commit ecf71404e84ae35931cd6c7398c825378ee052b6 Author: Ingo Franzki Date: Fri Jul 2 11:20:22 2021 +0200 TESTCASES: Soft: Skip tests with RSA publ.exp. not supported by OpenSSL OpenSSL 3.0 only accepts public exponents of 3 and 65537 for RSA keys. Skip the testcase if another public exponent is used. Also fixed some ugly line breaks within messages. Signed-off-by: Ingo Franzki diff --git a/testcases/common/common.c b/testcases/common/common.c index bfd486cb..0a64ecf2 100644 --- a/testcases/common/common.c +++ b/testcases/common/common.c @@ -876,6 +876,16 @@ int is_valid_cca_pubexp(CK_BYTE pubexp[], CK_ULONG pubexp_len) || (pubexp_len == 3 && (!memcmp(pubexp, exp65537, 3))); } +/** Returns true if pubexp is valid for Soft Tokens **/ +int is_valid_soft_pubexp(CK_BYTE pubexp[], CK_ULONG pubexp_len) +{ + CK_BYTE exp3[] = { 0x03 }; // 3 + CK_BYTE exp65537[] = { 0x01, 0x00, 0x01 }; // 65537 + + return (pubexp_len == 1 && (!memcmp(pubexp, exp3, 1))) + || (pubexp_len == 3 && (!memcmp(pubexp, exp65537, 3))); +} + /** Returns true if slot_id is an ICSF token ** ICSF token info is not necessarily hard-coded like the other tokens ** so there is no single identifying attribute. So, instead just diff --git a/testcases/crypto/rsa_func.c b/testcases/crypto/rsa_func.c index 62aa7a76..8739ed37 100644 --- a/testcases/crypto/rsa_func.c +++ b/testcases/crypto/rsa_func.c @@ -102,8 +102,8 @@ CK_RV do_EncryptDecryptRSA(struct GENERATED_TEST_SUITE_INFO *tsuite) if (!keysize_supported(slot_id, tsuite->mech.mechanism, tsuite->tv[i].modbits)) { - testcase_skip("Token in slot %ld cannot be used with " - "modbits.='%ld'", SLOT_ID, tsuite->tv[i].modbits); + testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'", + SLOT_ID, tsuite->tv[i].modbits); free(s); continue; } @@ -111,8 +111,7 @@ CK_RV do_EncryptDecryptRSA(struct GENERATED_TEST_SUITE_INFO *tsuite) if (is_ep11_token(slot_id)) { if (!is_valid_ep11_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) { - testcase_skip("EP11 Token cannot " - "be used with publ_exp.='%s'", s); + testcase_skip("EP11 Token cannot be used with publ_exp.='%s'", s); free(s); continue; } @@ -124,8 +123,7 @@ CK_RV do_EncryptDecryptRSA(struct GENERATED_TEST_SUITE_INFO *tsuite) if (is_cca_token(slot_id)) { if (!is_valid_cca_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) { - testcase_skip("CCA Token cannot " - "be used with publ_exp.='%s'", s); + testcase_skip("CCA Token cannot be used with publ_exp.='%s'", s); free(s); continue; } @@ -148,6 +146,16 @@ CK_RV do_EncryptDecryptRSA(struct GENERATED_TEST_SUITE_INFO *tsuite) continue; } } + + if (is_soft_token(slot_id)) { + if (!is_valid_soft_pubexp(tsuite->tv[i].publ_exp, + tsuite->tv[i].publ_exp_len)) { + testcase_skip("Soft Token cannot be used with publ_exp.='%s'", + s); + free(s); + continue; + } + } // tpm special cases: // tpm token can only use public exponent 0x010001 (65537) // so skip test if invalid public exponent is used @@ -155,8 +163,7 @@ CK_RV do_EncryptDecryptRSA(struct GENERATED_TEST_SUITE_INFO *tsuite) if ((!is_valid_tpm_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) || (!is_valid_tpm_modbits(tsuite->tv[i].modbits))) { - testcase_skip("TPM Token cannot " "be used with publ_exp.='%s'", - s); + testcase_skip("TPM Token cannot be used with publ_exp.='%s'", s); free(s); continue; } @@ -166,8 +173,7 @@ CK_RV do_EncryptDecryptRSA(struct GENERATED_TEST_SUITE_INFO *tsuite) if (!is_valid_icsf_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len) || (tsuite->tv[i].modbits < 1024)) { - testcase_skip("ICSF Token cannot be used with " - "publ_exp='%s'.", s); + testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s); free(s); continue; } @@ -376,8 +382,8 @@ CK_RV do_EncryptDecryptImportRSA(struct PUBLISHED_TEST_SUITE_INFO *tsuite) if (!keysize_supported(slot_id, tsuite->mech.mechanism, tsuite->tv[i].mod_len * 8)) { - testcase_skip("Token in slot %ld cannot be used with " - "modbits.='%ld'", SLOT_ID, tsuite->tv[i].mod_len * 8); + testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'", + SLOT_ID, tsuite->tv[i].mod_len * 8); free(s); continue; } @@ -385,16 +391,14 @@ CK_RV do_EncryptDecryptImportRSA(struct PUBLISHED_TEST_SUITE_INFO *tsuite) if (is_ep11_token(slot_id)) { if (!is_valid_ep11_pubexp(tsuite->tv[i].pub_exp, tsuite->tv[i].pubexp_len)) { - testcase_skip("EP11 Token cannot " - "be used with publ_exp.='%s'", s); + testcase_skip("EP11 Token cannot be used with publ_exp.='%s'", s); free(s); continue; } // modulus length must be multiple of 128 byte // skip test if modulus length has unsuported size if ((tsuite->tv[i].mod_len % 128) != 0) { - testcase_skip("EP11 Token cannot be used with " - "this test vector."); + testcase_skip("EP11 Token cannot be used with this test vector."); free(s); continue; } @@ -416,8 +420,7 @@ CK_RV do_EncryptDecryptImportRSA(struct PUBLISHED_TEST_SUITE_INFO *tsuite) (tsuite->tv[i].exp2_len > (tsuite->tv[i].mod_len / 2)) || (tsuite->tv[i].coef_len > (tsuite->tv[i].mod_len / 2))) { - testcase_skip("ICA Token cannot be used with " - "this test vector."); + testcase_skip("ICA Token cannot be used with this test vector."); free(s); continue; } @@ -431,12 +434,21 @@ CK_RV do_EncryptDecryptImportRSA(struct PUBLISHED_TEST_SUITE_INFO *tsuite) if (is_cca_token(slot_id)) { if (!is_valid_cca_pubexp(tsuite->tv[i].pub_exp, tsuite->tv[i].pubexp_len)) { - testcase_skip("CCA Token cannot " - "be used with publ_exp.='%s'", s); + testcase_skip("CCA Token cannot be used with publ_exp.='%s'", s); + free(s); + continue; + } + } + + if (is_soft_token(slot_id)) { + if (!is_valid_soft_pubexp(tsuite->tv[i].pub_exp, + tsuite->tv[i].pubexp_len)) { + testcase_skip("Soft Token cannot be used with publ_exp.='%s'", s); free(s); continue; } } + // tpm special cases: // tpm token can only use public exponent 0x010001 (65537) // so skip test if invalid public exponent is used @@ -444,8 +456,7 @@ CK_RV do_EncryptDecryptImportRSA(struct PUBLISHED_TEST_SUITE_INFO *tsuite) if ((!is_valid_tpm_pubexp(tsuite->tv[i].pub_exp, tsuite->tv[i].pubexp_len)) || (!is_valid_tpm_modbits(tsuite->tv[i].mod_len * 8))) { - testcase_skip("TPM Token cannot " "be used with publ_exp.='%s'", - s); + testcase_skip("TPM Token cannot be used with publ_exp.='%s'", s); free(s); continue; } @@ -455,8 +466,7 @@ CK_RV do_EncryptDecryptImportRSA(struct PUBLISHED_TEST_SUITE_INFO *tsuite) if (!is_valid_icsf_pubexp(tsuite->tv[i].pub_exp, tsuite->tv[i].pubexp_len) || (tsuite->tv[i].mod_len * 8 < 1024)) { - testcase_skip("ICSF Token cannot be used with " - "publ_exp='%s'.", s); + testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s); free(s); continue; } @@ -691,8 +701,8 @@ CK_RV do_SignVerifyRSA(struct GENERATED_TEST_SUITE_INFO * tsuite, if (!keysize_supported(slot_id, tsuite->mech.mechanism, tsuite->tv[i].modbits)) { - testcase_skip("Token in slot %ld cannot be used with " - "modbits.='%ld'", SLOT_ID, tsuite->tv[i].modbits); + testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'", + SLOT_ID, tsuite->tv[i].modbits); free(s); continue; } @@ -700,8 +710,7 @@ CK_RV do_SignVerifyRSA(struct GENERATED_TEST_SUITE_INFO * tsuite, if (is_ep11_token(slot_id)) { if (!is_valid_ep11_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) { - testcase_skip("EP11 Token cannot " - "be used with publ_exp.='%s'", s); + testcase_skip("EP11 Token cannot be used with publ_exp.='%s'", s); free(s); continue; } @@ -710,8 +719,16 @@ CK_RV do_SignVerifyRSA(struct GENERATED_TEST_SUITE_INFO * tsuite, if (is_cca_token(slot_id)) { if (!is_valid_cca_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) { - testcase_skip("CCA Token cannot " - "be used with publ_exp='%s'.", s); + testcase_skip("CCA Token cannot be used with publ_exp='%s'.", s); + free(s); + continue; + } + } + + if (is_soft_token(slot_id)) { + if (!is_valid_soft_pubexp(tsuite->tv[i].publ_exp, + tsuite->tv[i].publ_exp_len)) { + testcase_skip("Soft Token cannot be used with publ_exp='%s'.", s); free(s); continue; } @@ -721,8 +738,7 @@ CK_RV do_SignVerifyRSA(struct GENERATED_TEST_SUITE_INFO * tsuite, if ((!is_valid_tpm_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) || (!is_valid_tpm_modbits(tsuite->tv[i].modbits))) { - testcase_skip("TPM Token cannot " "be used with publ_exp='%s'.", - s); + testcase_skip("TPM Token cannot be used with publ_exp='%s'.", s); free(s); continue; } @@ -732,8 +748,7 @@ CK_RV do_SignVerifyRSA(struct GENERATED_TEST_SUITE_INFO * tsuite, if (!is_valid_icsf_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len) || (tsuite->tv[i].modbits < 1024)) { - testcase_skip("ICSF Token cannot be used with " - "publ_exp='%s'.", s); + testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s); free(s); continue; } @@ -944,16 +959,23 @@ CK_RV do_SignVerify_RSAPSS(struct GENERATED_TEST_SUITE_INFO * tsuite) if (!keysize_supported(slot_id, tsuite->mech.mechanism, tsuite->tv[i].modbits)) { - testcase_skip("Token in slot %ld cannot be used with " - "modbits.='%ld'", SLOT_ID, tsuite->tv[i].modbits); + testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'", + SLOT_ID, tsuite->tv[i].modbits); free(s); continue; } if (is_cca_token(slot_id)) { if (!is_valid_cca_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) { - testcase_skip("CCA Token cannot " - "be used with publ_exp='%s'.", s); + testcase_skip("CCA Token cannot be used with publ_exp='%s'.", s); + free(s); + continue; + } + } + if (is_soft_token(slot_id)) { + if (!is_valid_soft_pubexp(tsuite->tv[i].publ_exp, + tsuite->tv[i].publ_exp_len)) { + testcase_skip("Soft Token cannot be used with publ_exp='%s'.", s); free(s); continue; } @@ -1154,8 +1176,8 @@ CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO * tsuite) if (!keysize_supported(slot_id, tsuite->mech.mechanism, tsuite->tv[i].modbits)) { - testcase_skip("Token in slot %ld cannot be used with " - "modbits.='%ld'", SLOT_ID, tsuite->tv[i].modbits); + testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'", + SLOT_ID, tsuite->tv[i].modbits); continue; } // get public exponent from test vector @@ -1169,8 +1191,7 @@ CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO * tsuite) if (is_ep11_token(slot_id)) { if (!is_valid_ep11_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) { - testcase_skip("EP11 Token cannot " - "be used with publ_exp.='%s'", s); + testcase_skip("EP11 Token cannot be used with publ_exp.='%s'", s); free(s); continue; } @@ -1179,8 +1200,7 @@ CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO * tsuite) if (!is_valid_icsf_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len) || (tsuite->tv[i].modbits < 1024)) { - testcase_skip("ICSF Token cannot be used with " - "publ_exp='%s'.", s); + testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s); free(s); continue; } @@ -1189,8 +1209,7 @@ CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO * tsuite) if ((!is_valid_tpm_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) || (!is_valid_tpm_modbits(tsuite->tv[i].modbits))) { - testcase_skip("TPM Token cannot " "be used with publ_exp.='%s'", - s); + testcase_skip("TPM Token cannot be used with publ_exp.='%s'", s); free(s); continue; } @@ -1198,8 +1217,7 @@ CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO * tsuite) if (is_cca_token(slot_id)) { if (!is_valid_cca_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) { - testcase_skip("CCA Token cannot " - "be used with publ_exp='%s'.", s); + testcase_skip("CCA Token cannot be used with publ_exp='%s'.", s); free(s); continue; } @@ -1228,6 +1246,14 @@ CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO * tsuite) continue; } } + if (is_soft_token(slot_id)) { + if (!is_valid_soft_pubexp(tsuite->tv[i].publ_exp, + tsuite->tv[i].publ_exp_len)) { + testcase_skip("Soft Token cannot be used with publ_exp='%s'.", s); + free(s); + continue; + } + } // begin test testcase_begin("%s Wrap Unwrap with test vector %d, " @@ -1554,8 +1580,7 @@ CK_RV do_SignRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite) (tsuite->tv[i].exp2_len > (tsuite->tv[i].mod_len / 2)) || (tsuite->tv[i].coef_len > (tsuite->tv[i].mod_len / 2))) { - testcase_skip("ICA Token cannot be used with " - "this test vector."); + testcase_skip("ICA Token cannot be used with this test vector."); continue; } @@ -1565,8 +1590,7 @@ CK_RV do_SignRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite) // skip test if modulus length has unsuported size if (is_ep11_token(slot_id)) { if ((tsuite->tv[i].mod_len % 128) != 0) { - testcase_skip("EP11 Token cannot be used with " - "this test vector."); + testcase_skip("EP11 Token cannot be used with this test vector."); continue; } } @@ -1575,8 +1599,7 @@ CK_RV do_SignRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite) if ((!is_valid_tpm_pubexp(tsuite->tv[i].pub_exp, tsuite->tv[i].pubexp_len)) || (!is_valid_tpm_modbits(tsuite->tv[i].mod_len))) { - testcase_skip("TPM Token cannot " - "be used with this test vector."); + testcase_skip("TPM Token cannot be used with this test vector."); continue; } } @@ -1584,8 +1607,15 @@ CK_RV do_SignRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite) if (is_cca_token(slot_id)) { if (!is_valid_cca_pubexp(tsuite->tv[i].pub_exp, tsuite->tv[i].pubexp_len)) { - testcase_skip("CCA Token cannot " - "be used with this test vector."); + testcase_skip("CCA Token cannot be used with this test vector."); + continue; + } + } + + if (is_soft_token(slot_id)) { + if (!is_valid_soft_pubexp(tsuite->tv[i].pub_exp, + tsuite->tv[i].pubexp_len)) { + testcase_skip("Soft Token cannot be used with this test vector."); continue; } } @@ -1735,8 +1765,7 @@ CK_RV do_VerifyRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite) // skip test if modulus length has unsuported size if (is_ep11_token(slot_id)) { if ((tsuite->tv[i].mod_len % 128) != 0) { - testcase_skip("EP11 Token cannot be used with " - "this test vector."); + testcase_skip("EP11 Token cannot be used with this test vector."); continue; } } @@ -1745,8 +1774,7 @@ CK_RV do_VerifyRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite) if ((!is_valid_tpm_pubexp(tsuite->tv[i].pub_exp, tsuite->tv[i].pubexp_len)) || (!is_valid_tpm_modbits(tsuite->tv[i].mod_len))) { - testcase_skip("TPM Token cannot " - "be used with this test vector."); + testcase_skip("TPM Token cannot be used with this test vector."); continue; } } @@ -1754,8 +1782,15 @@ CK_RV do_VerifyRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite) if (is_cca_token(slot_id)) { if (!is_valid_cca_pubexp(tsuite->tv[i].pub_exp, tsuite->tv[i].pubexp_len)) { - testcase_skip("CCA Token cannot " - "be used with this test vector."); + testcase_skip("CCA Token cannot be used with this test vector."); + continue; + } + } + + if (is_soft_token(slot_id)) { + if (!is_valid_soft_pubexp(tsuite->tv[i].pub_exp, + tsuite->tv[i].pubexp_len)) { + testcase_skip("Soft Token cannot be used with this test vector."); continue; } } diff --git a/testcases/crypto/rsaupdate_func.c b/testcases/crypto/rsaupdate_func.c index 20611b85..22f8d7e4 100644 --- a/testcases/crypto/rsaupdate_func.c +++ b/testcases/crypto/rsaupdate_func.c @@ -96,8 +96,8 @@ CK_RV do_SignVerifyUpdateRSA(struct GENERATED_TEST_SUITE_INFO *tsuite) if (!keysize_supported(slot_id, tsuite->mech.mechanism, tsuite->tv[i].modbits)) { - testcase_skip("Token in slot %ld cannot be used with " - "modbits.='%ld'", SLOT_ID, tsuite->tv[i].modbits); + testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'", + SLOT_ID, tsuite->tv[i].modbits); free(s); continue; } @@ -105,8 +105,7 @@ CK_RV do_SignVerifyUpdateRSA(struct GENERATED_TEST_SUITE_INFO *tsuite) if (is_ep11_token(slot_id)) { if (!is_valid_ep11_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) { - testcase_skip("EP11 Token cannot " - "be used with publ_exp.='%s'", s); + testcase_skip("EP11 Token cannot be used with publ_exp.='%s'", s); free(s); continue; } @@ -115,19 +114,27 @@ CK_RV do_SignVerifyUpdateRSA(struct GENERATED_TEST_SUITE_INFO *tsuite) if (is_cca_token(slot_id)) { if (!is_valid_cca_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) { - testcase_skip("CCA Token cannot " - "be used with publ_exp='%s'.", s); + testcase_skip("CCA Token cannot be used with publ_exp='%s'.", s); free(s); continue; } } + if (is_soft_token(slot_id)) { + if (!is_valid_soft_pubexp(tsuite->tv[i].publ_exp, + tsuite->tv[i].publ_exp_len)) { + testcase_skip("Soft Token cannot be used with publ_exp='%s'.", s); + free(s); + continue; + } + } + + if (is_tpm_token(slot_id)) { if ((!is_valid_tpm_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) || (!is_valid_tpm_modbits(tsuite->tv[i].modbits))) { - testcase_skip("TPM Token cannot " "be used with publ_exp='%s'.", - s); + testcase_skip("TPM Token cannot be used with publ_exp='%s'.", s); free(s); continue; } @@ -137,8 +144,7 @@ CK_RV do_SignVerifyUpdateRSA(struct GENERATED_TEST_SUITE_INFO *tsuite) if (!is_valid_icsf_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len) || (tsuite->tv[i].modbits < 1024)) { - testcase_skip("ICSF Token cannot " - "be used with publ_exp='%s'.", s); + testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s); free(s); continue; } @@ -162,8 +168,7 @@ CK_RV do_SignVerifyUpdateRSA(struct GENERATED_TEST_SUITE_INFO *tsuite) tsuite->tv[i].publ_exp_len, &publ_key, &priv_key); if (rc != CKR_OK) { - testcase_error("generate_RSA_PKCS_KeyPair(), " - "rc=%s", p11_get_ckr(rc)); + testcase_error("generate_RSA_PKCS_KeyPair(), rc=%s", p11_get_ckr(rc)); goto testcase_cleanup; } @@ -367,8 +372,8 @@ CK_RV do_SignVerifyUpdate_RSAPSS(struct GENERATED_TEST_SUITE_INFO * tsuite) if (!keysize_supported(slot_id, tsuite->mech.mechanism, tsuite->tv[i].modbits)) { - testcase_skip("Token in slot %ld cannot be used with " - "modbits.='%ld'", SLOT_ID, tsuite->tv[i].modbits); + testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'", + SLOT_ID, tsuite->tv[i].modbits); free(s); continue; } @@ -376,8 +381,7 @@ CK_RV do_SignVerifyUpdate_RSAPSS(struct GENERATED_TEST_SUITE_INFO * tsuite) if (is_ep11_token(slot_id)) { if (!is_valid_ep11_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) { - testcase_skip("EP11 Token cannot " - "be used with publ_exp.='%s'", s); + testcase_skip("EP11 Token cannot be used with publ_exp.='%s'", s); free(s); continue; } @@ -386,8 +390,16 @@ CK_RV do_SignVerifyUpdate_RSAPSS(struct GENERATED_TEST_SUITE_INFO * tsuite) if (is_cca_token(slot_id)) { if (!is_valid_cca_pubexp(tsuite->tv[i].publ_exp, tsuite->tv[i].publ_exp_len)) { - testcase_skip("CCA Token cannot " - "be used with publ_exp='%s'.", s); + testcase_skip("CCA Token cannot be used with publ_exp='%s'.", s); + free(s); + continue; + } + } + + if (is_soft_token(slot_id)) { + if (!is_valid_soft_pubexp(tsuite->tv[i].publ_exp, + tsuite->tv[i].publ_exp_len)) { + testcase_skip("Soft Token cannot be used with publ_exp='%s'.", s); free(s); continue; } @@ -412,8 +424,7 @@ CK_RV do_SignVerifyUpdate_RSAPSS(struct GENERATED_TEST_SUITE_INFO * tsuite) tsuite->tv[i].publ_exp_len, &publ_key, &priv_key); if (rc != CKR_OK) { - testcase_error("generate_RSA_PKCS_KeyPair(), " - "rc=%s", p11_get_ckr(rc)); + testcase_error("generate_RSA_PKCS_KeyPair(), rc=%s", p11_get_ckr(rc)); goto error; } // generate message @@ -639,8 +650,7 @@ CK_RV do_VerifyUpdateRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite) if (is_ep11_token(slot_id)) { if (!is_valid_ep11_pubexp(tsuite->tv[i].pub_exp, tsuite->tv[i].pubexp_len)) { - testcase_skip("EP11 Token cannot " - "be used with pub_exp.='%s'", s); + testcase_skip("EP11 Token cannot be used with pub_exp.='%s'", s); free(s); continue; } @@ -650,8 +660,7 @@ CK_RV do_VerifyUpdateRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite) if ((!is_valid_tpm_pubexp(tsuite->tv[i].pub_exp, tsuite->tv[i].pubexp_len)) || (!is_valid_tpm_modbits(tsuite->tv[i].mod_len))) { - testcase_skip("TPM Token cannot " - "be used with pub_exp='%s'.", s); + testcase_skip("TPM Token cannot be used with pub_exp='%s'.", s); free(s); continue; } @@ -660,8 +669,16 @@ CK_RV do_VerifyUpdateRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite) if (is_cca_token(slot_id)) { if (!is_valid_cca_pubexp(tsuite->tv[i].pub_exp, tsuite->tv[i].pubexp_len)) { - testcase_skip("CCA Token cannot " - "be used with publ_exp='%s'.", s); + testcase_skip("CCA Token cannot be used with publ_exp='%s'.", s); + free(s); + continue; + } + } + + if (is_soft_token(slot_id)) { + if (!is_valid_soft_pubexp(tsuite->tv[i].pub_exp, + tsuite->tv[i].pubexp_len)) { + testcase_skip("Soft Token cannot be used with publ_exp='%s'.", s); free(s); continue; } @@ -826,8 +843,7 @@ CK_RV do_SignUpdateRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite) (tsuite->tv[i].exp2_len > (tsuite->tv[i].mod_len / 2)) || (tsuite->tv[i].coef_len > (tsuite->tv[i].mod_len / 2))) { - testcase_skip("ICA Token cannot be used with " - "this test vector."); + testcase_skip("ICA Token cannot be used with this test vector."); free(s); continue; } @@ -848,8 +864,7 @@ CK_RV do_SignUpdateRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite) if (is_ep11_token(slot_id)) { if (!is_valid_ep11_pubexp(tsuite->tv[i].pub_exp, tsuite->tv[i].pubexp_len)) { - testcase_skip("EP11 Token cannot " - "be used with publ_exp.='%s'", s); + testcase_skip("EP11 Token cannot be used with publ_exp.='%s'", s); free(s); continue; } @@ -859,8 +874,7 @@ CK_RV do_SignUpdateRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite) if ((!is_valid_tpm_pubexp(tsuite->tv[i].pub_exp, tsuite->tv[i].pubexp_len)) || (!is_valid_tpm_modbits(tsuite->tv[i].mod_len))) { - testcase_skip("TPM Token cannot " - "be used with pub_exp='%s'.", s); + testcase_skip("TPM Token cannot be used with pub_exp='%s'.", s); free(s); continue; } @@ -869,8 +883,16 @@ CK_RV do_SignUpdateRSA(struct PUBLISHED_TEST_SUITE_INFO * tsuite) if (is_cca_token(slot_id)) { if (!is_valid_cca_pubexp(tsuite->tv[i].pub_exp, tsuite->tv[i].pubexp_len)) { - testcase_skip("CCA Token cannot " - "be used with publ_exp='%s'.", s); + testcase_skip("CCA Token cannot be used with publ_exp='%s'.", s); + free(s); + continue; + } + } + + if (is_soft_token(slot_id)) { + if (!is_valid_soft_pubexp(tsuite->tv[i].pub_exp, + tsuite->tv[i].pubexp_len)) { + testcase_skip("Soft Token cannot be used with publ_exp='%s'.", s); free(s); continue; } diff --git a/testcases/misc_tests/reencrypt.c b/testcases/misc_tests/reencrypt.c index a78e1f5a..93fa31bd 100644 --- a/testcases/misc_tests/reencrypt.c +++ b/testcases/misc_tests/reencrypt.c @@ -361,24 +361,29 @@ CK_RV do_reencrypt(struct mech_info *mech1, struct mech_info *mech2) if (!keysize_supported(slot_id, mech2->key_gen_mech.mechanism, mech2->rsa_modbits)) { - testcase_skip("Token in slot %ld cannot be used with " - "modbits.='%ld'", slot_id, mech2->rsa_modbits); + testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'", + slot_id, mech2->rsa_modbits); goto testcase_cleanup; } if (is_ep11_token(slot_id)) { if (!is_valid_ep11_pubexp(mech2->rsa_publ_exp, mech2->rsa_publ_exp_len)) { - testcase_skip("EP11 Token in cannot be used with " - "publ_exp.='%s'", s); + testcase_skip("EP11 Token in cannot be used with publ_exp.='%s'", s); goto testcase_cleanup; } } if (is_cca_token(slot_id)) { if (!is_valid_cca_pubexp(mech2->rsa_publ_exp, mech2->rsa_publ_exp_len)) { - testcase_skip("CCA Token in cannot be used with " - " publ_exp.='%s'", s); + testcase_skip("CCA Token in cannot be used with publ_exp.='%s'", s); + goto testcase_cleanup; + } + } + if (is_soft_token(slot_id)) { + if (!is_valid_soft_pubexp(mech2->rsa_publ_exp, + mech2->rsa_publ_exp_len)) { + testcase_skip("Soft Token in cannot be used with publ_exp.='%s'", s); goto testcase_cleanup; } } @@ -386,8 +391,7 @@ CK_RV do_reencrypt(struct mech_info *mech1, struct mech_info *mech2) if (!is_valid_tpm_pubexp(mech2->rsa_publ_exp, mech2->rsa_publ_exp_len) || !is_valid_tpm_modbits(mech2->rsa_modbits)) { - testcase_skip("TPM Token cannot be used with " - "publ_exp.='%s'", s); + testcase_skip("TPM Token cannot be used with publ_exp.='%s'", s); goto testcase_cleanup; } } @@ -395,8 +399,7 @@ CK_RV do_reencrypt(struct mech_info *mech1, struct mech_info *mech2) if (!is_valid_icsf_pubexp(mech2->rsa_publ_exp, mech2->rsa_publ_exp_len) || mech2->rsa_modbits < 1024) { - testcase_skip("ICSF Token cannot be used with " - "publ_exp='%s'.", s); + testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s); goto testcase_cleanup; } } @@ -619,6 +622,14 @@ CK_RV do_encrypt_reencrypt(struct mech_info *mech1) goto testcase_cleanup; } } + if (is_soft_token(slot_id)) { + if (!is_valid_soft_pubexp(mech1->rsa_publ_exp, + mech1->rsa_publ_exp_len)) { + testsuite_skip(NUM_REENCRYPT_TESTS, "Soft Token cannot be " + "used with publ_exp.='%s'", s); + goto testcase_cleanup; + } + } if (is_tpm_token(slot_id) ) { if (!is_valid_tpm_pubexp(mech1->rsa_publ_exp, mech1->rsa_publ_exp_len) || diff --git a/testcases/misc_tests/tok2tok_transport.c b/testcases/misc_tests/tok2tok_transport.c index 9c1dee8f..ebb44760 100644 --- a/testcases/misc_tests/tok2tok_transport.c +++ b/testcases/misc_tests/tok2tok_transport.c @@ -581,30 +581,35 @@ CK_RV do_wrap_key_test(struct wrapped_mech_info *tsuite, if (!keysize_supported(slot_id1, tsuite->wrapped_key_gen_mech.mechanism, tsuite->rsa_modbits)) { - testcase_skip("Token in slot %lu cannot be used with " - "modbits.='%ld'", slot_id1, tsuite->rsa_modbits); + testcase_skip("Token in slot %lu cannot be used with modbits.='%ld'", + slot_id1, tsuite->rsa_modbits); goto testcase_cleanup; } if (!keysize_supported(slot_id2, tsuite->wrapped_key_gen_mech.mechanism, tsuite->rsa_modbits)) { - testcase_skip("Token in slot %lu cannot be used with " - "modbits.='%ld'", slot_id2, tsuite->rsa_modbits); + testcase_skip("Token in slot %lu cannot be used with modbits.='%ld'", + slot_id2, tsuite->rsa_modbits); goto testcase_cleanup; } if (is_ep11_token(slot_id1) || is_ep11_token(slot_id2)) { if (!is_valid_ep11_pubexp(tsuite->rsa_publ_exp, tsuite->rsa_publ_exp_len)) { - testcase_skip("EP11 Token in cannot be used with " - "publ_exp.='%s'", s); + testcase_skip("EP11 Token in cannot be used with publ_exp.='%s'", s); goto testcase_cleanup; } } if (is_cca_token(slot_id1) || is_cca_token(slot_id2)) { if (!is_valid_cca_pubexp(tsuite->rsa_publ_exp, tsuite->rsa_publ_exp_len)) { - testcase_skip("CCA Token in scannot be used with " - "publ_exp.='%s'", s); + testcase_skip("CCA Token in scannot be used with publ_exp.='%s'", s); + goto testcase_cleanup; + } + } + if (is_soft_token(slot_id1) || is_cca_token(slot_id2)) { + if (!is_valid_soft_pubexp(tsuite->rsa_publ_exp, + tsuite->rsa_publ_exp_len)) { + testcase_skip("Soft Token in scannot be used with publ_exp.='%s'", s); goto testcase_cleanup; } } @@ -612,8 +617,7 @@ CK_RV do_wrap_key_test(struct wrapped_mech_info *tsuite, if (!is_valid_tpm_pubexp(tsuite->rsa_publ_exp, tsuite->rsa_publ_exp_len) || !is_valid_tpm_modbits(tsuite->rsa_modbits)) { - testcase_skip("TPM Token cannot " "be used with " - "publ_exp.='%s'", s); + testcase_skip("TPM Token cannot " "be used with publ_exp.='%s'", s); goto testcase_cleanup; } } @@ -621,8 +625,7 @@ CK_RV do_wrap_key_test(struct wrapped_mech_info *tsuite, if (!is_valid_icsf_pubexp(tsuite->rsa_publ_exp, tsuite->rsa_publ_exp_len) || tsuite->rsa_modbits < 1024) { - testcase_skip("ICSF Token cannot be used with " - "publ_exp='%s'.", s); + testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s); goto testcase_cleanup; } } @@ -967,31 +970,36 @@ CK_RV do_wrapping_test(struct wrapping_mech_info *tsuite) if (!keysize_supported(slot_id1, tsuite->wrapping_key_gen_mech.mechanism, tsuite->rsa_modbits)) { - testcase_skip("Token in slot %ld cannot be used with " - "modbits.='%ld'", slot_id1, tsuite->rsa_modbits); + testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'", + slot_id1, tsuite->rsa_modbits); goto testcase_cleanup; } if (!keysize_supported(slot_id2, tsuite->wrapping_key_gen_mech.mechanism, tsuite->rsa_modbits)) { - testcase_skip("Token in slot %ld cannot be used with " - "modbits.='%ld'", slot_id2, tsuite->rsa_modbits); + testcase_skip("Token in slot %ld cannot be used with modbits.='%ld'", + slot_id2, tsuite->rsa_modbits); goto testcase_cleanup; } if (is_ep11_token(slot_id1) || is_ep11_token(slot_id2)) { if (!is_valid_ep11_pubexp(tsuite->rsa_publ_exp, tsuite->rsa_publ_exp_len)) { - testcase_skip("EP11 Token in cannot be used with " - "publ_exp.='%s'", s); + testcase_skip("EP11 Token in cannot be used with publ_exp.='%s'", s); goto testcase_cleanup; } } if (is_cca_token(slot_id1) || is_cca_token(slot_id2)) { if (!is_valid_cca_pubexp(tsuite->rsa_publ_exp, tsuite->rsa_publ_exp_len)) { - testcase_skip("CCA Token in scannot be used with " - "publ_exp.='%s'", s); + testcase_skip("CCA Token in scannot be used with publ_exp.='%s'", s); + goto testcase_cleanup; + } + } + if (is_soft_token(slot_id1) || is_soft_token(slot_id2)) { + if (!is_valid_soft_pubexp(tsuite->rsa_publ_exp, + tsuite->rsa_publ_exp_len)) { + testcase_skip("Soft Token in scannot be used with publ_exp.='%s'", s); goto testcase_cleanup; } } @@ -999,8 +1007,7 @@ CK_RV do_wrapping_test(struct wrapping_mech_info *tsuite) if (!is_valid_tpm_pubexp(tsuite->rsa_publ_exp, tsuite->rsa_publ_exp_len) || !is_valid_tpm_modbits(tsuite->rsa_modbits)) { - testcase_skip("TPM Token cannot " "be used with " - "publ_exp.='%s'", s); + testcase_skip("TPM Token cannot " "be used with publ_exp.='%s'", s); goto testcase_cleanup; } } @@ -1008,8 +1015,7 @@ CK_RV do_wrapping_test(struct wrapping_mech_info *tsuite) if (!is_valid_icsf_pubexp(tsuite->rsa_publ_exp, tsuite->rsa_publ_exp_len) || tsuite->rsa_modbits < 1024) { - testcase_skip("ICSF Token cannot be used with " - "publ_exp='%s'.", s); + testcase_skip("ICSF Token cannot be used with publ_exp='%s'.", s); goto testcase_cleanup; } }