|
|
e5f6b8 |
From 55f9cce403c6aa66218fe50073419f20632de0ce Mon Sep 17 00:00:00 2001
|
|
|
e5f6b8 |
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
|
|
e5f6b8 |
Date: Tue, 2 Jan 2018 18:13:07 +0100
|
|
|
e5f6b8 |
Subject: [PATCH] Fix pkcs11 variants atf tests
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
Add dns-pkcs11 tests Makefile to configure
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
Add pkcs11 Kyuafile, fix dh_test to pass in pkcs11 mode
|
|
|
e5f6b8 |
---
|
|
|
e5f6b8 |
configure.in | 1 +
|
|
|
e5f6b8 |
lib/Kyuafile | 2 ++
|
|
|
e5f6b8 |
lib/dns-pkcs11/tests/Makefile.in | 10 +++++-----
|
|
|
e5f6b8 |
lib/dns-pkcs11/tests/dh_test.c | 3 ++-
|
|
|
e5f6b8 |
lib/isc-pkcs11/tests/Makefile.in | 6 +++---
|
|
|
e5f6b8 |
lib/isc-pkcs11/tests/hash_test.c | 32 +++++++++++++++++++++++++-------
|
|
|
e5f6b8 |
6 files changed, 38 insertions(+), 16 deletions(-)
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
diff --git a/configure.in b/configure.in
|
|
|
e5f6b8 |
index 0940743..692373e 100644
|
|
|
e5f6b8 |
--- a/configure.in
|
|
|
e5f6b8 |
+++ b/configure.in
|
|
|
e5f6b8 |
@@ -5252,6 +5252,7 @@ AC_CONFIG_FILES([
|
|
|
e5f6b8 |
lib/dns-pkcs11/include/Makefile
|
|
|
e5f6b8 |
lib/dns-pkcs11/include/dns/Makefile
|
|
|
e5f6b8 |
lib/dns-pkcs11/include/dst/Makefile
|
|
|
e5f6b8 |
+ lib/dns-pkcs11/tests/Makefile
|
|
|
e5f6b8 |
lib/irs/Makefile
|
|
|
e5f6b8 |
lib/irs/include/Makefile
|
|
|
e5f6b8 |
lib/irs/include/irs/Makefile
|
|
|
e5f6b8 |
diff --git a/lib/Kyuafile b/lib/Kyuafile
|
|
|
e5f6b8 |
index ff9fc56..eaaf0dc 100644
|
|
|
e5f6b8 |
--- a/lib/Kyuafile
|
|
|
e5f6b8 |
+++ b/lib/Kyuafile
|
|
|
e5f6b8 |
@@ -2,7 +2,9 @@ syntax(2)
|
|
|
e5f6b8 |
test_suite('bind9')
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
include('dns/Kyuafile')
|
|
|
e5f6b8 |
+include('dns-pkcs11/Kyuafile')
|
|
|
e5f6b8 |
include('irs/Kyuafile')
|
|
|
e5f6b8 |
include('isc/Kyuafile')
|
|
|
e5f6b8 |
+include('isc-pkcs11/Kyuafile')
|
|
|
e5f6b8 |
include('isccfg/Kyuafile')
|
|
|
e5f6b8 |
include('lwres/Kyuafile')
|
|
|
e5f6b8 |
diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in
|
|
|
e5f6b8 |
index c7fd4ed..7b25d8c 100644
|
|
|
e5f6b8 |
--- a/lib/dns-pkcs11/tests/Makefile.in
|
|
|
e5f6b8 |
+++ b/lib/dns-pkcs11/tests/Makefile.in
|
|
|
e5f6b8 |
@@ -20,12 +20,12 @@ VERSION=@BIND9_VERSION@
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \
|
|
|
e5f6b8 |
@DST_OPENSSL_INC@
|
|
|
e5f6b8 |
-CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns/tests/\""
|
|
|
e5f6b8 |
+CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\""
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
-ISCLIBS = ../../isc/libisc.@A@
|
|
|
e5f6b8 |
-ISCDEPLIBS = ../../isc/libisc.@A@
|
|
|
e5f6b8 |
-DNSLIBS = ../libdns.@A@ @DNS_CRYPTO_LIBS@
|
|
|
e5f6b8 |
-DNSDEPLIBS = ../libdns.@A@
|
|
|
e5f6b8 |
+ISCLIBS = ../../isc-pkcs11/libisc-pkcs11.@A@
|
|
|
e5f6b8 |
+ISCDEPLIBS = ../../isc-pkcs11/libisc-pkcs11.@A@
|
|
|
e5f6b8 |
+DNSLIBS = ../libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@
|
|
|
e5f6b8 |
+DNSDEPLIBS = ../libdns-pkcs11.@A@
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
LIBS = @LIBS@ @ATFLIBS@
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
diff --git a/lib/dns-pkcs11/tests/dh_test.c b/lib/dns-pkcs11/tests/dh_test.c
|
|
|
e5f6b8 |
index 036d27a..eb6554f 100644
|
|
|
e5f6b8 |
--- a/lib/dns-pkcs11/tests/dh_test.c
|
|
|
e5f6b8 |
+++ b/lib/dns-pkcs11/tests/dh_test.c
|
|
|
e5f6b8 |
@@ -63,7 +63,8 @@ ATF_TC_BODY(isc_dh_computesecret, tc) {
|
|
|
e5f6b8 |
ret = dst_key_computesecret(key, key, &buf;;
|
|
|
e5f6b8 |
ATF_REQUIRE_EQ(ret, DST_R_NOTPRIVATEKEY);
|
|
|
e5f6b8 |
ret = key->func->computesecret(key, key, &buf;;
|
|
|
e5f6b8 |
- ATF_REQUIRE_EQ(ret, DST_R_COMPUTESECRETFAILURE);
|
|
|
e5f6b8 |
+ /* PKCS11 variant gives different result, accept both */
|
|
|
e5f6b8 |
+ ATF_REQUIRE(ret == DST_R_COMPUTESECRETFAILURE || ret == DST_R_INVALIDPRIVATEKEY);
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
dst_key_free(&key);
|
|
|
e5f6b8 |
dns_test_end();
|
|
|
e5f6b8 |
diff --git a/lib/isc-pkcs11/tests/Makefile.in b/lib/isc-pkcs11/tests/Makefile.in
|
|
|
e5f6b8 |
index 500e853..8b02f03 100644
|
|
|
e5f6b8 |
--- a/lib/isc-pkcs11/tests/Makefile.in
|
|
|
e5f6b8 |
+++ b/lib/isc-pkcs11/tests/Makefile.in
|
|
|
e5f6b8 |
@@ -17,10 +17,10 @@ VERSION=@BIND9_VERSION@
|
|
|
e5f6b8 |
@BIND9_MAKE_INCLUDES@
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
CINCLUDES = -I. -Iinclude ${ISC_INCLUDES} @ISC_OPENSSL_INC@
|
|
|
e5f6b8 |
-CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/isc/tests/\""
|
|
|
e5f6b8 |
+CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/isc-pkcs11/tests/\""
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
-ISCLIBS = ../libisc.@A@ @ISC_OPENSSL_LIBS@
|
|
|
e5f6b8 |
-ISCDEPLIBS = ../libisc.@A@
|
|
|
e5f6b8 |
+ISCLIBS = ../libisc-pkcs11.@A@ @ISC_OPENSSL_LIBS@
|
|
|
e5f6b8 |
+ISCDEPLIBS = ../libisc-pkcs11.@A@
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
LIBS = @LIBS@ @ATFLIBS@
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
diff --git a/lib/isc-pkcs11/tests/hash_test.c b/lib/isc-pkcs11/tests/hash_test.c
|
|
|
e5f6b8 |
index 0c287e8..bd56d4d 100644
|
|
|
e5f6b8 |
--- a/lib/isc-pkcs11/tests/hash_test.c
|
|
|
e5f6b8 |
+++ b/lib/isc-pkcs11/tests/hash_test.c
|
|
|
e5f6b8 |
@@ -78,7 +78,7 @@ typedef struct hash_testcase {
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
typedef struct hash_test_key {
|
|
|
e5f6b8 |
const char *key;
|
|
|
e5f6b8 |
- const int len;
|
|
|
e5f6b8 |
+ const unsigned len;
|
|
|
e5f6b8 |
} hash_test_key_t;
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
/* non-hmac tests */
|
|
|
e5f6b8 |
@@ -961,8 +961,11 @@ ATF_TC_BODY(isc_hmacsha1, tc) {
|
|
|
e5f6b8 |
hash_test_key_t *test_key = test_keys;
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
while (testcase->input != NULL && testcase->result != NULL) {
|
|
|
e5f6b8 |
+ int len = ISC_MAX(test_key->len, ISC_SHA1_DIGESTLENGTH);
|
|
|
e5f6b8 |
+
|
|
|
e5f6b8 |
+ memset(buffer, 0, ISC_SHA1_DIGESTLENGTH);
|
|
|
e5f6b8 |
memmove(buffer, test_key->key, test_key->len);
|
|
|
e5f6b8 |
- isc_hmacsha1_init(&hmacsha1, buffer, test_key->len);
|
|
|
e5f6b8 |
+ isc_hmacsha1_init(&hmacsha1, buffer, len);
|
|
|
e5f6b8 |
isc_hmacsha1_update(&hmacsha1,
|
|
|
e5f6b8 |
(const isc_uint8_t *) testcase->input,
|
|
|
e5f6b8 |
testcase->input_len);
|
|
|
e5f6b8 |
@@ -1124,8 +1127,11 @@ ATF_TC_BODY(isc_hmacsha224, tc) {
|
|
|
e5f6b8 |
hash_test_key_t *test_key = test_keys;
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
while (testcase->input != NULL && testcase->result != NULL) {
|
|
|
e5f6b8 |
+ int len = ISC_MAX(test_key->len, ISC_SHA224_DIGESTLENGTH);
|
|
|
e5f6b8 |
+
|
|
|
e5f6b8 |
+ memset(buffer, 0, ISC_SHA224_DIGESTLENGTH);
|
|
|
e5f6b8 |
memmove(buffer, test_key->key, test_key->len);
|
|
|
e5f6b8 |
- isc_hmacsha224_init(&hmacsha224, buffer, test_key->len);
|
|
|
e5f6b8 |
+ isc_hmacsha224_init(&hmacsha224, buffer, len);
|
|
|
e5f6b8 |
isc_hmacsha224_update(&hmacsha224,
|
|
|
e5f6b8 |
(const isc_uint8_t *) testcase->input,
|
|
|
e5f6b8 |
testcase->input_len);
|
|
|
e5f6b8 |
@@ -1287,8 +1293,11 @@ ATF_TC_BODY(isc_hmacsha256, tc) {
|
|
|
e5f6b8 |
hash_test_key_t *test_key = test_keys;
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
while (testcase->input != NULL && testcase->result != NULL) {
|
|
|
e5f6b8 |
+ int len = ISC_MAX(test_key->len, ISC_SHA256_DIGESTLENGTH);
|
|
|
e5f6b8 |
+
|
|
|
e5f6b8 |
+ memset(buffer, 0, ISC_SHA256_DIGESTLENGTH);
|
|
|
e5f6b8 |
memmove(buffer, test_key->key, test_key->len);
|
|
|
e5f6b8 |
- isc_hmacsha256_init(&hmacsha256, buffer, test_key->len);
|
|
|
e5f6b8 |
+ isc_hmacsha256_init(&hmacsha256, buffer, len);
|
|
|
e5f6b8 |
isc_hmacsha256_update(&hmacsha256,
|
|
|
e5f6b8 |
(const isc_uint8_t *) testcase->input,
|
|
|
e5f6b8 |
testcase->input_len);
|
|
|
e5f6b8 |
@@ -1456,8 +1465,11 @@ ATF_TC_BODY(isc_hmacsha384, tc) {
|
|
|
e5f6b8 |
hash_test_key_t *test_key = test_keys;
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
while (testcase->input != NULL && testcase->result != NULL) {
|
|
|
e5f6b8 |
+ int len = ISC_MAX(test_key->len, ISC_SHA384_DIGESTLENGTH);
|
|
|
e5f6b8 |
+
|
|
|
e5f6b8 |
+ memset(buffer, 0, ISC_SHA384_DIGESTLENGTH);
|
|
|
e5f6b8 |
memmove(buffer, test_key->key, test_key->len);
|
|
|
e5f6b8 |
- isc_hmacsha384_init(&hmacsha384, buffer, test_key->len);
|
|
|
e5f6b8 |
+ isc_hmacsha384_init(&hmacsha384, buffer, len);
|
|
|
e5f6b8 |
isc_hmacsha384_update(&hmacsha384,
|
|
|
e5f6b8 |
(const isc_uint8_t *) testcase->input,
|
|
|
e5f6b8 |
testcase->input_len);
|
|
|
e5f6b8 |
@@ -1625,8 +1637,11 @@ ATF_TC_BODY(isc_hmacsha512, tc) {
|
|
|
e5f6b8 |
hash_test_key_t *test_key = test_keys;
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
while (testcase->input != NULL && testcase->result != NULL) {
|
|
|
e5f6b8 |
+ int len = ISC_MAX(test_key->len, ISC_SHA512_DIGESTLENGTH);
|
|
|
e5f6b8 |
+
|
|
|
e5f6b8 |
+ memset(buffer, 0, ISC_SHA512_DIGESTLENGTH);
|
|
|
e5f6b8 |
memmove(buffer, test_key->key, test_key->len);
|
|
|
e5f6b8 |
- isc_hmacsha512_init(&hmacsha512, buffer, test_key->len);
|
|
|
e5f6b8 |
+ isc_hmacsha512_init(&hmacsha512, buffer, len);
|
|
|
e5f6b8 |
isc_hmacsha512_update(&hmacsha512,
|
|
|
e5f6b8 |
(const isc_uint8_t *) testcase->input,
|
|
|
e5f6b8 |
testcase->input_len);
|
|
|
e5f6b8 |
@@ -1769,8 +1784,11 @@ ATF_TC_BODY(isc_hmacmd5, tc) {
|
|
|
e5f6b8 |
hash_test_key_t *test_key = test_keys;
|
|
|
e5f6b8 |
|
|
|
e5f6b8 |
while (testcase->input != NULL && testcase->result != NULL) {
|
|
|
e5f6b8 |
+ int len = ISC_MAX(test_key->len, ISC_MD5_DIGESTLENGTH);
|
|
|
e5f6b8 |
+
|
|
|
e5f6b8 |
+ memset(buffer, 0, ISC_MD5_DIGESTLENGTH);
|
|
|
e5f6b8 |
memmove(buffer, test_key->key, test_key->len);
|
|
|
e5f6b8 |
- isc_hmacmd5_init(&hmacmd5, buffer, test_key->len);
|
|
|
e5f6b8 |
+ isc_hmacmd5_init(&hmacmd5, buffer, len);
|
|
|
e5f6b8 |
isc_hmacmd5_update(&hmacmd5,
|
|
|
e5f6b8 |
(const isc_uint8_t *) testcase->input,
|
|
|
e5f6b8 |
testcase->input_len);
|
|
|
e5f6b8 |
--
|
|
|
e5f6b8 |
2.14.3
|
|
|
e5f6b8 |
|