Hi Harald, Merged.
Thanks, Vineetha From: Harald Freudenberger <[email protected]> To: [email protected] Cc: Joy Latten/Austin/IBM@IBMUS, Vineetha Pisharath hari pai/Poughkeepsie/IBM@IBMUS, Harald Freudenberger <[email protected]> Date: 12/10/2015 09:39 AM Subject: [PATCH] Fix failure of the EP11 token on tok_des testcase. Simple DES is not supported by the EP11 token. However, the tok_des testcase tried to create an secret key without any checking. Now this test does check for availability of the key generation mechanism and if not skips the generation and verification. Also the printout of the VALUE attribute is skipped on secret keys - it does not make sense (on CCA a dummy value is held, but the EP11 token has a VALUE attribute with size zero causing the value check to fail). Signed-off-by: Harald Freudenberger <[email protected]> --- testcases/misc_tests/tok_des.c | 87 +++++++++++++++++++++++++ +-------------- 1 file changed, 58 insertions(+), 29 deletions(-) diff --git a/testcases/misc_tests/tok_des.c b/testcases/misc_tests/tok_des.c index 3e8abdd..8f530ad 100644 --- a/testcases/misc_tests/tok_des.c +++ b/testcases/misc_tests/tok_des.c @@ -14,6 +14,7 @@ #include "pkcs11types.h" #include "regress.h" +#include "common.c" int do_GetFunctionList(void); @@ -71,21 +72,31 @@ do_VerifyTokenSymKey(CK_SESSION_HANDLE sess, CK_BYTE *label) tmpl[0].pValue = value; - rv = funcs->C_GetAttributeValue(sess, obj_handles [i], tmpl, 1); - if (rv != CKR_OK) { - show_error(" C_GetAttributeValue", rv ); - return rv; - } + if (is_ep11_token(SLOT_ID) || is_cca_token (SLOT_ID)) { - /* The public exponent is element 0 and modulus is element 1 */ - if (tmpl[0].ulValueLen > 256 || tmpl[0].ulValueLen < 8) { - PRINT_ERR("secret key value (%lu) OOB!", - tmpl[0].ulValueLen); - return CKR_FUNCTION_FAILED; - } + /* + * Secure key, there is no value or just a dummy + * value attribute. So skip processing the value. + */ + + } else { + + rv = funcs->C_GetAttributeValue(sess, obj_handles[i], tmpl, 1); + if (rv != CKR_OK) { + show_error(" C_GetAttributeValue", rv ); + return rv; + } - printf("%lu byte secret key found.\nValue:\n", tmpl[0].ulValueLen); - print_hex(tmpl[0].pValue, tmpl[0].ulValueLen); + if (tmpl[0].ulValueLen > 256 || tmpl [0].ulValueLen < 8) { + PRINT_ERR("secret key value (%lu) OOB!", + tmpl [0].ulValueLen); + return CKR_FUNCTION_FAILED; + } + + printf("%lu byte secret key found.\nValue:\n", tmpl[0].ulValueLen); + print_hex(tmpl[0].pValue, tmpl [0].ulValueLen); + + } rv = funcs->C_DestroyObject(sess, obj_handles[i]); if (rv != CKR_OK) { @@ -203,16 +214,26 @@ main( int argc, char **argv ) return rv; } - rv = do_GenerateTokenSymKey(session, des_label, CKM_DES_KEY_GEN); - if (rv != CKR_OK) { - show_error("do_GenerateTokenRSAKeyPair(512)", rv); - return -1; + if (mech_supported(slot_id, CKM_DES_KEY_GEN)) { + rv = do_GenerateTokenSymKey(session, des_label, CKM_DES_KEY_GEN); + if (rv != CKR_OK) { + show_error("do_GenerateTokenSymKey (CKM_DES_KEY_GEN)", rv); + return -1; + } + } else { + testcase_skip("GenerateTokenSymKey (...DES_KEY_GEN)"); + des_label[0] = 0; } - rv = do_GenerateTokenSymKey(session, tdes_label, CKM_DES3_KEY_GEN); - if (rv != CKR_OK) { - show_error("do_GenerateTokenRSAKeyPair(512)", rv); - return -1; + if (mech_supported(slot_id, CKM_DES3_KEY_GEN)) { + rv = do_GenerateTokenSymKey(session, tdes_label, CKM_DES3_KEY_GEN); + if (rv != CKR_OK) { + show_error("do_GenerateTokenSymKey (CKM_DES3_KEY_GEN)", rv); + return -1; + } + } else { + testcase_skip("GenerateTokenSymKey (...DES3_KEY_GEN)"); + tdes_label[0] = 0; } rv = funcs->C_CloseSession( session ); @@ -248,16 +269,24 @@ main( int argc, char **argv ) goto close_session; } - rv = do_VerifyTokenSymKey(session, des_label); - if (rv != CKR_OK) { - show_error("do_VerifyTokenRSAKeyPair(512)", rv); - goto close_session; + if (des_label[0]) { + rv = do_VerifyTokenSymKey(session, des_label); + if (rv != CKR_OK) { + show_error("do_VerifyTokenSymKey (...DES...)", rv); + goto close_session; + } + } else { + testcase_skip("VerifyTokenSymKey(...DES_KEY...)"); } - rv = do_VerifyTokenSymKey(session, tdes_label); - if (rv != CKR_OK) { - show_error("do_VerifyTokenRSAKeyPair(1024)", rv); - goto close_session; + if (tdes_label[0]) { + rv = do_VerifyTokenSymKey(session, tdes_label); + if (rv != CKR_OK) { + show_error("do_VerifyTokenSymKey (...DES3...)", rv); + goto close_session; + } + } else { + testcase_skip("VerifyTokenSymKey (...DES3_KEY...)"); } close_session: -- 1.7.9.5
------------------------------------------------------------------------------
_______________________________________________ Opencryptoki-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
