PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
|
|
|
/*
|
|
|
|
|
* p11test_case_mechs.c: Check mechanisms supported by token
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2016, 2017 Red Hat, Inc.
|
|
|
|
|
*
|
|
|
|
|
* Author: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "p11test_case_mechs.h"
|
|
|
|
|
|
|
|
|
|
void supported_mechanisms_test(void **state) {
|
|
|
|
|
token_info_t *info = (token_info_t *) *state;
|
|
|
|
|
CK_FUNCTION_LIST_PTR function_pointer = info->function_pointer;
|
|
|
|
|
|
|
|
|
|
CK_RV rv;
|
|
|
|
|
CK_ULONG mechanism_count, i;
|
|
|
|
|
CK_MECHANISM_TYPE_PTR mechanism_list;
|
|
|
|
|
CK_MECHANISM_INFO_PTR mechanism_info;
|
|
|
|
|
CK_FLAGS j;
|
|
|
|
|
test_mech_t *mech = NULL;
|
|
|
|
|
|
|
|
|
|
P11TEST_START(info);
|
|
|
|
|
rv = function_pointer->C_GetMechanismList(info->slot_id, NULL_PTR,
|
|
|
|
|
&mechanism_count);
|
|
|
|
|
if ((rv == CKR_OK) && (mechanism_count > 0)) {
|
|
|
|
|
mechanism_list = (CK_MECHANISM_TYPE_PTR)
|
|
|
|
|
malloc(mechanism_count * sizeof(CK_MECHANISM_TYPE));
|
|
|
|
|
rv = function_pointer->C_GetMechanismList(info->slot_id,
|
|
|
|
|
mechanism_list, &mechanism_count);
|
|
|
|
|
if (rv != CKR_OK) {
|
|
|
|
|
free(mechanism_list);
|
|
|
|
|
function_pointer->C_Finalize(NULL_PTR);
|
|
|
|
|
P11TEST_FAIL(info, "Could not get mechanism list!");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mechanism_info = (CK_MECHANISM_INFO_PTR)
|
|
|
|
|
malloc(mechanism_count * sizeof(CK_MECHANISM_INFO));
|
|
|
|
|
if (mechanism_info == NULL)
|
|
|
|
|
P11TEST_FAIL(info, "Couldn't malloc()");
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < mechanism_count; i++) {
|
|
|
|
|
CK_MECHANISM_TYPE mechanism_type = mechanism_list[i];
|
|
|
|
|
rv = function_pointer->C_GetMechanismInfo(info->slot_id,
|
|
|
|
|
mechanism_type, &mechanism_info[i]);
|
|
|
|
|
if (rv != CKR_OK)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/* store mechanisms list for later tests */
|
|
|
|
|
|
|
|
|
|
/* List all known RSA mechanisms */
|
|
|
|
|
if (mechanism_list[i] == CKM_RSA_X_509
|
|
|
|
|
|| mechanism_list[i] == CKM_RSA_PKCS
|
|
|
|
|
|| mechanism_list[i] == CKM_MD5_RSA_PKCS
|
|
|
|
|
|| mechanism_list[i] == CKM_RIPEMD160_RSA_PKCS
|
|
|
|
|
|| mechanism_list[i] == CKM_SHA1_RSA_PKCS
|
|
|
|
|
|| mechanism_list[i] == CKM_SHA224_RSA_PKCS
|
|
|
|
|
|| mechanism_list[i] == CKM_SHA256_RSA_PKCS
|
|
|
|
|
|| mechanism_list[i] == CKM_SHA384_RSA_PKCS
|
|
|
|
|
|| mechanism_list[i] == CKM_SHA512_RSA_PKCS
|
|
|
|
|
|| mechanism_list[i] == CKM_RSA_PKCS_PSS
|
|
|
|
|
|| mechanism_list[i] == CKM_SHA1_RSA_PKCS_PSS
|
|
|
|
|
|| mechanism_list[i] == CKM_SHA256_RSA_PKCS_PSS
|
|
|
|
|
|| mechanism_list[i] == CKM_SHA384_RSA_PKCS_PSS
|
|
|
|
|
|| mechanism_list[i] == CKM_SHA512_RSA_PKCS_PSS
|
|
|
|
|
|| mechanism_list[i] == CKM_RSA_PKCS_OAEP) {
|
|
|
|
|
if (token.num_rsa_mechs < MAX_MECHS) {
|
|
|
|
|
mech = &token.rsa_mechs[token.num_rsa_mechs++];
|
|
|
|
|
mech->mech = mechanism_list[i];
|
|
|
|
|
mech->usage_flags = mechanism_info[i].flags;
|
|
|
|
|
} else
|
|
|
|
|
P11TEST_FAIL(info, "Too many RSA mechanisms (%d)", MAX_MECHS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We list all known EC mechanisms */
|
|
|
|
|
if (mechanism_list[i] == CKM_ECDSA
|
|
|
|
|
|| mechanism_list[i] == CKM_ECDSA_SHA1
|
|
|
|
|
|| mechanism_list[i] == CKM_ECDSA_SHA256
|
|
|
|
|
|| mechanism_list[i] == CKM_ECDSA_SHA384
|
2019-05-20 16:03:23 +00:00
|
|
|
|| mechanism_list[i] == CKM_ECDSA_SHA512
|
|
|
|
|
/* Including derive mechanisms */
|
|
|
|
|
|| mechanism_list[i] == CKM_ECDH1_DERIVE
|
|
|
|
|
|| mechanism_list[i] == CKM_ECDH1_COFACTOR_DERIVE
|
|
|
|
|
|| mechanism_list[i] == CKM_ECMQV_DERIVE) {
|
PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
|
|
|
if (token.num_ec_mechs < MAX_MECHS) {
|
|
|
|
|
mech = &token.ec_mechs[token.num_ec_mechs++];
|
|
|
|
|
mech->mech = mechanism_list[i];
|
|
|
|
|
mech->usage_flags = mechanism_info[i].flags;
|
|
|
|
|
} else
|
|
|
|
|
P11TEST_FAIL(info, "Too many EC mechanisms (%d)", MAX_MECHS);
|
|
|
|
|
}
|
2019-05-20 16:03:23 +00:00
|
|
|
|
2020-02-25 09:44:27 +00:00
|
|
|
/* We list all known edwards EC curve mechanisms */
|
|
|
|
|
if (mechanism_list[i] == CKM_EDDSA) {
|
|
|
|
|
if (token.num_ed_mechs < MAX_MECHS) {
|
|
|
|
|
mech = &token.ed_mechs[token.num_ed_mechs++];
|
|
|
|
|
mech->mech = mechanism_list[i];
|
|
|
|
|
mech->usage_flags = mechanism_info[i].flags;
|
|
|
|
|
} else
|
|
|
|
|
P11TEST_FAIL(info, "Too many edwards EC mechanisms (%d)", MAX_MECHS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We list all known montgomery EC curve mechanisms */
|
|
|
|
|
if (mechanism_list[i] == CKM_XEDDSA
|
|
|
|
|
|| mechanism_list[i] == CKM_ECDH1_DERIVE) {
|
|
|
|
|
if (token.num_montgomery_mechs < MAX_MECHS) {
|
|
|
|
|
mech = &token.montgomery_mechs[token.num_montgomery_mechs++];
|
|
|
|
|
mech->mech = mechanism_list[i];
|
|
|
|
|
mech->usage_flags = mechanism_info[i].flags;
|
|
|
|
|
} else
|
|
|
|
|
P11TEST_FAIL(info, "Too many montgomery EC mechanisms (%d)", MAX_MECHS);
|
|
|
|
|
}
|
|
|
|
|
|
PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
|
|
|
if ((mechanism_info[i].flags & CKF_GENERATE_KEY_PAIR) != 0) {
|
|
|
|
|
if (token.num_keygen_mechs < MAX_MECHS) {
|
|
|
|
|
mech = &token.keygen_mechs[token.num_keygen_mechs++];
|
|
|
|
|
mech->mech = mechanism_list[i];
|
|
|
|
|
mech->usage_flags = mechanism_info[i].flags;
|
|
|
|
|
} else
|
|
|
|
|
P11TEST_FAIL(info, "Too many KEYGEN mechanisms (%d)", MAX_MECHS);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
printf("[ MECHANISM ] [ KEY SIZE ] [ FLAGS ]\n");
|
|
|
|
|
printf("[ CKM_* ] [ MIN][ MAX] [ ]\n");
|
|
|
|
|
P11TEST_DATA_ROW(info, 4,
|
|
|
|
|
's', "MECHANISM",
|
|
|
|
|
's', "MIN KEY",
|
|
|
|
|
's', "MAX KEY",
|
|
|
|
|
's', "FLAGS");
|
|
|
|
|
for (i = 0; i < mechanism_count; i++) {
|
|
|
|
|
printf("[%-21s] [%4lu][%4lu] [%10s]",
|
|
|
|
|
get_mechanism_name(mechanism_list[i]),
|
|
|
|
|
mechanism_info[i].ulMinKeySize,
|
|
|
|
|
mechanism_info[i].ulMaxKeySize,
|
|
|
|
|
get_mechanism_flag_name(mechanism_info[i].flags));
|
|
|
|
|
P11TEST_DATA_ROW(info, 4,
|
|
|
|
|
's', get_mechanism_name(mechanism_list[i]),
|
|
|
|
|
'd', mechanism_info[i].ulMinKeySize,
|
|
|
|
|
'd', mechanism_info[i].ulMaxKeySize,
|
|
|
|
|
's', get_mechanism_flag_name(mechanism_info[i].flags));
|
|
|
|
|
for (j = 1; j <= CKF_EC_COMPRESS; j = j<<1)
|
|
|
|
|
if ((mechanism_info[i].flags & j) != 0)
|
|
|
|
|
printf(" %s", get_mechanism_flag_name(j));
|
|
|
|
|
printf("\n");
|
|
|
|
|
}
|
|
|
|
|
free(mechanism_list);
|
|
|
|
|
free(mechanism_info);
|
|
|
|
|
}
|
|
|
|
|
P11TEST_PASS(info);
|
|
|
|
|
}
|
|
|
|
|
|
