Issue #203: Update the command utils to use the token label or serial + to find the token and its slot number. +* Issue #209: Possibility to test other PKCS#11 implementations with the + CppUnit test. + (Patch from Lars Silvén) +* Issue #223: Mark public key as non private by default. + (Patch from Nikos Mavrogiannopoulos) +* Issue #230: Install p11-kit module, to disable use --disable-p11-kit. + (Patch from David Woodhouse) +* Issue #237: Add windows continuous integration build. + (Patch from Peter Polačko) + +Bugfixes: +* Issue #201: Missing new source file and test configuration in the + Windows build project. +* Issue #205: ECDSA P-521 support for OpenSSL and better test coverage. +* Issue #207: Fix segmentation faults in loadLibrary function. + (Patch from Jaroslav Imrich) +* Issue #215: Update the Homebrew install notes for OSX. +* Issue #218: Fix build warnings. +* Issue #235: Add the libtool install command for OSX. + (Patch from Mark Wylde) +* Issue #236: Use GetEnvironmentVariable instead of getenv on Windows. + (Patch from Jaroslav Imrich) +* Issue #239: Crash on module unload with OpenSSL. + (Patch from David Woodhouse) +* Issue #241: Added EXTRALIBS to Windows utils project. + (Patch from Peter Polačko) +* Issue #250: C++11 not detected. +* Issue #255: API changes in Botan 1.11.27. +* Issue #260: Fix include guard to check WITH_FIPS. + (Patch from Matt Hauck) +* Issue #268: p11test fails on 32-bit systems. +* Issue #270: Build warning about "converting a string constant". +* Issue #272: Fix C++11 check to look for unique_ptr. + (Patch from Matt Hauck) + + +SoftHSM 2.1.0 - 2016-03-14 + +* Issue #136: Improved guide and build scripts for Windows. + (Thanks to Jaroslav Imrich) +* Issue #144: The password prompt in softhsm2-util can now be + interrupted (ctrl-c). +* Issue #166: Add slots.removable config option. + (Patch from Sumit Bose) +* Issue #180: Windows configure script improvements. + (Patch from Arnaud Grandville) + +Bugfixes: +* Issue #128: Prioritize the return values in C_GetAttributeValue. + (Patch from Nicholas Wilson) +* Issue #129: Fix errors reported by Visual Studio 2015. + (Patch from Jaroslav Imrich) +* Issue #132: Handle the CKA_CHECK_VALUE correctly for certificates + and symmetric key objects. +* Issue #154: Fix the Windows build and destruction order of objects. + (Patch from Arnaud Grandville) +* Issue #162: Not possible to create certificate objects containing + CKA_CERTIFICATE_CATEGORY, CKA_NAME_HASH_ALGORITHM, or + CKA_JAVA_MIDP_SECURITY_DOMAIN. +* Issue #163: Do not attempt decryption of empty byte strings. + (Patch from Michal Kepien) +* Issue #165: Minor changes after a PVS-Studio code analysis, and + C_EncryptUpdate crash if no ciphered data is produced. + (Patch from Arnaud Grandville) +* Issue #169: One-byte buffer overflow in call to EVP_DecryptUpdate. +* Issue #171: Problem while closing library that is initialized but + improperly finalized. +* Issue #173: Adjust return values for the template parsing. +* Issue #174: C_DeriveKey() error with leading zero bytes. +* Issue #177: CKA_NEVER_EXTRACTABLE set to CK_FALSE on objects + created with C_CreateObject. +* Issue #182: Resolve compiler warning. + (Patch from Josh Datko) +* Issue #184: Stop discarding the global OpenSSL libcrypto state. + (Patch from Michal Trojnara) +* SOFTHSM-123: Fix library cleanup on BSD. + + +SoftHSM 2.0.0 - 2015-07-17 + +* SOFTHSM-121: Test cases for C_DecryptUpdate/C_DecryptFinal. +* Support C_DecryptUpdate/C_DecryptFinal for symmetric algorithms. + (Patch from Thomas Calderon) + +Bugfixes: +* SOFTHSM-120: Segfault after renaming variables. + + +SoftHSM 2.0.0b3 - 2015-04-17 + +* SOFTHSM-113: Support for Botan 1.11.15 +* SOFTHSM-119: softhsm2-util: Support ECDSA key import + (Patch from Magnus Ahltorp) +* SUPPORT-139: Support deriving generic secrets, DES, DES2, DES3, and AES. + Using DH, ECDH or symmetric encryption. + +Bugfixes: +* SOFTHSM-108: A marked as trusted certificate cannot be imported. +* SOFTHSM-109: Unused parameter and variable warnings. +* SOFTHSM-110: subdir-objects warnings from autoreconf. +* SOFTHSM-111: Include FIPS-NOTES.md in dist. +* SOFTHSM-112: CKM_AES_KEY_WRAP* conflict in pkcs11.h. +* SOFTHSM-114: Fix memory leak in a test script. +* SOFTHSM-115: Fix static analysis warnings. +* SUPPORT-154: A marked as non-modifiable object cannot be generated. +* SUPPORT-155: auto_ptr is deprecated in C++11, use unique_ptr. +* SUPPORT-157: Derived secrets were truncated after encryption and + could thus not be decrypted. +* Mutex should call MutexFactory wrapper functions. + (Patch from Jerry Lundström) +* Return detailed error message to loadLibrary(). + (Patch from Petr Spacek) + + +SoftHSM 2.0.0b2 - 2014-12-28 + +* SOFTHSM-50: OpenSSL FIPS support. +* SOFTHSM-64: Updated build script for Windows. +* SOFTHSM-100: Use --free with softhsm2-util to initialize the first + free token. +* SOFTHSM-103: Allow runtime configuration of log level. +* SOFTHSM-107: Support for CKM__CBC_PAD. +* Add support for CKM_RSA_PKCS_OAEP key un/wrapping. + (Patch from Petr Spacek) +* Use OpenSSL EVP interface for AES key wrapping. + (Patch from Petr Spacek) +* Allow reading configuration file from user's home directory. + (Patch from Nikos Mavrogiannopoulos) + +Bugfixes: +* SOFTHSM-102: C_DeriveKey() uses OBJECT_OP_GENERATE. +* Coverity found a number of issues. + + +SoftHSM 2.0.0b1 - 2014-09-10 + +* SOFTHSM-84: Check that all mandatory attributes are given during + the creation process. +* SOFTHSM-92: Enable -fvisibility=hidden on per default +* SUPPORT-137: Implement C_EncryptUpdate and C_EncryptFinal + (Patch from Martin Paljak) +* Add support for CKM_RSA_PKCS key un/wrapping + (Patch from Petr Spacek) + +Bugfixes: +* SOFTHSM-66: Attribute handling when using multiple threads +* SOFTHSM-93: Invalid C++ object recycling. +* SOFTHSM-95: umask affecting the calling application. +* SOFTHSM-97: Check if Botan has already been initialized. +* SOFTHSM-98: Handle mandatory attributes for DSA, DH, and ECDSA + correctly. +* SOFTHSM-99: Binary encoding of GOST values. +* SUPPORT-136: softhsm2-keyconv creates files with sensitive material + in insecure way. + + +SoftHSM 2.0.0a2 - 2014-03-25 + +* SOFTHSM-68: Display a better configure message when there is a + version of Botan with a broken ECC/GOST/OID implementation. +* SOFTHSM-70: Improved handling of the database backend. +* SOFTHSM-71: Supporting Botan 1.11. +* SOFTHSM-76: Do not generate RSA keys smaller than 1024 bit when + using the Botan crypto backend. +* SOFTHSM-83: Support CKA_VALUE_BITS for CKK_DH private key object. +* SOFTHSM-85: Rename libsofthsm.so to libsofthsm2.so and prefix the + command line utilties with softhsm2-. +* SOFTHSM-89: Use constants and not strings for signaling algorithms. +* SUPPORT-129: Possible to use an empty template in C_GenerateKey. + The class and key type are inherited from the generation mechanism. + Some mechanisms do however require a length attribute. [SOFTHSM-88] +* SUPPORT-131: Support RSA-PSS using SHA1, SHA224, SHA256, SHA384, + or SHA512. [SOFTHSM-87] + +Bugfixes: +* SOFTHSM-39: Fix 64 bit build on sparc sun4v. +* SOFTHSM-69: GOST did not work when you disabled ECC. +* SOFTHSM-78: Correct the attribute checks for a number of objects. +* SOFTHSM-80: Prevent segfault in OpenSSL GOST HMAC code. +* SOFTHSM-91: Fix a warning from static code analysis. +* Fixed a number of memory leaks. + + +SoftHSM 2.0.0a1 - 2014-02-10 + +This is the first alpha release of SoftHSMv2. It focuses on a higher +level of security by encrypting sensitive information and using +unswappable memory. There is also a more generalized crypto backend, +where you can use Botan or OpenSSL. diff --git a/Test_OAEP/SoftHSM2/share/doc/softhsm2/LICENSE.txt b/Test_OAEP/SoftHSM2/share/doc/softhsm2/LICENSE.txt new file mode 100644 index 00000000..be4c168f --- /dev/null +++ b/Test_OAEP/SoftHSM2/share/doc/softhsm2/LICENSE.txt @@ -0,0 +1,28 @@ +Copyright (c) 2010 .SE, The Internet Infrastructure Foundation + http://www.iis.se + +Copyright (c) 2010 SURFnet bv + http://www.surfnet.nl/en + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER +IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/Test_OAEP/SoftHSM2/share/man/man1/softhsm2-dump-file.txt b/Test_OAEP/SoftHSM2/share/man/man1/softhsm2-dump-file.txt new file mode 100644 index 00000000..923fc62e --- /dev/null +++ b/Test_OAEP/SoftHSM2/share/man/man1/softhsm2-dump-file.txt @@ -0,0 +1,19 @@ +SOFTHSM2-DUMP-FILE(1) General Commands Manual SOFTHSM2-DUMP-FILE(1) + +NAME + softhsm2-dump-file - SoftHSM object file dump + +SYNOPSIS + softhsm2-dump-file path + +DESCRIPTION + softhsm2-dump-file is a tool that can dump SoftHSM v2 object file for + debugging purposes. + +OPTIONS + path The SoftHSM v2 object file that is going to be dumped. + + --help, -h + Show the help information. + +SoftHSM 20 March 2014 SOFTHSM2-DUMP-FILE(1) diff --git a/Test_OAEP/SoftHSM2/share/man/man1/softhsm2-keyconv.txt b/Test_OAEP/SoftHSM2/share/man/man1/softhsm2-keyconv.txt new file mode 100644 index 00000000..4d994366 --- /dev/null +++ b/Test_OAEP/SoftHSM2/share/man/man1/softhsm2-keyconv.txt @@ -0,0 +1,47 @@ +SOFTHSM2-KEYCONV(1) General Commands Manual SOFTHSM2-KEYCONV(1) + +NAME + softhsm2-keyconv - converting from BIND to PKCS#8 key file format + +SYNOPSIS + softhsm2-keyconv --in path --out path [--pin PIN] + +DESCRIPTION + softhsm2-keyconv can convert BIND .private-key files to the PKCS#8 file + format. This is so that you can import the PKCS#8 file into libsofthsm + using the command softhsm2-util. If you have another file format, then + openssl probably can help you to convert it into the PKCS#8 file for‐ + mat. + +OPTIONS + --help, -h Shows the help screen. + + --in path + The path to the input file. + + --out path + The path to the output file. + + --pin PIN + The PIN will be used to encrypt the PKCS#8 file. If not given + then the PKCS#8 file will be unencrypted. + + --version, -v + Show the version info. + +EXAMPLES + The following command can be used to convert a BIND .private-key file + to a PKCS#8 file: + + softhsm2-keyconv --in Kexample.com.+007+05474.private \ + --out rsa.pem + +AUTHORS + Written by Rickard Bellgrim, Francis Dupont, René Post, and Roland van + Rijswijk. + +SEE ALSO + softhsm2-migrate(1), softhsm2-util(1), softhsm2.conf(5), openssl(1), + named(1), dnssec-keygen(1), dnssec-signzone(1) + +SoftHSM 20 March 2014 SOFTHSM2-KEYCONV(1) diff --git a/Test_OAEP/SoftHSM2/share/man/man1/softhsm2-util.txt b/Test_OAEP/SoftHSM2/share/man/man1/softhsm2-util.txt new file mode 100644 index 00000000..071ccc01 --- /dev/null +++ b/Test_OAEP/SoftHSM2/share/man/man1/softhsm2-util.txt @@ -0,0 +1,149 @@ +SOFTHSM2-UTIL(1) General Commands Manual SOFTHSM2-UTIL(1) + +NAME + softhsm2-util - support tool for libsofthsm2 + +SYNOPSIS + softhsm2-util --show-slots + + softhsm2-util --init-token --free --label text \ + [--so-pin PIN --pin PIN] + + softhsm2-util --import path [--file-pin PIN] --token label \ + [--pin PIN --no-public-key] --label text --id hex + + softhsm2-util --import path --aes --token label \ + [--pin PIN] --label text --id hex + + softhsm2-util --delete-token --token text + +DESCRIPTION + softhsm2-util is a support tool mainly for libsofthsm2. It can also be + used with other PKCS#11 libraries by using the option --module + + Read the sections below to get more information on the libsofthsm2 and + PKCS#11. Most applications assumes that the token they want to use is + already initialized. It is then up to the user to initialize the + PKCS#11 token. This is done by using the PKCS#11 interface, but + instead of writing your own tool you can use the softhsm2-util tool. + + Keys are usually created directly in the token, but the user may want + to use an existing key pair. Keys can be imported to a token by using + the PKCS#11 interface, but this tool can also be used if the user has + the key pair in a PKCS#8 file. If you need to convert keys from BIND + .private-key format over to PKCS#8, one can use softhsm2-keyconv. + + The libary libsofthsm2, known as SoftHSM, provides cryptographic func‐ + tionality by using the PKCS#11 API. It was developed as a part of the + OpenDNSSEC project, thus designed to meet the requirements of + OpenDNSSEC, but can also work together with other software that want to + use the functionality of the PKCS#11 API. + + SoftHSM is a software implementation of a generic cryptographic device + with a PKCS#11 interface. These devices are often called tokens. Read + in the manual softhsm2.conf(5) on how to create these tokens and how + they are added to a slot in SoftHSM. + + The PKCS#11 API can be used to handle and store cryptographic keys. + This interface specifies how to communicate with cryptographic devices + such as HSMs (Hardware Security Modules) and smart cards. The purpose + of these devices is, among others, to generate cryptographic keys and + sign information without revealing private-key material to the outside + world. They are often designed to perform well on these specific tasks + compared to ordinary processes in a normal computer. + +ACTIONS + --delete-token + Delete the token at a given slot. Use with --token or --serial. + Any content in token will be erased. + + --help, -h + Show the help information. + + --import path + Import a key pair from the given path. The file must be in + PKCS#8-format. + Use with --slot or --token or --serial, --file-pin, --pin, + --no-public-key, --label, and --id. + Can also be used with --aes to use file as is and import it as + AES. + + --init-token + Initialize the token at a given slot, token label or token + serial. If the token is already initialized then this command + will reinitialize it, thus erasing all the objects in the token. + The matching Security Officer (SO) PIN must also be provided + when doing reinitialization. Initialized tokens will be reas‐ + signed to another slot (based on the token serial number). + Use with --slot or --token or --serial or --free, --label, --so- + pin, and --pin. + + --show-slots + Display all the available slots and their current status. + + --version, -v + Show the version info. + +OPTIONS + --aes Used to tell import to use file as is and import it as AES. + + --file-pin PIN + The PIN will be used to decrypt the PKCS#8 file. If not given + then the PKCS#8 file is assumed to be unencrypted. + + --force + Use this option to override the warnings and force the given + action. + + --free Use the first free/uninitialized token. + + --id hex + Choose an ID of the key pair. The ID is in hexadecimal with a + variable length. Use with --force when importing a key pair if + the ID already exists. + + --label text + Defines the label of the object or the token that will be set. + + --module path + Use another PKCS#11 library than SoftHSM. + + --no-public-key + Do not import the public key. + + --pin PIN + The PIN for the normal user. + + --serial number + Will use the token with a matching serial number. + + --slot number + The slot where the token is located. + + --so-pin PIN + The PIN for the Security Officer (SO). + + --token label + Will use the token with a matching token label. + +EXAMPLES + The token can be initialized using this command: + + softhsm2-util --init-token --slot 1 --label "mytoken" + + A key pair can be imported using the softhsm tool where you specify the + path to the key file, slot number, label and ID of the new objects, and + the user PIN. The file must be in PKCS#8 format. + + softhsm2-util --import key1.pem --token "mytoken" --label "My key" \ + --id A1B2 --pin 123456 + (Add, --file-pin PIN, if the key file is encrypted.) + +AUTHORS + Written by Rickard Bellgrim, Francis Dupont, René Post, and Roland van + Rijswijk. + +SEE ALSO + softhsm2-keyconv(1), softhsm2-migrate(1), softhsm2.conf(5) + +SoftHSM 22 September 2017 SOFTHSM2-UTIL(1) diff --git a/Test_OAEP/SoftHSM2/share/man/man5/softhsm2.conf.txt b/Test_OAEP/SoftHSM2/share/man/man5/softhsm2.conf.txt new file mode 100644 index 00000000..0db84c8c --- /dev/null +++ b/Test_OAEP/SoftHSM2/share/man/man5/softhsm2.conf.txt @@ -0,0 +1,76 @@ +softhsm2.conf(5) File Formats Manual softhsm2.conf(5) + +NAME + softhsm2.conf - SoftHSM configuration file + +SYNOPSIS + softhsm2.conf + +DESCRIPTION + This is the configuration file for SoftHSM. It can be found on a + default location, but can also be relocated by using the environment + variable. Any configuration must be done according to the file format + found in this document. + +FILE FORMAT + Each configuration option is a pair of name and value separated by a + equality sign. The configuration option must be located on a single + line. + + = + + It is also possible to add comments in the file by using the hash sign. + Anything after the hash sign will be ignored. + + # A comment + + Any empty lines or lines that does not have the correct format will be ignored. + +DIRECTORIES.TOKENDIR + The location where SoftHSM can store the tokens. + + directories.tokendir = c:\SoftHSM2\var\softhsm2\tokens\ + +OBJECTSTORE.BACKEND + The backend to use by SoftHSM to store token objects. Either "file" or + "db" is supported. In order to use the "db" backend, the SoftHSM build + needs to be configured with "configure --with-objectstore-backend-db" + + objectstore.backend = file + +LOG.LEVEL + The log level which can be set to ERROR, WARNING, INFO or DEBUG. + + log.level = INFO + +SLOTS.REMOVABLE + If set to true CKF_REMOVABLE_DEVICE is set in the flags returned by + C_GetSlotInfo. Default is false. + + slots.removable = true + +ENVIRONMENT + SOFTHSM2_CONF + When defined, the value will be used as path to the configura‐ + tion file. + +FILES + %HOMEDRIVE%%HOMEPATH%\softhsm2.conf + default user-specific location of the SoftHSM configuration + file; if it exists it will override the system wide configura‐ + tion + + .\softhsm2.conf + default system-wide location of the SoftHSM configuration file + + softhsm2.conf.sample + an example of a SoftHSM configuration file + +AUTHOR + Written by Rickard Bellgrim, Francis Dupont, René Post, and Roland van + Rijswijk. + +SEE ALSO + softhsm2-keyconv(1), softhsm2-migrate(1), softhsm2-util(1) + +SoftHSM 30 October 2014 softhsm2.conf(5) diff --git a/Test_OAEP/src/bin/common.rs b/Test_OAEP/src/bin/common.rs new file mode 100644 index 00000000..1d4808d7 --- /dev/null +++ b/Test_OAEP/src/bin/common.rs @@ -0,0 +1,49 @@ + +use cryptoki::context::{CInitializeArgs, Pkcs11}; +use cryptoki::session::UserType; +use cryptoki::slot::Slot; +use cryptoki::types::AuthPin; +use std::env; + +// The default user pin +pub static USER_PIN: &str = "fedcba"; +// The default SO pin +pub static SO_PIN: &str = "abcdef"; + +pub fn get_pkcs11() -> Pkcs11 { + let pkcs11_path = match env::var("PKCS11_SOFTHSM2_MODULE") { + Ok(path) => path, + Err(_) => { + // Determine the operating system and set the library path accordingly + match std::env::consts::OS { + "windows" => "./SoftHSM2/lib/softhsm2-x64.dll".to_string(), + _ => "./SoftHSM2/lib/libsofthsm2.so".to_string(), + } + } + }; + + Pkcs11::new(pkcs11_path).unwrap() +} + +pub fn init_pins() -> (Pkcs11, Slot) { + let pkcs11 = get_pkcs11(); + + // initialize the library + pkcs11.initialize(CInitializeArgs::OsThreads).unwrap(); + + // find a slot, get the first one + let slot = pkcs11.get_slots_with_token().unwrap().remove(0); + + let so_pin = AuthPin::new(SO_PIN.into()); + pkcs11.init_token(slot, &so_pin, "Test Token").unwrap(); + + { + // open a session + let session = pkcs11.open_rw_session(slot).unwrap(); + // log in the session + session.login(UserType::So, Some(&so_pin)).unwrap(); + session.init_pin(&AuthPin::new(USER_PIN.into())).unwrap(); + } + + (pkcs11, slot) +} diff --git a/Test_OAEP/src/bin/test.rs b/Test_OAEP/src/bin/test.rs new file mode 100644 index 00000000..8f93104a --- /dev/null +++ b/Test_OAEP/src/bin/test.rs @@ -0,0 +1,55 @@ +mod common; +use crate::common::USER_PIN; +use common::init_pins; +use cryptoki::mechanism::{Mechanism, MechanismType}; +use cryptoki::mechanism::rsa::{PkcsMgfType, PkcsOaepParams, PkcsOaepSource}; +use cryptoki::object::Attribute; +use cryptoki::session::UserType; +use std::error::Error; +use cryptoki::types::AuthPin; + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_encryption() -> Result<(), Box> { + let (pkcs11, slot) = init_pins(); + + // open a session + let session = pkcs11.open_rw_session(slot)?; + + // log in the session + session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?; + let pub_key_template = [Attribute::ModulusBits(2048.into())]; + let (pubkey, _privkey) = session.generate_key_pair(&Mechanism::RsaPkcsKeyPairGen, + &pub_key_template, &[])?; + let oaep = PkcsOaepParams::new(MechanismType::SHA1, PkcsMgfType::MGF1_SHA1, PkcsOaepSource::empty()); + let encrypt_mechanism: Mechanism = Mechanism::RsaPkcsOaep(oaep); + let encrypted_data = session.encrypt(&encrypt_mechanism, pubkey, b"Hello")?; + + let decrypted_data = session.decrypt(&encrypt_mechanism, _privkey, &encrypted_data)?; + let decrypted = String::from_utf8(decrypted_data)?; + assert_eq!("Hello", decrypted); + + + Ok(()) + } +} +use std::env; //To set Environment Variable if softhsm isn't initialised in the system + +fn main() { + let key = "SOFTHSM2_CONF"; + let value = "C:\\SoftHSM2\\etc\\softhsm2.conf"; + + // Set the environment variable for the current process + env::set_var(key, value); + + // Verify that the environment variable is set + match env::var(key) { + Ok(val) => println!("{} = {}", key, val), + Err(_) => println!("{} is not set", key), + } +} + +