Details: - aes_test.c: Improvemet to run the AES tests with different data buffer sizes. All buffers are now malloced() and freed() instead of hard coded located on the stack. The test functions have a new parameter datasize to be run with different data buffer sizes. The datasize parameter is rounded up to the next AES_BLOCK_SIZE if there is such a datasize parameter given on the command line. Otherwise the old default (BIG_REQUEST = 4k) is used. - in common.c: do_ParseArgs now recognizes -datasize <value>[kKmM] and processes this datasize command line parameter and fills the global variable data_size. So maybe on the long term other testcases than aes_test could use this parameter as well. - fix in regress.h: macro testcae_pass prints out timev differences but start time was nowhere set (causing to print just some kind of random time). Now the testcase_begin* macros set start time and thus the time values printed out make sense.
Signed-off-by: Harald Freudenberger <[email protected]> --- testcases/common/common.c | 31 +++- testcases/crypto/aes_func.c | 429 +++++++++++++++++++++++++++++-------------- testcases/include/regress.h | 3 + 3 files changed, 319 insertions(+), 144 deletions(-) diff --git a/testcases/common/common.c b/testcases/common/common.c index 3fb5219..4c94307 100644 --- a/testcases/common/common.c +++ b/testcases/common/common.c @@ -570,7 +570,8 @@ void print_hex( CK_BYTE *buf, CK_ULONG len ) void usage (char *fct) { - printf("usage: %s [-securekey] [-noskip] [-noinit] [-h] -slot <num>\n\n", fct ); + printf("usage: %s [-securekey] [-noskip] [-noinit]" + " [-datasize <num>[K|M]] [-h] -slot <num>\n\n", fct ); return; } @@ -578,12 +579,14 @@ void usage (char *fct) int do_ParseArgs(int argc, char **argv) { - int i; + char c; + int i, j; skip_token_obj = TRUE; no_stop = FALSE; no_init = FALSE; securekey = FALSE; + data_size = 0; SLOT_ID = 1000; @@ -607,6 +610,30 @@ int do_ParseArgs(int argc, char **argv) else if (strcmp (argv[i], "-nostop") == 0) no_stop = TRUE; + + else if (strcmp (argv[i], "-datasize") == 0) { + if (i+1 >= argc) { + printf ("Wrong/missing argument for '-datasize'\n"); + return -1; + } + j = strlen(argv[i+1]); + if (j < 1) { + printf ("Wrong/missing numerical value for 'datasize'\n"); + return -1; + } + c = argv[i+1][j-1]; + j = atoi(argv[i+1]); + if (j < 1) { + printf ("Wrong/missing numerical value for 'datasize'\n"); + return -1; + } + data_size = j; + if (c == 'k' || c == 'K') + data_size *= 1024; + if (c == 'm' || c == 'M') + data_size *= 1024*1024; + i++; + } else { printf ("Invalid argument passed as option: %s\n", argv [i]); usage (argv [0]); diff --git a/testcases/crypto/aes_func.c b/testcases/crypto/aes_func.c index 2ef63eb..d16061d 100644 --- a/testcases/crypto/aes_func.c +++ b/testcases/crypto/aes_func.c @@ -19,13 +19,12 @@ CK_ULONG key_lens[] = {16, 24, 32}; * of assertions is the same whether using clearkey or securekey. */ -CK_RV do_EncryptDecryptAES(struct generated_test_suite_info *tsuite) +CK_RV do_EncryptDecryptAES(struct generated_test_suite_info *tsuite, size_t datasize) { int i; - CK_BYTE original[BIG_REQUEST]; - CK_BYTE crypt[BIG_REQUEST + AES_BLOCK_SIZE]; - CK_BYTE decrypt[BIG_REQUEST + AES_BLOCK_SIZE]; - CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; + CK_BYTE *original, *crypt, *decrypt; + size_t original_size, crypt_size, decrypt_size; + CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; CK_ULONG j; CK_ULONG user_pin_len; CK_ULONG orig_len, crypt_len, decrypt_len; @@ -34,13 +33,28 @@ CK_RV do_EncryptDecryptAES(struct generated_test_suite_info *tsuite) CK_MECHANISM mechkey, mech; CK_OBJECT_HANDLE h_key; CK_FLAGS flags; - CK_RV rc = 0; + CK_RV rc = CKR_OK; CK_SLOT_ID slot_id = SLOT_ID; - testsuite_begin("%s Encryption/Decryption.",tsuite->name); + /** begin testsuite **/ + testsuite_begin("%s Encryption/Decryption with %u bytes", + tsuite->name, (unsigned)datasize); testcase_rw_session(); testcase_user_login(); + /* allocate buffers */ + if (datasize < AES_BLOCK_SIZE) datasize = AES_BLOCK_SIZE; + original_size = datasize; + crypt_size = datasize + AES_BLOCK_SIZE; + decrypt_size = datasize + AES_BLOCK_SIZE; + original = (CK_BYTE*) malloc(original_size); + crypt = (CK_BYTE*) malloc(crypt_size); + decrypt = (CK_BYTE*) malloc(decrypt_size); + if (!original || !crypt || !decrypt) { + fprintf(stderr, "Memory Allocation Error, aborting test run !!!\n"); + exit(1); + } + /** skip tests if the slot doesn't support this mechanism **/ if (! mech_supported(slot_id, tsuite->mech.mechanism)){ testsuite_skip(3, @@ -69,12 +83,12 @@ CK_RV do_EncryptDecryptAES(struct generated_test_suite_info *tsuite) } /** clear buffers **/ - memset(original,0,sizeof(original)); - memset(crypt,0,sizeof(crypt)); - memset(decrypt,0,sizeof(decrypt)); + memset(original,0,original_size); + memset(crypt,0,crypt_size); + memset(decrypt,0,decrypt_size); /** generate data **/ - orig_len = sizeof(original); + orig_len = original_size; for (j=0; j < orig_len; j++) original[j] = j % 255; @@ -90,7 +104,7 @@ CK_RV do_EncryptDecryptAES(struct generated_test_suite_info *tsuite) goto error; } - crypt_len = sizeof(crypt); + crypt_len = crypt_size; rc = funcs->C_Encrypt(session, original, @@ -112,7 +126,7 @@ CK_RV do_EncryptDecryptAES(struct generated_test_suite_info *tsuite) goto testcase_cleanup; } - decrypt_len = sizeof(decrypt); + decrypt_len = decrypt_size; rc = funcs->C_Decrypt(session, crypt, @@ -130,9 +144,10 @@ CK_RV do_EncryptDecryptAES(struct generated_test_suite_info *tsuite) testcase_new_assertion(); if (decrypt_len != orig_len) { - testcase_fail("decrypted data length does not " - "match original data length.\nexpected " "length=%ld, but found length=%ld\n", - orig_len, decrypt_len); + testcase_fail("decrypted data length does not " + "match original data length.\nexpected " + "length=%ld, but found length=%ld\n", + orig_len, decrypt_len); } else if (memcmp(decrypt, original, orig_len)){ @@ -142,7 +157,8 @@ CK_RV do_EncryptDecryptAES(struct generated_test_suite_info *tsuite) else { testcase_pass("%s Encryption/Decryption with " - "key length %ld passed.", tsuite->name, key_lens[i]); + "key length %ld passed.", + tsuite->name, key_lens[i]); } } @@ -164,16 +180,18 @@ testcase_cleanup: if (rc != CKR_OK) { testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc)); } + free(original); + free(crypt); + free(decrypt); return rc; } -CK_RV do_EncryptDecryptUpdateAES(struct generated_test_suite_info *tsuite) +CK_RV do_EncryptDecryptUpdateAES(struct generated_test_suite_info *tsuite, size_t datasize) { int i; - CK_BYTE original[BIG_REQUEST]; - CK_BYTE crypt[BIG_REQUEST + AES_BLOCK_SIZE]; - CK_BYTE decrypt[BIG_REQUEST + AES_BLOCK_SIZE]; - CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; + CK_BYTE *original, *crypt, *decrypt; + size_t original_size, crypt_size, decrypt_size; + CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; CK_ULONG j, k, tmp; CK_ULONG user_pin_len; CK_ULONG orig_len, crypt_len, decrypt_len; @@ -183,13 +201,27 @@ CK_RV do_EncryptDecryptUpdateAES(struct generated_test_suite_info *tsuite) CK_MECHANISM mechkey, mech; CK_OBJECT_HANDLE h_key; CK_FLAGS flags; - CK_RV rc = 0; + CK_RV rc = CKR_OK; /** begin testsuite **/ - testsuite_begin("%s Multipart Encryption/Decryption.", tsuite->name); + testsuite_begin("%s Multipart Encryption/Decryption with %u bytes", + tsuite->name, (unsigned)datasize); testcase_rw_session(); testcase_user_login(); + /* allocate buffers */ + if (datasize < AES_BLOCK_SIZE) datasize = AES_BLOCK_SIZE; + original_size = datasize; + crypt_size = datasize + AES_BLOCK_SIZE; + decrypt_size = datasize + AES_BLOCK_SIZE; + original = (CK_BYTE*) malloc(original_size); + crypt = (CK_BYTE*) malloc(crypt_size); + decrypt = (CK_BYTE*) malloc(decrypt_size); + if (!original || !crypt || !decrypt) { + fprintf(stderr, "Memory Allocation Error, aborting test run !!!\n"); + exit(1); + } + /** skip test if the slot doesn't support this mechanism **/ if (! mech_supported(slot_id, tsuite->mech.mechanism)){ testcase_skip("Slot %u doesn't support %s (%u)", @@ -215,12 +247,12 @@ CK_RV do_EncryptDecryptUpdateAES(struct generated_test_suite_info *tsuite) } /** clear buffers **/ - memset(original,0,sizeof(original)); - memset(crypt,0,sizeof(crypt)); - memset(decrypt,0,sizeof(decrypt)); + memset(original,0,original_size); + memset(crypt,0,crypt_size); + memset(decrypt,0,decrypt_size); /** generate data **/ - orig_len = sizeof(original); + orig_len = original_size; for (j=0; j < orig_len; j++) original[j] = j % 255; @@ -237,7 +269,7 @@ CK_RV do_EncryptDecryptUpdateAES(struct generated_test_suite_info *tsuite) j = k = 0; // j indexes source buffer // k indexes destination buffer - crypt_len = sizeof(crypt); + crypt_len = crypt_size; while (j < orig_len) { tmp = crypt_len - k; // room is left in mpcrypt rc = funcs->C_EncryptUpdate(session, @@ -255,7 +287,7 @@ CK_RV do_EncryptDecryptUpdateAES(struct generated_test_suite_info *tsuite) j += AES_BLOCK_SIZE; } - crypt_len = sizeof(crypt) - k; + crypt_len = crypt_size - k; rc = funcs->C_EncryptFinal(session, &crypt[k], &crypt_len); if (rc != CKR_OK) { @@ -274,7 +306,7 @@ CK_RV do_EncryptDecryptUpdateAES(struct generated_test_suite_info *tsuite) j = k = 0; // j indexes source buffer, // k indexes destination buffer - decrypt_len = sizeof(decrypt); + decrypt_len = decrypt_size; while (j < crypt_len) { tmp = decrypt_len - k; // room left in mpdecrypt rc = funcs->C_DecryptUpdate(session, @@ -291,7 +323,7 @@ CK_RV do_EncryptDecryptUpdateAES(struct generated_test_suite_info *tsuite) j += AES_BLOCK_SIZE; } - decrypt_len = sizeof(decrypt) - k; + decrypt_len = decrypt_size - k; rc = funcs->C_DecryptFinal(session, &decrypt[k], &decrypt_len); if (rc != CKR_OK) { @@ -341,29 +373,44 @@ testcase_cleanup: if (rc != CKR_OK) { testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc)); } + free(original); + free(crypt); + free(decrypt); return rc; } -CK_RV do_EncryptAES(struct published_test_suite_info *tsuite) +CK_RV do_EncryptAES(struct published_test_suite_info *tsuite, size_t datasize) { int i; - CK_BYTE actual[BIG_REQUEST]; // encryption buffer - CK_BYTE expected[BIG_REQUEST]; // encrypted data + CK_BYTE *actual, *expected; + size_t actual_size, expected_size; CK_ULONG actual_len, expected_len; CK_ULONG user_pin_len; - CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; + CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; CK_SESSION_HANDLE session; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; - CK_RV rc; + CK_RV rc = CKR_OK; CK_FLAGS flags; CK_SLOT_ID slot_id = SLOT_ID; /** begin testsuite **/ - testsuite_begin("%s Encryption.", tsuite->name); + testsuite_begin("%s Encryption with %u bytes", + tsuite->name, (unsigned)datasize); testcase_rw_session(); testcase_user_login(); + /* allocate buffers */ + if (datasize < AES_BLOCK_SIZE) datasize = AES_BLOCK_SIZE; + actual_size = datasize; + expected_size = datasize; + actual = (CK_BYTE*) malloc(actual_size); + expected = (CK_BYTE*) malloc(expected_size); + if (!actual || !expected) { + fprintf(stderr, "Memory Allocation Error, aborting test run !!!\n"); + exit(1); + } + /** skip test if the slot doesn't support this mechanism **/ if (! mech_supported(slot_id, tsuite->mech.mechanism)){ testsuite_skip(tsuite->tvcount, @@ -396,8 +443,8 @@ CK_RV do_EncryptAES(struct published_test_suite_info *tsuite) mech = tsuite->mech; /** clear buffers **/ - memset(expected, 0, sizeof(expected)); - memset(actual, 0, sizeof(actual)); + memset(expected, 0, expected_size); + memset(actual, 0, actual_size); /** get ciphertext (expected results) **/ expected_len = tsuite->tv[i].clen; @@ -465,30 +512,42 @@ testcase_cleanup: if(rc != CKR_OK) { testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc)); } + free(actual); + free(expected); return rc; } -CK_RV do_EncryptUpdateAES(struct published_test_suite_info *tsuite) +CK_RV do_EncryptUpdateAES(struct published_test_suite_info *tsuite, size_t datasize) { int i; - CK_BYTE actual[BIG_REQUEST]; // encryption buffer - CK_BYTE expected[BIG_REQUEST]; // encrypted data + CK_BYTE *actual, *expected; + size_t actual_size, expected_size; CK_ULONG actual_len, expected_len, original_len, k; CK_ULONG psize; CK_ULONG user_pin_len; - CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; + CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; CK_SESSION_HANDLE session; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; - CK_RV rc; + CK_RV rc = CKR_OK; CK_FLAGS flags; CK_SLOT_ID slot_id = SLOT_ID; - testsuite_begin("%s Multipart Encryption.", tsuite->name); + testsuite_begin("%s Multipart Encryption with %u bytes", + tsuite->name, (unsigned)datasize); testcase_rw_session(); testcase_user_login(); - rc = CKR_OK; + /* allocate buffers */ + if (datasize < AES_BLOCK_SIZE) datasize = AES_BLOCK_SIZE; + actual_size = datasize; + expected_size = datasize; + actual = (CK_BYTE*) malloc(actual_size); + expected = (CK_BYTE*) malloc(expected_size); + if (!actual || !expected) { + fprintf(stderr, "Memory Allocation Error, aborting test run !!!\n"); + exit(1); + } /** skip test if the slot doesn't support this mechanism **/ if (! mech_supported(slot_id, tsuite->mech.mechanism)){ @@ -522,8 +581,8 @@ CK_RV do_EncryptUpdateAES(struct published_test_suite_info *tsuite) mech = tsuite->mech; /** clear buffers **/ - memset(expected, 0, sizeof(expected)); - memset(actual, 0, sizeof(actual)); + memset(expected, 0, expected_size); + memset(actual, 0, actual_size); /** get ciphertext (expected results) **/ expected_len = tsuite->tv[i].clen; @@ -535,7 +594,7 @@ CK_RV do_EncryptUpdateAES(struct published_test_suite_info *tsuite) memcpy(actual, tsuite->tv[i].plaintext, actual_len); /** ecb, cbc, cfb, ctr, ofb modes all have restrictions - ** on total length of the plaintext. It is either the + ** on total length of the plaintext. It is either the ** multiple of the blocksize, s-bit-size, or none. ** Get this info to use in beloe loop. **/ @@ -580,8 +639,9 @@ CK_RV do_EncryptUpdateAES(struct published_test_suite_info *tsuite) if (actual_len != expected_len) { testcase_fail("encrypted multipart data length does " - "not match test vector's encrypted data length." "\n\nexpected length=%ld, but found length=%ld" - "\n", expected_len, actual_len); + "not match test vector's encrypted data length." + "\n\nexpected length=%ld, but found length=%ld" + "\n", expected_len, actual_len); } else if (memcmp(actual, expected, expected_len)) { @@ -614,29 +674,41 @@ testcase_cleanup: if (rc != CKR_OK){ testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc)); } + free(actual); + free(expected); return rc; } -CK_RV do_DecryptAES(struct published_test_suite_info *tsuite) +CK_RV do_DecryptAES(struct published_test_suite_info *tsuite, size_t datasize) { int i; - CK_BYTE actual[BIG_REQUEST]; // decryption buffer - CK_BYTE expected[BIG_REQUEST]; // decrypted data + CK_BYTE *actual, *expected; + size_t actual_size, expected_size; CK_ULONG actual_len, expected_len; CK_ULONG user_pin_len; - CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; + CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; CK_SESSION_HANDLE session; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; - CK_RV rc; + CK_RV rc = CKR_OK; CK_FLAGS flags; CK_SLOT_ID slot_id = SLOT_ID; - testsuite_begin("%s Decryption.", tsuite->name); + testsuite_begin("%s Decryption with %u bytes", + tsuite->name, (unsigned)datasize); testcase_rw_session(); testcase_user_login(); - rc = CKR_OK; + /* allocate buffers */ + if (datasize < AES_BLOCK_SIZE) datasize = AES_BLOCK_SIZE; + actual_size = datasize; + expected_size = datasize; + actual = (CK_BYTE*) malloc(actual_size); + expected = (CK_BYTE*) malloc(expected_size); + if (!actual || !expected) { + fprintf(stderr, "Memory Allocation Error, aborting test run !!!\n"); + exit(1); + } /** skip test if the slot doesn't support this mechanism **/ if (! mech_supported(slot_id, tsuite->mech.mechanism)){ @@ -670,8 +742,8 @@ CK_RV do_DecryptAES(struct published_test_suite_info *tsuite) mech = tsuite->mech; /** clear buffers **/ - memset(expected, 0, sizeof(expected)); - memset(actual, 0, sizeof(actual)); + memset(expected, 0, expected_size); + memset(actual, 0, actual_size); /** get plaintext (expected results) **/ expected_len = tsuite->tv[i].plen; @@ -735,32 +807,46 @@ error: testcase_cleanup: testcase_user_logout(); rc = funcs->C_CloseAllSessions(slot_id); - if (rc != CKR_OK) { - testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc)); - } - return rc; + if (rc != CKR_OK) { + testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc)); + } + free(actual); + free(expected); + return rc; } -CK_RV do_DecryptUpdateAES(struct published_test_suite_info *tsuite) +CK_RV do_DecryptUpdateAES(struct published_test_suite_info *tsuite, size_t datasize) { int i; - CK_BYTE actual[BIG_REQUEST]; // decryption buffer - CK_BYTE expected[BIG_REQUEST]; // decrypted data + CK_BYTE *actual, *expected; + size_t actual_size, expected_size; CK_ULONG actual_len, expected_len, original_len, k; CK_ULONG psize; CK_ULONG user_pin_len; - CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; + CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; CK_SESSION_HANDLE session; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; - CK_RV rc; + CK_RV rc = CKR_OK; CK_FLAGS flags; CK_SLOT_ID slot_id = SLOT_ID; - testsuite_begin("%s Multipart Decryption.", tsuite->name); + testsuite_begin("%s Multipart Decryption with %u bytes", + tsuite->name, (unsigned)datasize); testcase_rw_session(); testcase_user_login(); + /* allocate buffers */ + if (datasize < AES_BLOCK_SIZE) datasize = AES_BLOCK_SIZE; + actual_size = datasize; + expected_size = datasize; + actual = (CK_BYTE*) malloc(actual_size); + expected = (CK_BYTE*) malloc(expected_size); + if (!actual || !expected) { + fprintf(stderr, "Memory Allocation Error, aborting test run !!!\n"); + exit(1); + } + /** skip tests if the slot doesn't support this mechanism **/ if (! mech_supported(slot_id, tsuite->mech.mechanism)){ testsuite_skip(tsuite->tvcount, @@ -791,8 +877,8 @@ CK_RV do_DecryptUpdateAES(struct published_test_suite_info *tsuite) mech = tsuite->mech; /** clear buffers **/ - memset(expected, 0, sizeof(expected)); - memset(actual, 0, sizeof(actual)); + memset(expected, 0, expected_size); + memset(actual, 0, actual_size); /** get plaintext (expected results) **/ expected_len = tsuite->tv[i].plen; @@ -804,7 +890,7 @@ CK_RV do_DecryptUpdateAES(struct published_test_suite_info *tsuite) memcpy(actual, tsuite->tv[i].ciphertext, actual_len); /** ecb, cbc, cfb, ctr, ofb modes all have restrictions - ** on total length of the plaintext. It is either the + ** on total length of the plaintext. It is either the ** multiple of the blocksize, s-bit-size, or none. ** Get this info to use in beloe loop. **/ @@ -879,33 +965,34 @@ error: testcase_cleanup: testcase_user_logout(); - rc = funcs->C_CloseAllSessions(slot_id); - if (rc != CKR_OK) { - testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc)); - } - return rc; + rc = funcs->C_CloseAllSessions(slot_id); + if (rc != CKR_OK) { + testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc)); + } + free(actual); + free(expected); + return rc; } CK_RV do_WrapUnwrapAES(struct generated_test_suite_info *tsuite) { int i,j; - CK_BYTE original[BIG_REQUEST + AES_BLOCK_SIZE]; - CK_BYTE crypt[BIG_REQUEST + AES_BLOCK_SIZE]; - CK_BYTE decrypt[BIG_REQUEST + AES_BLOCK_SIZE]; - CK_BYTE wrapped_data[3 * AES_BLOCK_SIZE]; - CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; + CK_BYTE *original, *crypt, *decrypt, *wrapped; + size_t original_size, crypt_size; + size_t decrypt_size, wrapped_size; + CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; CK_SESSION_HANDLE session; CK_MECHANISM mechkey, mech; CK_OBJECT_HANDLE h_key; CK_OBJECT_HANDLE w_key; CK_OBJECT_HANDLE uw_key; - CK_ULONG wrapped_data_len; + CK_ULONG wrapped_len; CK_ULONG user_pin_len; CK_ULONG orig_len, crypt_len, decrypt_len; CK_ULONG tmpl_count = 3; CK_ULONG key_size; CK_FLAGS flags; - CK_RV rc; + CK_RV rc = CKR_OK; CK_SLOT_ID slot_id = SLOT_ID; CK_OBJECT_CLASS key_class = CKO_SECRET_KEY; CK_KEY_TYPE key_type = CKK_AES; @@ -918,6 +1005,20 @@ CK_RV do_WrapUnwrapAES(struct generated_test_suite_info *tsuite) testcase_rw_session(); testcase_user_login(); + /* allocate buffers */ + original_size = BIG_REQUEST; + crypt_size = BIG_REQUEST + AES_BLOCK_SIZE; + decrypt_size = BIG_REQUEST + AES_BLOCK_SIZE; + wrapped_size = 3 * AES_BLOCK_SIZE; + original = (CK_BYTE*) malloc(original_size); + crypt = (CK_BYTE*) malloc(crypt_size); + decrypt = (CK_BYTE*) malloc(decrypt_size); + wrapped = (CK_BYTE*) malloc(wrapped_size); + if (!original || !crypt || !decrypt || !wrapped) { + fprintf(stderr, "Memory Allocation Error, aborting test run !!!\n"); + exit(1); + } + /** skip test if the slot doesn't support this mechanism **/ if (! mech_supported(slot_id, tsuite->mech.mechanism)){ testsuite_skip(3, @@ -951,12 +1052,12 @@ CK_RV do_WrapUnwrapAES(struct generated_test_suite_info *tsuite) /** set key_size **/ key_size = key_lens[i]; - + /** clear buffers **/ - memset(original, 0, sizeof(original)); - memset(crypt, 0, sizeof(crypt)); - memset(decrypt, 0, sizeof(decrypt)); - memset(wrapped_data, 0, sizeof(wrapped_data)); + memset(original, 0, original_size); + memset(crypt, 0, crypt_size); + memset(decrypt, 0, decrypt_size); + memset(wrapped, 0, wrapped_size); /** generate crypto key **/ rc = generate_AESKey(session, key_lens[i], &mechkey, &h_key); @@ -973,9 +1074,9 @@ CK_RV do_WrapUnwrapAES(struct generated_test_suite_info *tsuite) } /** generate data **/ - orig_len = BIG_REQUEST; - crypt_len = BIG_REQUEST + AES_BLOCK_SIZE; - decrypt_len = BIG_REQUEST + AES_BLOCK_SIZE; + orig_len = original_size; + crypt_len = crypt_size; + decrypt_len = decrypt_size; for (j = 0; j < orig_len; j++) { original[j] = j % 255; } @@ -1000,14 +1101,14 @@ CK_RV do_WrapUnwrapAES(struct generated_test_suite_info *tsuite) } /** wrap key **/ - wrapped_data_len = 3 * AES_KEY_LEN; + wrapped_len = wrapped_size; rc = funcs->C_WrapKey(session, &mech, w_key, h_key, - (CK_BYTE *) &wrapped_data, - &wrapped_data_len); + wrapped, + &wrapped_len); if (rc != CKR_OK) { testcase_error("C_WrapKey rc=%s", p11_get_ckr(rc)); @@ -1018,8 +1119,8 @@ CK_RV do_WrapUnwrapAES(struct generated_test_suite_info *tsuite) rc = funcs->C_UnwrapKey(session, &mech, w_key, - wrapped_data, - wrapped_data_len, + wrapped, + wrapped_len, template, tmpl_count, &uw_key); @@ -1078,7 +1179,7 @@ CK_RV do_WrapUnwrapAES(struct generated_test_suite_info *tsuite) if (rc != CKR_OK) { testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc)); } - + rc = funcs->C_DestroyObject(session, uw_key); if (rc != CKR_OK) { testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc)); @@ -1107,6 +1208,10 @@ testcase_cleanup: if (rc != CKR_OK) { testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc)); } + free(original); + free(crypt); + free(decrypt); + free(wrapped); return rc; } @@ -1114,21 +1219,20 @@ CK_RV do_WrapUnwrapRSA(struct generated_test_suite_info *tsuite) { int i; - CK_BYTE original[BIG_REQUEST]; - CK_BYTE decipher[BIG_REQUEST + AES_BLOCK_SIZE]; - CK_BYTE cipher[BIG_REQUEST + AES_BLOCK_SIZE]; - CK_BYTE wrapped_data[BIG_REQUEST + AES_BLOCK_SIZE]; - CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; - CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01 }; + CK_BYTE *original, *decipher, *cipher, *wrapped; + size_t original_size, decipher_size; + size_t cipher_size, wrapped_size; + CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; + CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01 }; CK_MECHANISM mech, mech2; CK_MECHANISM_INFO mech_info; CK_OBJECT_HANDLE publ_key, priv_key, w_key, uw_key; CK_ULONG orig_len, cipher_len, decipher_len; CK_ULONG bits = 1024; - CK_ULONG wrapped_data_len; + CK_ULONG wrapped_len; CK_ULONG user_pin_len; CK_ULONG key_size; - CK_RV rc; + CK_RV rc = CKR_OK; CK_FLAGS flags; CK_SESSION_HANDLE session; CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY; @@ -1148,6 +1252,20 @@ CK_RV do_WrapUnwrapRSA(struct generated_test_suite_info *tsuite) testcase_rw_session(); testcase_user_login(); + /* allocate buffers */ + original_size = BIG_REQUEST; + decipher_size = BIG_REQUEST + AES_BLOCK_SIZE; + cipher_size = BIG_REQUEST + AES_BLOCK_SIZE; + wrapped_size = BIG_REQUEST + AES_BLOCK_SIZE; + original = (CK_BYTE*) malloc(original_size); + decipher = (CK_BYTE*) malloc(decipher_size); + cipher = (CK_BYTE*) malloc(cipher_size); + wrapped = (CK_BYTE*) malloc(wrapped_size); + if (!original || !decipher || !cipher || !wrapped) { + fprintf(stderr, "Memory Allocation Error, aborting test run !!!\n"); + exit(1); + } + /** skip AES_EBC/AES_CBC (only supported for symmetric keys) **/ if ((tsuite->mech.mechanism == CKM_AES_ECB) || (tsuite->mech.mechanism == CKM_AES_CBC)) { @@ -1155,7 +1273,7 @@ CK_RV do_WrapUnwrapRSA(struct generated_test_suite_info *tsuite) mech_to_str(tsuite->mech.mechanism), (unsigned int)tsuite->mech.mechanism); goto testcase_cleanup; - } + } /** skip test if the slot doesn't support this mechanism **/ if (! mech_supported(slot_id, tsuite->mech.mechanism)){ @@ -1216,7 +1334,7 @@ CK_RV do_WrapUnwrapRSA(struct generated_test_suite_info *tsuite) mech = tsuite->mech; /** wrap the key **/ - wrapped_data_len = sizeof(wrapped_data); + wrapped_len = wrapped_size; /** get mech info **/ rc = funcs->C_GetMechanismInfo(slot_id, @@ -1237,8 +1355,8 @@ CK_RV do_WrapUnwrapRSA(struct generated_test_suite_info *tsuite) &mech, w_key, priv_key, - wrapped_data, - &wrapped_data_len); + wrapped, + &wrapped_len); if (rc != CKR_OK){ testcase_error("C_WrapKey rc=%s", @@ -1250,8 +1368,8 @@ CK_RV do_WrapUnwrapRSA(struct generated_test_suite_info *tsuite) rc = funcs->C_UnwrapKey(session, &mech, w_key, - wrapped_data, - wrapped_data_len, + wrapped, + wrapped_len, uw_tmpl, 2, &uw_key); @@ -1280,7 +1398,7 @@ CK_RV do_WrapUnwrapRSA(struct generated_test_suite_info *tsuite) goto testcase_cleanup; } - cipher_len = sizeof(cipher); // set cipher buffer size + cipher_len = cipher_size; // set cipher buffer size /** do RSA encryption (with public key) **/ rc = funcs->C_Encrypt(session, @@ -1304,7 +1422,7 @@ CK_RV do_WrapUnwrapRSA(struct generated_test_suite_info *tsuite) goto testcase_cleanup; } - decipher_len = sizeof(decipher); + decipher_len = decipher_size; /** do RSA decryption (with unwrapped private key) **/ rc = funcs->C_Decrypt(session, @@ -1350,8 +1468,8 @@ CK_RV do_WrapUnwrapRSA(struct generated_test_suite_info *tsuite) &mech, w_key, priv_key, - wrapped_data, - &wrapped_data_len); + wrapped, + &wrapped_len); if (rc != CKR_MECHANISM_INVALID) { testcase_fail("Expected CKR_MECHANISM_INVALID"); @@ -1367,21 +1485,26 @@ CK_RV do_WrapUnwrapRSA(struct generated_test_suite_info *tsuite) testcase_cleanup: testcase_close_session(); + free(original); + free(decipher); + free(cipher); + free(wrapped); return rc; } CK_RV do_WrapRSA_Err(struct generated_test_suite_info *tsuite) { int i; - CK_BYTE wrapped_data[BIG_REQUEST + AES_BLOCK_SIZE]; + CK_BYTE *wrapped; + size_t wrapped_size; CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01 }; CK_MECHANISM mech, mech2; CK_MECHANISM_INFO mech_info; CK_OBJECT_HANDLE publ_key, priv_key, w_key; CK_ULONG bits = 1024; - CK_ULONG wrapped_data_len, user_pin_len, key_size; - CK_RV rc; + CK_ULONG wrapped_len, user_pin_len, key_size; + CK_RV rc = CKR_OK; CK_FLAGS flags; CK_SESSION_HANDLE session; CK_SLOT_ID slot_id = SLOT_ID; @@ -1396,6 +1519,14 @@ CK_RV do_WrapRSA_Err(struct generated_test_suite_info *tsuite) testcase_rw_session(); testcase_user_login(); + /* allocate buffers */ + wrapped_size = BIG_REQUEST + AES_BLOCK_SIZE; + wrapped = (CK_BYTE*) malloc(wrapped_size); + if (!wrapped) { + fprintf(stderr, "Memory Allocation Error, aborting test run !!!\n"); + exit(1); + } + /** skip test if the slot doesn't support this mechanism **/ if (! mech_supported(slot_id, tsuite->mech.mechanism)){ testsuite_skip(3, "Slot %u doesn't support %s (%u)", @@ -1441,7 +1572,7 @@ CK_RV do_WrapRSA_Err(struct generated_test_suite_info *tsuite) mech = tsuite->mech; /** wrap the key **/ - wrapped_data_len = sizeof(wrapped_data); + wrapped_len = wrapped_size; /** get mech info **/ rc = funcs->C_GetMechanismInfo(slot_id, mech.mechanism, &mech_info); @@ -1458,7 +1589,7 @@ CK_RV do_WrapRSA_Err(struct generated_test_suite_info *tsuite) /** wrap key **/ rc = funcs->C_WrapKey(session, &mech, w_key, priv_key, - wrapped_data, &wrapped_data_len); + wrapped, &wrapped_len); /* Expect dedicated error code here, since it's not allowed * to unwrap non secret keys with AES_ECB/AES_CBC */ @@ -1477,7 +1608,7 @@ CK_RV do_WrapRSA_Err(struct generated_test_suite_info *tsuite) /** try to wrap key **/ rc = funcs->C_WrapKey(session, &mech, w_key, priv_key, - wrapped_data, &wrapped_data_len); + wrapped, &wrapped_len); if (rc != CKR_MECHANISM_INVALID) testcase_fail("Expected CKR_MECHANISM_INVALID"); else @@ -1488,6 +1619,7 @@ CK_RV do_WrapRSA_Err(struct generated_test_suite_info *tsuite) testcase_cleanup: testcase_close_session(); + free(wrapped); return rc; } @@ -1496,15 +1628,16 @@ testcase_cleanup: CK_RV do_UnwrapRSA_Err(struct generated_test_suite_info *tsuite) { int i; - CK_BYTE wrapped_data[BIG_REQUEST + AES_BLOCK_SIZE]; + CK_BYTE *wrapped; + size_t wrapped_size; CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01 }; CK_MECHANISM mech, mech1, mech2; CK_MECHANISM_INFO mech_info; CK_OBJECT_HANDLE publ_key, priv_key, w_key, uw_key; CK_ULONG bits = 1024; - CK_ULONG wrapped_data_len, user_pin_len, key_size; - CK_RV rc; + CK_ULONG wrapped_len, user_pin_len, key_size; + CK_RV rc = CKR_OK; CK_FLAGS flags; CK_SESSION_HANDLE session; CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY; @@ -1524,6 +1657,14 @@ CK_RV do_UnwrapRSA_Err(struct generated_test_suite_info *tsuite) testcase_rw_session(); testcase_user_login(); + /* allocate buffers */ + wrapped_size = BIG_REQUEST + AES_BLOCK_SIZE; + wrapped = (CK_BYTE*) malloc(wrapped_size); + if (!wrapped) { + fprintf(stderr, "Memory Allocation Error, aborting test run !!!\n"); + exit(1); + } + /** skip test if the slot doesn't support this mechanism **/ if (! mech_supported(slot_id, tsuite->mech.mechanism)){ testsuite_skip(3, @@ -1570,7 +1711,7 @@ CK_RV do_UnwrapRSA_Err(struct generated_test_suite_info *tsuite) mech = tsuite->mech; /** wrap the key **/ - wrapped_data_len = sizeof(wrapped_data); + wrapped_len = wrapped_size; /** get mech info **/ rc = funcs->C_GetMechanismInfo(slot_id, mech.mechanism, &mech_info); @@ -1589,7 +1730,7 @@ CK_RV do_UnwrapRSA_Err(struct generated_test_suite_info *tsuite) /** wrap key **/ rc = funcs->C_WrapKey(session, &mech1, w_key, priv_key, - wrapped_data, &wrapped_data_len); + wrapped, &wrapped_len); if (rc != CKR_OK) { testcase_error("C_WrapKey rc=%s", p11_get_ckr(rc)); goto testcase_cleanup; @@ -1598,8 +1739,8 @@ CK_RV do_UnwrapRSA_Err(struct generated_test_suite_info *tsuite) testcase_new_assertion(); /** unwrap key **/ - rc = funcs->C_UnwrapKey(session, &mech, w_key, wrapped_data, - wrapped_data_len, uw_tmpl, 2, + rc = funcs->C_UnwrapKey(session, &mech, w_key, wrapped, + wrapped_len, uw_tmpl, 2, &uw_key); /* Expect dedicated error code here, since it's not allowed * to unwrap non secret keys with AES_ECB/AES_CBC */ @@ -1615,7 +1756,7 @@ CK_RV do_UnwrapRSA_Err(struct generated_test_suite_info *tsuite) /** try to wrap key **/ rc = funcs->C_WrapKey(session, &mech, w_key, priv_key, - wrapped_data, &wrapped_data_len); + wrapped, &wrapped_len); if (rc != CKR_MECHANISM_INVALID) testcase_fail("Expected CKR_MECHANISM_INVALID"); else { @@ -1627,31 +1768,35 @@ CK_RV do_UnwrapRSA_Err(struct generated_test_suite_info *tsuite) testcase_cleanup: testcase_close_session(); + free(wrapped); return rc; } CK_RV aes_funcs() { int i, generate_key; CK_RV rv = CKR_OK; + size_t datasize = BIG_REQUEST; generate_key = securekey; // true if mech requires secure key // generate keys and skip published tests + if (data_size > 0) + datasize = AES_BLOCK_SIZE * ((data_size + AES_BLOCK_SIZE -1) / AES_BLOCK_SIZE); for (i = 0; i < NUM_OF_PUBLISHED_TESTSUITES; i++) { if (!generate_key) { - rv = do_EncryptAES(&published_test_suites[i]); + rv = do_EncryptAES(&published_test_suites[i], datasize); if (rv != CKR_OK && (!no_stop)) break; - rv = do_DecryptAES(&published_test_suites[i]); + rv = do_DecryptAES(&published_test_suites[i], datasize); if (rv != CKR_OK && (!no_stop)) break; - rv = do_EncryptUpdateAES(&published_test_suites[i]); + rv = do_EncryptUpdateAES(&published_test_suites[i], datasize); if (rv != CKR_OK && (!no_stop)) break; - rv = do_DecryptUpdateAES(&published_test_suites[i]); + rv = do_DecryptUpdateAES(&published_test_suites[i], datasize); if (rv != CKR_OK && (!no_stop)) break; } @@ -1659,19 +1804,19 @@ CK_RV aes_funcs() { } for (i = 0; i < NUM_OF_GENERATED_TESTSUITES; i++) { - do_EncryptDecryptAES(&generated_test_suites[i]); + rv = do_EncryptDecryptAES(&generated_test_suites[i], datasize); if (rv != CKR_OK && (!no_stop)) break; - do_EncryptDecryptUpdateAES(&generated_test_suites[i]); + rv = do_EncryptDecryptUpdateAES(&generated_test_suites[i], datasize); if (rv != CKR_OK && (!no_stop)) break; - do_WrapUnwrapAES(&generated_test_suites[i]); + rv = do_WrapUnwrapAES(&generated_test_suites[i]); if (rv != CKR_OK && (!no_stop)) break; - do_WrapUnwrapRSA(&generated_test_suites[i]); + rv = do_WrapUnwrapRSA(&generated_test_suites[i]); if (rv != CKR_OK && (!no_stop)) break; @@ -1680,11 +1825,11 @@ CK_RV aes_funcs() { /***** Error scenarios *****/ for (i = 0; i < NUM_OF_GENERATED_ERR_TESTSUITES; i++) { - do_WrapRSA_Err(&generated_err_test_suites[i]); + rv = do_WrapRSA_Err(&generated_err_test_suites[i]); if (rv != CKR_OK && (!no_stop)) break; - do_UnwrapRSA_Err(&generated_err_test_suites[i]); + rv = do_UnwrapRSA_Err(&generated_err_test_suites[i]); if (rv != CKR_OK && (!no_stop)) break; } diff --git a/testcases/include/regress.h b/testcases/include/regress.h index 301aa56..7d4726c 100755 --- a/testcases/include/regress.h +++ b/testcases/include/regress.h @@ -87,6 +87,7 @@ CK_BBOOL skip_token_obj; CK_BBOOL no_stop; CK_BBOOL no_init; CK_BBOOL securekey; +size_t data_size; // 0 means use default (which may be BIG_REQUEST) int get_so_pin(CK_BYTE_PTR); int get_user_pin(CK_BYTE_PTR); @@ -121,12 +122,14 @@ int get_user_pin(CK_BYTE_PTR); do { \ printf("------\n* TESTCASE %s BEGIN " _fmt "\n", \ __func__, ## __VA_ARGS__); \ + gettimeofday(&timev1, NULL); \ } while (0) #define testcase_begin_f(_func, _fmt, ...) \ do { \ printf("------\n* TESTCASE %s BEGIN " _fmt "\n", \ _func, ## __VA_ARGS__); \ + gettimeofday(&timev1, NULL); \ } while (0) #define testcase_new_assertion() \ -- 1.7.9.5 ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Opencryptoki-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
