tests: Check the behavior of CKA_ALLOWED_MECHANISMS

2019-03-08 17:54:55 +01:00 · 2019-03-08 17:54:55 +01:00 · 83eeafca3c
parent fc4d600634
commit 83eeafca3c
3 changed files with 65 additions and 4 deletions
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@ -8,6 +8,8 @@ dist_noinst_SCRIPTS = test-manpage.sh \
 TESTS = \
 	test-manpage.sh \
        test-pkcs11-tool-sign-verify.sh \
-        test-pkcs11-tool-test.sh
+        test-pkcs11-tool-test.sh \
+        test-pkcs11-tool-allowed-mechanisms.sh
 XFAIL_TESTS = \
-        test-pkcs11-tool-test.sh
+        test-pkcs11-tool-test.sh \
+        test-pkcs11-tool-allowed-mechanisms.sh
--- a/tests/common.sh
+++ b/tests/common.sh
@ -41,12 +41,16 @@ function generate_key() {
 	rm $ID.der
 }

-function card_setup() {
+function softhsm_initialize() {
 	echo "directories.tokendir = .tokens/" > .softhsm2.conf
 	mkdir ".tokens"
 	export SOFTHSM2_CONF=".softhsm2.conf"
 	# Init token
 	softhsm2-util --init-token --slot 0 --label "SC test" --so-pin="$SOPIN" --pin="$PIN"
+}
+
+function card_setup() {
+	softhsm_initialize

 	# Generate 1024b RSA Key pair
 	generate_key "RSA:1024" "01" "RSA_auth"
@ -58,8 +62,12 @@ function card_setup() {
 	generate_key "EC:secp521r1" "04" "ECC521"
 }

-function card_cleanup() {
+function softhsm_cleanup() {
 	rm .softhsm2.conf
 	rm -rf ".tokens"
+}
+
+function card_cleanup() {
+	softhsm_cleanup
 	rm 0{1,2,3,4}.pub
 }
--- a/tests/test-pkcs11-tool-allowed-mechanisms.sh
+++ b/tests/test-pkcs11-tool-allowed-mechanisms.sh
@ -0,0 +1,51 @@
+#!/bin/bash
+
+source common.sh
+
+echo "======================================================="
+echo "Setup SoftHSM"
+echo "======================================================="
+if [[ ! -f $P11LIB ]]; then
+    echo "WARNINIG: The SoftHSM is not installed. Can not run this test"
+    exit 77;
+fi
+softhsm_initialize
+# XXX This is broken in currently released SoftHSM
+# P11LIB=/home/jjelen/devel/SoftHSMv2/src/lib/.libs/libsofthsm2.so
+
+echo "======================================================="
+echo "Generate key-pair with CKA_ALLOWED_MECHANISMS"
+echo "======================================================="
+ID="05"
+MECHANISMS="RSA-PKCS,SHA1-RSA-PKCS,RSA-PKCS-PSS"
+# Generate key pair
+$PKCS11_TOOL --keypairgen --key-type="RSA:" --login --pin=$PIN \
+	--module="$P11LIB" --label="test" --id="$ID" \
+	--allowed-mechanisms="$MECHANISMS"
+assert $? "Failed to Generate RSA key pair"
+
+# Check the attributes are visible
+$PKCS11_TOOL --list-objects --login --pin=$PIN \
+	--module="$P11LIB" --id=$ID > objects.list
+assert $? "Failed to list objects"
+grep -q "Allowed mechanisms" objects.list
+assert $? "Allowed mechanisms not in the object list"
+grep -q "$MECHANISMS" objects.list
+assert $? "The $MECHANISMS is not in the list"
+
+# Make sure we are not allowed to use forbidden mechanism
+echo "data to sign (max 100 bytes)" > data
+$PKCS11_TOOL --id $ID -s -p $PIN -m SHA256-RSA-PKCS --module $P11LIB \
+       --input-file data --output-file data.sig &> sign.log
+grep -q CKR_MECHANISM_INVALID sign.log
+assert $? "It was possible to sign using non-allowed mechanism"
+rm -f data{,.sig}
+
+echo "======================================================="
+echo "Cleanup"
+echo "======================================================="
+softhsm_cleanup
+
+rm objects.list 
+
+exit $ERRORS