[Cryptech-Commits] [sw/pkcs11] 05/05: Add explicit generate/sign/verify unit tests both on and off the token, since we just demonstrated (the hard way) that testing only one is not sufficient.

git at cryptech.is git at cryptech.is
Thu May 19 03:17:50 UTC 2016


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch rpc
in repository sw/pkcs11.

commit 1011308ae39ad624a3d93941bf0c1cb9039134bf
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Wed May 18 22:59:52 2016 -0400

    Add explicit generate/sign/verify unit tests both on and off the
    token, since we just demonstrated (the hard way) that testing only one
    is not sufficient.
---
 unit_tests.py | 45 +++++++++++++++++++++++++++------------------
 1 file changed, 27 insertions(+), 18 deletions(-)

diff --git a/unit_tests.py b/unit_tests.py
index 6866a87..2aefedc 100644
--- a/unit_tests.py
+++ b/unit_tests.py
@@ -247,8 +247,20 @@ class TestKeys(unittest.TestCase):
                                   CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
                                   CKA_SIGN = True, CKA_VERIFY = True))
 
-    def test_gen_sign_verify_ecdsa_p256_sha256(self):
-        public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
+    def test_gen_sign_verify_ecdsa_p256_sha256_token(self):
+        public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = True,
+                                                        CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+                                                        CKA_SIGN = True, CKA_VERIFY = True)
+        self.assertIsKeypair(public_key, private_key)
+        hamster = "Your mother was a hamster"
+        p11.C_SignInit(self.session, CKM_ECDSA_SHA256, private_key)
+        sig = p11.C_Sign(self.session, hamster)
+        self.assertIsInstance(sig, str)
+        p11.C_VerifyInit(self.session, CKM_ECDSA_SHA256, public_key)
+        p11.C_Verify(self.session, hamster, sig)
+
+    def test_gen_sign_verify_ecdsa_p256_sha256_session(self):
+        public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = False,
                                                         CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
                                                         CKA_SIGN = True, CKA_VERIFY = True)
         self.assertIsKeypair(public_key, private_key)
@@ -285,10 +297,10 @@ class TestKeys(unittest.TestCase):
         p11.C_VerifyInit(self.session, CKM_ECDSA_SHA512, public_key)
         p11.C_Verify(self.session, hamster, sig)
 
-    def test_gen_sign_verify_rsa_1024(self):
+    def test_gen_sign_verify_rsa_1024_token(self):
         public_key, private_key = p11.C_GenerateKeyPair(
             self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024,
-            CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True)
+            CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
         self.assertIsKeypair(public_key, private_key)
         hamster = "Your mother was a hamster"
         p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
@@ -297,20 +309,17 @@ class TestKeys(unittest.TestCase):
         p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
         p11.C_Verify(self.session, hamster, sig)
 
-        if False:
-            a = p11.C_GetAttributeValue(self.session, public_key,
-                                        CKA_CLASS, CKA_KEY_TYPE, CKA_VERIFY, CKA_TOKEN,
-                                        CKA_PUBLIC_EXPONENT, CKA_MODULUS)
-            a[CKA_TOKEN] = not a[CKA_TOKEN]
-            o = p11.C_CreateObject(self.session, a)
-            p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, o)
-            p11.C_Verify(self.session, hamster, sig)
-
-            self.tearDown()
-            self.setUp()
-            o = p11.C_CreateObject(self.session, a)
-            p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, o)
-            p11.C_Verify(self.session, hamster, sig)
+    def test_gen_sign_verify_rsa_1024_session(self):
+        public_key, private_key = p11.C_GenerateKeyPair(
+            self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024,
+            CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = False)
+        self.assertIsKeypair(public_key, private_key)
+        hamster = "Your mother was a hamster"
+        p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
+        sig = p11.C_Sign(self.session, hamster)
+        self.assertIsInstance(sig, str)
+        p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
+        p11.C_Verify(self.session, hamster, sig)
 
     def test_gen_sign_verify_rsa_2048(self):
         if not args.all_tests: self.skipTest("RSA key generation is still painfully slow")



More information about the Commits mailing list