rpms/opencryptoki
7
0
Fork 0
Code Issues Pull Requests Releases Activity
86274e8523
opencryptoki/opencryptoki-openssl3-ecf71404e84ae35931cd6c7398c825378ee052b6.patch

854 lines
41 KiB
Diff
Raw Normal View History

Resolves: #1989138, Support for OpenSSL 3.0
2021-08-23 11:00:44 +00:00
commit ecf71404e84ae35931cd6c7398c825378ee052b6
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Fri Jul 2 11:20:22 2021 +0200
TESTCASES: Soft: Skip tests with RSA publ.exp. not supported by OpenSSL
OpenSSL 3.0 only accepts public exponents of 3 and 65537 for RSA keys.
Skip the testcase if another public exponent is used.
Also fixed some ugly line breaks within messages.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/testcases/common/common.c b/testcases/common/common.c
index bfd486cb..0a64ecf2 100644
--- a/testcases/common/common.c
+++ b/testcases/common/common.c
@@ -876,6 +876,16 @@ int is_valid_cca_pubexp(CK_BYTE pubexp[], CK_ULONG pubexp_len)
|| (pubexp_len == 3 && (!memcmp(pubexp, exp65537, 3)));
}
+/** Returns true if pubexp is valid for Soft Tokens **/
+int is_valid_soft_pubexp(CK_BYTE pubexp[], CK_ULONG pubexp_len)
+{
+ CK_BYTE exp3[] = { 0x03 }; // 3
+ CK_BYTE exp65537[] = { 0x01, 0x00, 0x01 }; // 65537
+
+ return (pubexp_len == 1 && (!memcmp(pubexp, exp3, 1)))
+ || (pubexp_len == 3 && (!memcmp(pubexp, exp65537, 3)));
+}
+
/** Returns true if slot_id is an ICSF token
** ICSF token info is not necessarily hard-coded like the other tokens
** so there is no single identifying attribute. So, instead just
diff --git a/testcases/crypto/rsa_func.c b/testcases/crypto/rsa_func.c
index 62aa7a76..8739ed37 100644
--- a/testcases/crypto/rsa_func.c
+++ b/testcases/crypto/rsa_func.c
@@ -102,8 +102,8 @@ CK_RV do_EncryptDecryptRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
if (!keysize_supported(slot_id, tsuite->mech.mechanism,
tsuite->tv[i].modbits)) {
- testcase_skip("Token in slot %ld cannot be used with "
- "modbits.='%ld'", SLOT_ID, tsuite->tv[i].modbits);
+ testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'",
+ SLOT_ID, tsuite->tv[i].modbits);
free(s);
continue;
}
@@ -111,8 +111,7 @@ CK_RV do_EncryptDecryptRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
if (is_ep11_token(slot_id)) {
if (!is_valid_ep11_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len)) {
- testcase_skip("EP11 Token cannot "
- "be used with publ_exp.='%s'", s);
+ testcase_skip("EP11 Token cannot be used with publ_exp.='%s'", s);
free(s);
continue;
}
@@ -124,8 +123,7 @@ CK_RV do_EncryptDecryptRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
if (is_cca_token(slot_id)) {
if (!is_valid_cca_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len)) {
- testcase_skip("CCA Token cannot "
- "be used with publ_exp.='%s'", s);
+ testcase_skip("CCA Token cannot be used with publ_exp.='%s'", s);
free(s);
continue;
}
@@ -148,6 +146,16 @@ CK_RV do_EncryptDecryptRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
continue;
}
}
+
+ if (is_soft_token(slot_id)) {
+ if (!is_valid_soft_pubexp(tsuite->tv[i].publ_exp,
+ tsuite->tv[i].publ_exp_len)) {
+ testcase_skip("Soft Token cannot be used with publ_exp.='%s'",
+ s);
+ free(s);
+ continue;
+ }
+ }
// tpm special cases:
// tpm token can only use public exponent 0x010001 (65537)
// so skip test if invalid public exponent is used
@@ -155,8 +163,7 @@ CK_RV do_EncryptDecryptRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
if ((!is_valid_tpm_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len))
|| (!is_valid_tpm_modbits(tsuite->tv[i].modbits))) {
- testcase_skip("TPM Token cannot " "be used with publ_exp.='%s'",
- s);
+ testcase_skip("TPM Token cannot be used with publ_exp.='%s'", s);
free(s);
continue;
}
@@ -166,8 +173,7 @@ CK_RV do_EncryptDecryptRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
if (!is_valid_icsf_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len) ||
(tsuite->tv[i].modbits < 1024)) {
- testcase_skip("ICSF Token cannot be used with "
- "publ_exp='%s'.", s);
+ testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s);
free(s);
continue;
}
@@ -376,8 +382,8 @@ CK_RV do_EncryptDecryptImportRSA(struct PUBLISHED_TEST_SUITE_INFO *tsuite)
if (!keysize_supported(slot_id, tsuite->mech.mechanism,
tsuite->tv[i].mod_len * 8)) {
- testcase_skip("Token in slot %ld cannot be used with "
- "modbits.='%ld'", SLOT_ID, tsuite->tv[i].mod_len * 8);
+ testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'",
+ SLOT_ID, tsuite->tv[i].mod_len * 8);
free(s);
continue;
}
@@ -385,16 +391,14 @@ CK_RV do_EncryptDecryptImportRSA(struct PUBLISHED_TEST_SUITE_INFO *tsuite)
if (is_ep11_token(slot_id)) {
if (!is_valid_ep11_pubexp(tsuite->tv[i].pub_exp,
tsuite->tv[i].pubexp_len)) {
- testcase_skip("EP11 Token cannot "
- "be used with publ_exp.='%s'", s);
+ testcase_skip("EP11 Token cannot be used with publ_exp.='%s'", s);
free(s);
continue;
}
// modulus length must be multiple of 128 byte
// skip test if modulus length has unsuported size
if ((tsuite->tv[i].mod_len % 128) != 0) {
- testcase_skip("EP11 Token cannot be used with "
- "this test vector.");
+ testcase_skip("EP11 Token cannot be used with this test vector.");
free(s);
continue;
}
@@ -416,8 +420,7 @@ CK_RV do_EncryptDecryptImportRSA(struct PUBLISHED_TEST_SUITE_INFO *tsuite)
(tsuite->tv[i].exp2_len >
(tsuite->tv[i].mod_len / 2)) ||
(tsuite->tv[i].coef_len > (tsuite->tv[i].mod_len / 2))) {
- testcase_skip("ICA Token cannot be used with "
- "this test vector.");
+ testcase_skip("ICA Token cannot be used with this test vector.");
free(s);
continue;
}
@@ -431,12 +434,21 @@ CK_RV do_EncryptDecryptImportRSA(struct PUBLISHED_TEST_SUITE_INFO *tsuite)
if (is_cca_token(slot_id)) {
if (!is_valid_cca_pubexp(tsuite->tv[i].pub_exp,
tsuite->tv[i].pubexp_len)) {
- testcase_skip("CCA Token cannot "
- "be used with publ_exp.='%s'", s);
+ testcase_skip("CCA Token cannot be used with publ_exp.='%s'", s);
+ free(s);
+ continue;
+ }
+ }
+
+ if (is_soft_token(slot_id)) {
+ if (!is_valid_soft_pubexp(tsuite->tv[i].pub_exp,
+ tsuite->tv[i].pubexp_len)) {
+ testcase_skip("Soft Token cannot be used with publ_exp.='%s'", s);
free(s);
continue;
}
}
+
// tpm special cases:
// tpm token can only use public exponent 0x010001 (65537)
// so skip test if invalid public exponent is used
@@ -444,8 +456,7 @@ CK_RV do_EncryptDecryptImportRSA(struct PUBLISHED_TEST_SUITE_INFO *tsuite)
if ((!is_valid_tpm_pubexp(tsuite->tv[i].pub_exp,
tsuite->tv[i].pubexp_len))
|| (!is_valid_tpm_modbits(tsuite->tv[i].mod_len * 8))) {
- testcase_skip("TPM Token cannot " "be used with publ_exp.='%s'",
- s);
+ testcase_skip("TPM Token cannot be used with publ_exp.='%s'", s);
free(s);
continue;
}
@@ -455,8 +466,7 @@ CK_RV do_EncryptDecryptImportRSA(struct PUBLISHED_TEST_SUITE_INFO *tsuite)
if (!is_valid_icsf_pubexp(tsuite->tv[i].pub_exp,
tsuite->tv[i].pubexp_len) ||
(tsuite->tv[i].mod_len * 8 < 1024)) {
- testcase_skip("ICSF Token cannot be used with "
- "publ_exp='%s'.", s);
+ testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s);
free(s);
continue;
}
@@ -691,8 +701,8 @@ CK_RV do_SignVerifyRSA(struct GENERATED_TEST_SUITE_INFO * tsuite,
if (!keysize_supported(slot_id, tsuite->mech.mechanism,
tsuite->tv[i].modbits)) {
- testcase_skip("Token in slot %ld cannot be used with "
- "modbits.='%ld'", SLOT_ID, tsuite->tv[i].modbits);
+ testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'",
+ SLOT_ID, tsuite->tv[i].modbits);
free(s);
continue;
}
@@ -700,8 +710,7 @@ CK_RV do_SignVerifyRSA(struct GENERATED_TEST_SUITE_INFO * tsuite,
if (is_ep11_token(slot_id)) {
if (!is_valid_ep11_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len)) {
- testcase_skip("EP11 Token cannot "
- "be used with publ_exp.='%s'", s);
+ testcase_skip("EP11 Token cannot be used with publ_exp.='%s'", s);
free(s);
continue;
}
@@ -710,8 +719,16 @@ CK_RV do_SignVerifyRSA(struct GENERATED_TEST_SUITE_INFO * tsuite,
if (is_cca_token(slot_id)) {
if (!is_valid_cca_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len)) {
- testcase_skip("CCA Token cannot "
- "be used with publ_exp='%s'.", s);
+ testcase_skip("CCA Token cannot be used with publ_exp='%s'.", s);
+ free(s);
+ continue;
+ }
+ }
+
+ if (is_soft_token(slot_id)) {
+ if (!is_valid_soft_pubexp(tsuite->tv[i].publ_exp,
+ tsuite->tv[i].publ_exp_len)) {
+ testcase_skip("Soft Token cannot be used with publ_exp='%s'.", s);
free(s);
continue;
}
@@ -721,8 +738,7 @@ CK_RV do_SignVerifyRSA(struct GENERATED_TEST_SUITE_INFO * tsuite,
if ((!is_valid_tpm_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len))
|| (!is_valid_tpm_modbits(tsuite->tv[i].modbits))) {
- testcase_skip("TPM Token cannot " "be used with publ_exp='%s'.",
- s);
+ testcase_skip("TPM Token cannot be used with publ_exp='%s'.", s);
free(s);
continue;
}
@@ -732,8 +748,7 @@ CK_RV do_SignVerifyRSA(struct GENERATED_TEST_SUITE_INFO * tsuite,
if (!is_valid_icsf_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len) ||
(tsuite->tv[i].modbits < 1024)) {
- testcase_skip("ICSF Token cannot be used with "
- "publ_exp='%s'.", s);
+ testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s);
free(s);
continue;
}
@@ -944,16 +959,23 @@ CK_RV do_SignVerify_RSAPSS(struct GENERATED_TEST_SUITE_INFO * tsuite)
if (!keysize_supported(slot_id, tsuite->mech.mechanism,
tsuite->tv[i].modbits)) {
- testcase_skip("Token in slot %ld cannot be used with "
- "modbits.='%ld'", SLOT_ID, tsuite->tv[i].modbits);
+ testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'",
+ SLOT_ID, tsuite->tv[i].modbits);
free(s);
continue;
}
if (is_cca_token(slot_id)) {
if (!is_valid_cca_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len)) {
- testcase_skip("CCA Token cannot "
- "be used with publ_exp='%s'.", s);
+ testcase_skip("CCA Token cannot be used with publ_exp='%s'.", s);
+ free(s);
+ continue;
+ }
+ }
+ if (is_soft_token(slot_id)) {
+ if (!is_valid_soft_pubexp(tsuite->tv[i].publ_exp,
+ tsuite->tv[i].publ_exp_len)) {
+ testcase_skip("Soft Token cannot be used with publ_exp='%s'.", s);
free(s);
continue;
}
@@ -1154,8 +1176,8 @@ CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO * tsuite)
if (!keysize_supported(slot_id, tsuite->mech.mechanism,
tsuite->tv[i].modbits)) {
- testcase_skip("Token in slot %ld cannot be used with "
- "modbits.='%ld'", SLOT_ID, tsuite->tv[i].modbits);
+ testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'",
+ SLOT_ID, tsuite->tv[i].modbits);
continue;
}
// get public exponent from test vector
@@ -1169,8 +1191,7 @@ CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO * tsuite)
if (is_ep11_token(slot_id)) {
if (!is_valid_ep11_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len)) {
- testcase_skip("EP11 Token cannot "
- "be used with publ_exp.='%s'", s);
+ testcase_skip("EP11 Token cannot be used with publ_exp.='%s'", s);
free(s);
continue;
}
@@ -1179,8 +1200,7 @@ CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO * tsuite)
if (!is_valid_icsf_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len) ||
(tsuite->tv[i].modbits < 1024)) {
- testcase_skip("ICSF Token cannot be used with "
- "publ_exp='%s'.", s);
+ testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s);
free(s);
continue;
}
@@ -1189,8 +1209,7 @@ CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO * tsuite)
if ((!is_valid_tpm_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len)) ||
(!is_valid_tpm_modbits(tsuite->tv[i].modbits))) {
- testcase_skip("TPM Token cannot " "be used with publ_exp.='%s'",
- s);
+ testcase_skip("TPM Token cannot be used with publ_exp.='%s'", s);
free(s);
continue;
}
@@ -1198,8 +1217,7 @@ CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO * tsuite)
if (is_cca_token(slot_id)) {
if (!is_valid_cca_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len)) {
- testcase_skip("CCA Token cannot "
- "be used with publ_exp='%s'.", s);
+ testcase_skip("CCA Token cannot be used with publ_exp='%s'.", s);
free(s);
continue;
}
@@ -1228,6 +1246,14 @@ CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO * tsuite)
continue;
}
}
+ if (is_soft_token(slot_id)) {
+ if (!is_valid_soft_pubexp(tsuite->tv[i].publ_exp,
+ tsuite->tv[i].publ_exp_len)) {
+ testcase_skip("Soft Token cannot be used with publ_exp='%s'.", s);
+ free(s);
+ continue;
+ }
+ }
// begin test
testcase_begin("%s Wrap Unwrap with test vector %d, "
@@ -1554,8 +1580,7 @@ CK_RV do_SignRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite)
(tsuite->tv[i].exp2_len >
(tsuite->tv[i].mod_len / 2)) ||
(tsuite->tv[i].coef_len > (tsuite->tv[i].mod_len / 2))) {
- testcase_skip("ICA Token cannot be used with "
- "this test vector.");
+ testcase_skip("ICA Token cannot be used with this test vector.");
continue;
}
@@ -1565,8 +1590,7 @@ CK_RV do_SignRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite)
// skip test if modulus length has unsuported size
if (is_ep11_token(slot_id)) {
if ((tsuite->tv[i].mod_len % 128) != 0) {
- testcase_skip("EP11 Token cannot be used with "
- "this test vector.");
+ testcase_skip("EP11 Token cannot be used with this test vector.");
continue;
}
}
@@ -1575,8 +1599,7 @@ CK_RV do_SignRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite)
if ((!is_valid_tpm_pubexp(tsuite->tv[i].pub_exp,
tsuite->tv[i].pubexp_len))
|| (!is_valid_tpm_modbits(tsuite->tv[i].mod_len))) {
- testcase_skip("TPM Token cannot "
- "be used with this test vector.");
+ testcase_skip("TPM Token cannot be used with this test vector.");
continue;
}
}
@@ -1584,8 +1607,15 @@ CK_RV do_SignRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite)
if (is_cca_token(slot_id)) {
if (!is_valid_cca_pubexp(tsuite->tv[i].pub_exp,
tsuite->tv[i].pubexp_len)) {
- testcase_skip("CCA Token cannot "
- "be used with this test vector.");
+ testcase_skip("CCA Token cannot be used with this test vector.");
+ continue;
+ }
+ }
+
+ if (is_soft_token(slot_id)) {
+ if (!is_valid_soft_pubexp(tsuite->tv[i].pub_exp,
+ tsuite->tv[i].pubexp_len)) {
+ testcase_skip("Soft Token cannot be used with this test vector.");
continue;
}
}
@@ -1735,8 +1765,7 @@ CK_RV do_VerifyRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite)
// skip test if modulus length has unsuported size
if (is_ep11_token(slot_id)) {
if ((tsuite->tv[i].mod_len % 128) != 0) {
- testcase_skip("EP11 Token cannot be used with "
- "this test vector.");
+ testcase_skip("EP11 Token cannot be used with this test vector.");
continue;
}
}
@@ -1745,8 +1774,7 @@ CK_RV do_VerifyRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite)
if ((!is_valid_tpm_pubexp(tsuite->tv[i].pub_exp,
tsuite->tv[i].pubexp_len))
|| (!is_valid_tpm_modbits(tsuite->tv[i].mod_len))) {
- testcase_skip("TPM Token cannot "
- "be used with this test vector.");
+ testcase_skip("TPM Token cannot be used with this test vector.");
continue;
}
}
@@ -1754,8 +1782,15 @@ CK_RV do_VerifyRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite)
if (is_cca_token(slot_id)) {
if (!is_valid_cca_pubexp(tsuite->tv[i].pub_exp,
tsuite->tv[i].pubexp_len)) {
- testcase_skip("CCA Token cannot "
- "be used with this test vector.");
+ testcase_skip("CCA Token cannot be used with this test vector.");
+ continue;
+ }
+ }
+
+ if (is_soft_token(slot_id)) {
+ if (!is_valid_soft_pubexp(tsuite->tv[i].pub_exp,
+ tsuite->tv[i].pubexp_len)) {
+ testcase_skip("Soft Token cannot be used with this test vector.");
continue;
}
}
diff --git a/testcases/crypto/rsaupdate_func.c b/testcases/crypto/rsaupdate_func.c
index 20611b85..22f8d7e4 100644
--- a/testcases/crypto/rsaupdate_func.c
+++ b/testcases/crypto/rsaupdate_func.c
@@ -96,8 +96,8 @@ CK_RV do_SignVerifyUpdateRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
if (!keysize_supported(slot_id, tsuite->mech.mechanism,
tsuite->tv[i].modbits)) {
- testcase_skip("Token in slot %ld cannot be used with "
- "modbits.='%ld'", SLOT_ID, tsuite->tv[i].modbits);
+ testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'",
+ SLOT_ID, tsuite->tv[i].modbits);
free(s);
continue;
}
@@ -105,8 +105,7 @@ CK_RV do_SignVerifyUpdateRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
if (is_ep11_token(slot_id)) {
if (!is_valid_ep11_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len)) {
- testcase_skip("EP11 Token cannot "
- "be used with publ_exp.='%s'", s);
+ testcase_skip("EP11 Token cannot be used with publ_exp.='%s'", s);
free(s);
continue;
}
@@ -115,19 +114,27 @@ CK_RV do_SignVerifyUpdateRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
if (is_cca_token(slot_id)) {
if (!is_valid_cca_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len)) {
- testcase_skip("CCA Token cannot "
- "be used with publ_exp='%s'.", s);
+ testcase_skip("CCA Token cannot be used with publ_exp='%s'.", s);
free(s);
continue;
}
}
+ if (is_soft_token(slot_id)) {
+ if (!is_valid_soft_pubexp(tsuite->tv[i].publ_exp,
+ tsuite->tv[i].publ_exp_len)) {
+ testcase_skip("Soft Token cannot be used with publ_exp='%s'.", s);
+ free(s);
+ continue;
+ }
+ }
+
+
if (is_tpm_token(slot_id)) {
if ((!is_valid_tpm_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len))
|| (!is_valid_tpm_modbits(tsuite->tv[i].modbits))) {
- testcase_skip("TPM Token cannot " "be used with publ_exp='%s'.",
- s);
+ testcase_skip("TPM Token cannot be used with publ_exp='%s'.", s);
free(s);
continue;
}
@@ -137,8 +144,7 @@ CK_RV do_SignVerifyUpdateRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
if (!is_valid_icsf_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len) ||
(tsuite->tv[i].modbits < 1024)) {
- testcase_skip("ICSF Token cannot "
- "be used with publ_exp='%s'.", s);
+ testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s);
free(s);
continue;
}
@@ -162,8 +168,7 @@ CK_RV do_SignVerifyUpdateRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
tsuite->tv[i].publ_exp_len,
&publ_key, &priv_key);
if (rc != CKR_OK) {
- testcase_error("generate_RSA_PKCS_KeyPair(), "
- "rc=%s", p11_get_ckr(rc));
+ testcase_error("generate_RSA_PKCS_KeyPair(), rc=%s", p11_get_ckr(rc));
goto testcase_cleanup;
}
@@ -367,8 +372,8 @@ CK_RV do_SignVerifyUpdate_RSAPSS(struct GENERATED_TEST_SUITE_INFO * tsuite)
if (!keysize_supported(slot_id, tsuite->mech.mechanism,
tsuite->tv[i].modbits)) {
- testcase_skip("Token in slot %ld cannot be used with "
- "modbits.='%ld'", SLOT_ID, tsuite->tv[i].modbits);
+ testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'",
+ SLOT_ID, tsuite->tv[i].modbits);
free(s);
continue;
}
@@ -376,8 +381,7 @@ CK_RV do_SignVerifyUpdate_RSAPSS(struct GENERATED_TEST_SUITE_INFO * tsuite)
if (is_ep11_token(slot_id)) {
if (!is_valid_ep11_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len)) {
- testcase_skip("EP11 Token cannot "
- "be used with publ_exp.='%s'", s);
+ testcase_skip("EP11 Token cannot be used with publ_exp.='%s'", s);
free(s);
continue;
}
@@ -386,8 +390,16 @@ CK_RV do_SignVerifyUpdate_RSAPSS(struct GENERATED_TEST_SUITE_INFO * tsuite)
if (is_cca_token(slot_id)) {
if (!is_valid_cca_pubexp(tsuite->tv[i].publ_exp,
tsuite->tv[i].publ_exp_len)) {
- testcase_skip("CCA Token cannot "
- "be used with publ_exp='%s'.", s);
+ testcase_skip("CCA Token cannot be used with publ_exp='%s'.", s);
+ free(s);
+ continue;
+ }
+ }
+
+ if (is_soft_token(slot_id)) {
+ if (!is_valid_soft_pubexp(tsuite->tv[i].publ_exp,
+ tsuite->tv[i].publ_exp_len)) {
+ testcase_skip("Soft Token cannot be used with publ_exp='%s'.", s);
free(s);
continue;
}
@@ -412,8 +424,7 @@ CK_RV do_SignVerifyUpdate_RSAPSS(struct GENERATED_TEST_SUITE_INFO * tsuite)
tsuite->tv[i].publ_exp_len,
&publ_key, &priv_key);
if (rc != CKR_OK) {
- testcase_error("generate_RSA_PKCS_KeyPair(), "
- "rc=%s", p11_get_ckr(rc));
+ testcase_error("generate_RSA_PKCS_KeyPair(), rc=%s", p11_get_ckr(rc));
goto error;
}
// generate message
@@ -639,8 +650,7 @@ CK_RV do_VerifyUpdateRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite)
if (is_ep11_token(slot_id)) {
if (!is_valid_ep11_pubexp(tsuite->tv[i].pub_exp,
tsuite->tv[i].pubexp_len)) {
- testcase_skip("EP11 Token cannot "
- "be used with pub_exp.='%s'", s);
+ testcase_skip("EP11 Token cannot be used with pub_exp.='%s'", s);
free(s);
continue;
}
@@ -650,8 +660,7 @@ CK_RV do_VerifyUpdateRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite)
if ((!is_valid_tpm_pubexp(tsuite->tv[i].pub_exp,
tsuite->tv[i].pubexp_len)) ||
(!is_valid_tpm_modbits(tsuite->tv[i].mod_len))) {
- testcase_skip("TPM Token cannot "
- "be used with pub_exp='%s'.", s);
+ testcase_skip("TPM Token cannot be used with pub_exp='%s'.", s);
free(s);
continue;
}
@@ -660,8 +669,16 @@ CK_RV do_VerifyUpdateRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite)
if (is_cca_token(slot_id)) {
if (!is_valid_cca_pubexp(tsuite->tv[i].pub_exp,
tsuite->tv[i].pubexp_len)) {
- testcase_skip("CCA Token cannot "
- "be used with publ_exp='%s'.", s);
+ testcase_skip("CCA Token cannot be used with publ_exp='%s'.", s);
+ free(s);
+ continue;
+ }
+ }
+
+ if (is_soft_token(slot_id)) {
+ if (!is_valid_soft_pubexp(tsuite->tv[i].pub_exp,
+ tsuite->tv[i].pubexp_len)) {
+ testcase_skip("Soft Token cannot be used with publ_exp='%s'.", s);
free(s);
continue;
}
@@ -826,8 +843,7 @@ CK_RV do_SignUpdateRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite)
(tsuite->tv[i].exp2_len >
(tsuite->tv[i].mod_len / 2)) ||
(tsuite->tv[i].coef_len > (tsuite->tv[i].mod_len / 2))) {
- testcase_skip("ICA Token cannot be used with "
- "this test vector.");
+ testcase_skip("ICA Token cannot be used with this test vector.");
free(s);
continue;
}
@@ -848,8 +864,7 @@ CK_RV do_SignUpdateRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite)
if (is_ep11_token(slot_id)) {
if (!is_valid_ep11_pubexp(tsuite->tv[i].pub_exp,
tsuite->tv[i].pubexp_len)) {
- testcase_skip("EP11 Token cannot "
- "be used with publ_exp.='%s'", s);
+ testcase_skip("EP11 Token cannot be used with publ_exp.='%s'", s);
free(s);
continue;
}
@@ -859,8 +874,7 @@ CK_RV do_SignUpdateRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite)
if ((!is_valid_tpm_pubexp(tsuite->tv[i].pub_exp,
tsuite->tv[i].pubexp_len)) ||
(!is_valid_tpm_modbits(tsuite->tv[i].mod_len))) {
- testcase_skip("TPM Token cannot "
- "be used with pub_exp='%s'.", s);
+ testcase_skip("TPM Token cannot be used with pub_exp='%s'.", s);
free(s);
continue;
}
@@ -869,8 +883,16 @@ CK_RV do_SignUpdateRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite)
if (is_cca_token(slot_id)) {
if (!is_valid_cca_pubexp(tsuite->tv[i].pub_exp,
tsuite->tv[i].pubexp_len)) {
- testcase_skip("CCA Token cannot "
- "be used with publ_exp='%s'.", s);
+ testcase_skip("CCA Token cannot be used with publ_exp='%s'.", s);
+ free(s);
+ continue;
+ }
+ }
+
+ if (is_soft_token(slot_id)) {
+ if (!is_valid_soft_pubexp(tsuite->tv[i].pub_exp,
+ tsuite->tv[i].pubexp_len)) {
+ testcase_skip("Soft Token cannot be used with publ_exp='%s'.", s);
free(s);
continue;
}
diff --git a/testcases/misc_tests/reencrypt.c b/testcases/misc_tests/reencrypt.c
index a78e1f5a..93fa31bd 100644
--- a/testcases/misc_tests/reencrypt.c
+++ b/testcases/misc_tests/reencrypt.c
@@ -361,24 +361,29 @@ CK_RV do_reencrypt(struct mech_info *mech1, struct mech_info *mech2)
if (!keysize_supported(slot_id, mech2->key_gen_mech.mechanism,
mech2->rsa_modbits)) {
- testcase_skip("Token in slot %ld cannot be used with "
- "modbits.='%ld'", slot_id, mech2->rsa_modbits);
+ testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'",
+ slot_id, mech2->rsa_modbits);
goto testcase_cleanup;
}
if (is_ep11_token(slot_id)) {
if (!is_valid_ep11_pubexp(mech2->rsa_publ_exp,
mech2->rsa_publ_exp_len)) {
- testcase_skip("EP11 Token in cannot be used with "
- "publ_exp.='%s'", s);
+ testcase_skip("EP11 Token in cannot be used with publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
if (is_cca_token(slot_id)) {
if (!is_valid_cca_pubexp(mech2->rsa_publ_exp,
mech2->rsa_publ_exp_len)) {
- testcase_skip("CCA Token in cannot be used with "
- " publ_exp.='%s'", s);
+ testcase_skip("CCA Token in cannot be used with publ_exp.='%s'", s);
+ goto testcase_cleanup;
+ }
+ }
+ if (is_soft_token(slot_id)) {
+ if (!is_valid_soft_pubexp(mech2->rsa_publ_exp,
+ mech2->rsa_publ_exp_len)) {
+ testcase_skip("Soft Token in cannot be used with publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
@@ -386,8 +391,7 @@ CK_RV do_reencrypt(struct mech_info *mech1, struct mech_info *mech2)
if (!is_valid_tpm_pubexp(mech2->rsa_publ_exp,
mech2->rsa_publ_exp_len) ||
!is_valid_tpm_modbits(mech2->rsa_modbits)) {
- testcase_skip("TPM Token cannot be used with "
- "publ_exp.='%s'", s);
+ testcase_skip("TPM Token cannot be used with publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
@@ -395,8 +399,7 @@ CK_RV do_reencrypt(struct mech_info *mech1, struct mech_info *mech2)
if (!is_valid_icsf_pubexp(mech2->rsa_publ_exp,
mech2->rsa_publ_exp_len) ||
mech2->rsa_modbits < 1024) {
- testcase_skip("ICSF Token cannot be used with "
- "publ_exp='%s'.", s);
+ testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s);
goto testcase_cleanup;
}
}
@@ -619,6 +622,14 @@ CK_RV do_encrypt_reencrypt(struct mech_info *mech1)
goto testcase_cleanup;
}
}
+ if (is_soft_token(slot_id)) {
+ if (!is_valid_soft_pubexp(mech1->rsa_publ_exp,
+ mech1->rsa_publ_exp_len)) {
+ testsuite_skip(NUM_REENCRYPT_TESTS, "Soft Token cannot be "
+ "used with publ_exp.='%s'", s);
+ goto testcase_cleanup;
+ }
+ }
if (is_tpm_token(slot_id) ) {
if (!is_valid_tpm_pubexp(mech1->rsa_publ_exp,
mech1->rsa_publ_exp_len) ||
diff --git a/testcases/misc_tests/tok2tok_transport.c b/testcases/misc_tests/tok2tok_transport.c
index 9c1dee8f..ebb44760 100644
--- a/testcases/misc_tests/tok2tok_transport.c
+++ b/testcases/misc_tests/tok2tok_transport.c
@@ -581,30 +581,35 @@ CK_RV do_wrap_key_test(struct wrapped_mech_info *tsuite,
if (!keysize_supported(slot_id1, tsuite->wrapped_key_gen_mech.mechanism,
tsuite->rsa_modbits)) {
- testcase_skip("Token in slot %lu cannot be used with "
- "modbits.='%ld'", slot_id1, tsuite->rsa_modbits);
+ testcase_skip("Token in slot %lu cannot be used with modbits.='%ld'",
+ slot_id1, tsuite->rsa_modbits);
goto testcase_cleanup;
}
if (!keysize_supported(slot_id2, tsuite->wrapped_key_gen_mech.mechanism,
tsuite->rsa_modbits)) {
- testcase_skip("Token in slot %lu cannot be used with "
- "modbits.='%ld'", slot_id2, tsuite->rsa_modbits);
+ testcase_skip("Token in slot %lu cannot be used with modbits.='%ld'",
+ slot_id2, tsuite->rsa_modbits);
goto testcase_cleanup;
}
if (is_ep11_token(slot_id1) || is_ep11_token(slot_id2)) {
if (!is_valid_ep11_pubexp(tsuite->rsa_publ_exp,
tsuite->rsa_publ_exp_len)) {
- testcase_skip("EP11 Token in cannot be used with "
- "publ_exp.='%s'", s);
+ testcase_skip("EP11 Token in cannot be used with publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
if (is_cca_token(slot_id1) || is_cca_token(slot_id2)) {
if (!is_valid_cca_pubexp(tsuite->rsa_publ_exp,
tsuite->rsa_publ_exp_len)) {
- testcase_skip("CCA Token in scannot be used with "
- "publ_exp.='%s'", s);
+ testcase_skip("CCA Token in scannot be used with publ_exp.='%s'", s);
+ goto testcase_cleanup;
+ }
+ }
+ if (is_soft_token(slot_id1) || is_cca_token(slot_id2)) {
+ if (!is_valid_soft_pubexp(tsuite->rsa_publ_exp,
+ tsuite->rsa_publ_exp_len)) {
+ testcase_skip("Soft Token in scannot be used with publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
@@ -612,8 +617,7 @@ CK_RV do_wrap_key_test(struct wrapped_mech_info *tsuite,
if (!is_valid_tpm_pubexp(tsuite->rsa_publ_exp,
tsuite->rsa_publ_exp_len) ||
!is_valid_tpm_modbits(tsuite->rsa_modbits)) {
- testcase_skip("TPM Token cannot " "be used with "
- "publ_exp.='%s'", s);
+ testcase_skip("TPM Token cannot " "be used with publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
@@ -621,8 +625,7 @@ CK_RV do_wrap_key_test(struct wrapped_mech_info *tsuite,
if (!is_valid_icsf_pubexp(tsuite->rsa_publ_exp,
tsuite->rsa_publ_exp_len) ||
tsuite->rsa_modbits < 1024) {
- testcase_skip("ICSF Token cannot be used with "
- "publ_exp='%s'.", s);
+ testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s);
goto testcase_cleanup;
}
}
@@ -967,31 +970,36 @@ CK_RV do_wrapping_test(struct wrapping_mech_info *tsuite)
if (!keysize_supported(slot_id1,
tsuite->wrapping_key_gen_mech.mechanism,
tsuite->rsa_modbits)) {
- testcase_skip("Token in slot %ld cannot be used with "
- "modbits.='%ld'", slot_id1, tsuite->rsa_modbits);
+ testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'",
+ slot_id1, tsuite->rsa_modbits);
goto testcase_cleanup;
}
if (!keysize_supported(slot_id2,
tsuite->wrapping_key_gen_mech.mechanism,
tsuite->rsa_modbits)) {
- testcase_skip("Token in slot %ld cannot be used with "
- "modbits.='%ld'", slot_id2, tsuite->rsa_modbits);
+ testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'",
+ slot_id2, tsuite->rsa_modbits);
goto testcase_cleanup;
}
if (is_ep11_token(slot_id1) || is_ep11_token(slot_id2)) {
if (!is_valid_ep11_pubexp(tsuite->rsa_publ_exp,
tsuite->rsa_publ_exp_len)) {
- testcase_skip("EP11 Token in cannot be used with "
- "publ_exp.='%s'", s);
+ testcase_skip("EP11 Token in cannot be used with publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
if (is_cca_token(slot_id1) || is_cca_token(slot_id2)) {
if (!is_valid_cca_pubexp(tsuite->rsa_publ_exp,
tsuite->rsa_publ_exp_len)) {
- testcase_skip("CCA Token in scannot be used with "
- "publ_exp.='%s'", s);
+ testcase_skip("CCA Token in scannot be used with publ_exp.='%s'", s);
+ goto testcase_cleanup;
+ }
+ }
+ if (is_soft_token(slot_id1) || is_soft_token(slot_id2)) {
+ if (!is_valid_soft_pubexp(tsuite->rsa_publ_exp,
+ tsuite->rsa_publ_exp_len)) {
+ testcase_skip("Soft Token in scannot be used with publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
@@ -999,8 +1007,7 @@ CK_RV do_wrapping_test(struct wrapping_mech_info *tsuite)
if (!is_valid_tpm_pubexp(tsuite->rsa_publ_exp,
tsuite->rsa_publ_exp_len) ||
!is_valid_tpm_modbits(tsuite->rsa_modbits)) {
- testcase_skip("TPM Token cannot " "be used with "
- "publ_exp.='%s'", s);
+ testcase_skip("TPM Token cannot " "be used with publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
@@ -1008,8 +1015,7 @@ CK_RV do_wrapping_test(struct wrapping_mech_info *tsuite)
if (!is_valid_icsf_pubexp(tsuite->rsa_publ_exp,
tsuite->rsa_publ_exp_len) ||
tsuite->rsa_modbits < 1024) {
- testcase_skip("ICSF Token cannot be used with "
- "publ_exp='%s'.", s);
+ testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s);
goto testcase_cleanup;
}
}
Reference in New Issue Copy Permalink