[Cryptech-Commits] [sw/pkcs11] 05/05: Add explicit generate/sign/verify unit tests both on and off the token, since we just demonstrated (the hard way) that testing only one is not sufficient.

[git at cryptech.is]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch rpc
in repository sw/pkcs11.

commit 1011308ae39ad624a3d93941bf0c1cb9039134bf
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Wed May 18 22:59:52 2016 -0400

    Add explicit generate/sign/verify unit tests both on and off the
    token, since we just demonstrated (the hard way) that testing only one
    is not sufficient.
---
 unit_tests.py | 45 +++++++++++++++++++++++++++------------------
 1 file changed, 27 insertions(+), 18 deletions(-)

diff --git a/unit_tests.py b/unit_tests.py
index 6866a87..2aefedc 100644
--- a/unit_tests.py
+++ b/unit_tests.py
@@ -247,8 +247,20 @@ class TestKeys(unittest.TestCase):
                                   CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
                                   CKA_SIGN = True, CKA_VERIFY = True))
 
-    def test_gen_sign_verify_ecdsa_p256_sha256(self):
-        public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
+    def test_gen_sign_verify_ecdsa_p256_sha256_token(self):
+        public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = True,
+                                                        CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+                                                        CKA_SIGN = True, CKA_VERIFY = True)
+        self.assertIsKeypair(public_key, private_key)
+        hamster = "Your mother was a hamster"
+        p11.C_SignInit(self.session, CKM_ECDSA_SHA256, private_key)
+        sig = p11.C_Sign(self.session, hamster)
+        self.assertIsInstance(sig, str)
+        p11.C_VerifyInit(self.session, CKM_ECDSA_SHA256, public_key)
+        p11.C_Verify(self.session, hamster, sig)
+
+    def test_gen_sign_verify_ecdsa_p256_sha256_session(self):
+        public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = False,
                                                         CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
                                                         CKA_SIGN = True, CKA_VERIFY = True)
         self.assertIsKeypair(public_key, private_key)
@@ -285,10 +297,10 @@ class TestKeys(unittest.TestCase):
         p11.C_VerifyInit(self.session, CKM_ECDSA_SHA512, public_key)
         p11.C_Verify(self.session, hamster, sig)
 
-    def test_gen_sign_verify_rsa_1024(self):
+    def test_gen_sign_verify_rsa_1024_token(self):
         public_key, private_key = p11.C_GenerateKeyPair(
             self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024,
-            CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True)
+            CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
         self.assertIsKeypair(public_key, private_key)
         hamster = "Your mother was a hamster"
         p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
@@ -297,20 +309,17 @@ class TestKeys(unittest.TestCase):
         p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
         p11.C_Verify(self.session, hamster, sig)
 
-        if False:
-            a = p11.C_GetAttributeValue(self.session, public_key,
-                                        CKA_CLASS, CKA_KEY_TYPE, CKA_VERIFY, CKA_TOKEN,
-                                        CKA_PUBLIC_EXPONENT, CKA_MODULUS)
-            a[CKA_TOKEN] = not a[CKA_TOKEN]
-            o = p11.C_CreateObject(self.session, a)
-            p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, o)
-            p11.C_Verify(self.session, hamster, sig)
-
-            self.tearDown()
-            self.setUp()
-            o = p11.C_CreateObject(self.session, a)
-            p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, o)
-            p11.C_Verify(self.session, hamster, sig)
+    def test_gen_sign_verify_rsa_1024_session(self):
+        public_key, private_key = p11.C_GenerateKeyPair(
+            self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024,
+            CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = False)
+        self.assertIsKeypair(public_key, private_key)
+        hamster = "Your mother was a hamster"
+        p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
+        sig = p11.C_Sign(self.session, hamster)
+        self.assertIsInstance(sig, str)
+        p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
+        p11.C_Verify(self.session, hamster, sig)
 
     def test_gen_sign_verify_rsa_2048(self):
         if not args.all_tests: self.skipTest("RSA key generation is still painfully slow")