This patch adds testcases/oc-digest/digest_test.sh, which gives a flexible way to test new digests against opencryptoki. It also modifies testcases/oc-digest.c to return a non-zero return code to the command line when it fails. This enables the script to detect when opencryptoki doesn't support a specific digest on the slot being tested.
The script: 1. Checks that the algorithm is supported in the slot being tested 2. Generates (from /dev/urandom) a set of files to test based on the block size of the supported algorithm 3. Hashes those files using oc-digest and validates the output 4. Deletes the test files This initial version of the script supports testing md5, sha1, sha256, sha384 and sha512. Thanks, Kent Signed-off-by: Kent Yoder <[email protected]> diff --git a/testcases/oc-digest/digest_tests.sh b/testcases/oc-digest/digest_tests.sh new file mode 100755 index 0000000..d0ef632 --- /dev/null +++ b/testcases/oc-digest/digest_tests.sh @@ -0,0 +1,241 @@ +#!/bin/sh +# +# digest_test.sh - script to test PKCS#11 digest algorithms using oc-digest +# +# usage: digest_test.sh [-slot <slot id>] +# +# Author: Kent Yoder <[email protected]> +# +# This script will do the following for each digest type in the $digest_types +# array: +# +# 1. Check that the algorithm is supported in the slot being tested +# 2. generate a set of files to test based on the block size of the algorithm +# 3. Hash those files using oc-digest and validate the output +# 4. delete the test files +# +# TO ADD A NEW ALGORITHM TO TEST TO THIS SCRIPT: +# 1. increment num_digest_types below +# 2. add new entries for your alg into the $digest_types, $digest_sizes and +# $validators arrays below +# 3. that's it +# + +#set -x + +# num_digest_types should be the number of items in the $digest_types, +# $digest_sizes and $validators arrays below. This script will loop from +# 0 .. ($num_digest_types - 1) +num_digest_types=5 + +# algorithms to test - these are strings that are valid to pass to the -t +# option of oc-digest +# +digest_types[0]="sha1" +digest_types[1]="sha256" +digest_types[2]="sha384" +digest_types[3]="sha512" +digest_types[4]="md5" + +# the block sizes of each algorithm - we use these to base the size of +# some of thest files on +# +digest_sizes[0]=20 +digest_sizes[1]=32 +digest_sizes[2]=48 +digest_sizes[3]=64 +digest_sizes[4]=16 + +# an external program to validate each type of hash +validators[0]="sha1sum -c" +validators[1]="sha256sum -c" +validators[2]="sha384sum -c" +validators[3]="sha512sum -c" +validators[4]="md5sum -c" + +# default slot is 0, but -slot argument will override +SLOT_ID=0 + +# return codes +CKR_OK=0 +CKR_MECHANISM_INVALID=112 + +# a list which will be populated with an array of indexes of algorithms +# supported by this token. This array will determine which algs are tested +digest_types_to_test= + +FILE_NAMES= +# always test a 0 and 1 byte file, all other file sizes to test are based on +# the block size of the algorithm being tested +FILE_SIZES_INITIALIZER="0 1" +FILE_SIZES=${FILE_SIZES_INITIALIZER} + +# return code to the command line +GLOBAL_RC=0 + +# +# run a test +# +# $1 - algorithm to test +# $2 - filename to test +# $3 - (optional) validator to use +# +function run_test +{ + if test "x$3" == "x"; then + ./oc-digest -slot $SLOT_ID -t $1 $2 + else + ./oc-digest -slot $SLOT_ID -t $1 $2 | $3 + fi + + return $? +} + +function exit_with_code +{ + exit $1 +} + +# +# given a block size, generate test files +# +# $1 = block size +function generate_testfiles +{ + HASH_BLOCK_SIZE=$1 + # This is the list of file sizes to test for each digest algorithm + FILE_SIZES="$FILE_SIZES $HASH_BLOCK_SIZE" + FILE_SIZES="$FILE_SIZES $(( $HASH_BLOCK_SIZE + 1 ))" + FILE_SIZES="$FILE_SIZES $(( $HASH_BLOCK_SIZE - 1 ))" + FILE_SIZES="$FILE_SIZES $(( $HASH_BLOCK_SIZE / 2 ))" + FILE_SIZES="$FILE_SIZES $(( $HASH_BLOCK_SIZE * 2 ))" + FILE_SIZES="$FILE_SIZES $(( $HASH_BLOCK_SIZE * 4 ))" + FILE_SIZES="$FILE_SIZES $(( $HASH_BLOCK_SIZE * 8 ))" + FILE_SIZES="$FILE_SIZES $(( $HASH_BLOCK_SIZE * 16 ))" + FILE_SIZES="$FILE_SIZES $(( $HASH_BLOCK_SIZE * 5 ))" + FILE_SIZES="$FILE_SIZES $(( $HASH_BLOCK_SIZE * 10 ))" + FILE_SIZES="$FILE_SIZES $(( $HASH_BLOCK_SIZE * 100 ))" + FILE_SIZES="$FILE_SIZES $(( $HASH_BLOCK_SIZE * 1000 ))" + FILE_SIZES="$FILE_SIZES $(( $HASH_BLOCK_SIZE * 1024 ))" + FILE_SIZES="$FILE_SIZES $(( $HASH_BLOCK_SIZE * 1024 + 1))" + FILE_SIZES="$FILE_SIZES $(( $HASH_BLOCK_SIZE * 1024 - 1))" + + for FILE_SIZE in $FILE_SIZES + do + FILE_NAME="${FILE_SIZE}_byte_file" + + if test $FILE_SIZE -eq 0; then + touch $FILE_NAME + else + dd if=/dev/urandom of=$FILE_NAME count=1 bs=$FILE_SIZE >/dev/null 2>&1 + fi + + RC=$? + if test $RC -ne 0; then + echo "error generating $FILE_NAME" + return $RC + fi + done +} + +# +# given a block size, run tests on a set of files +# +# $1 = index of $digest_types to test +function run_tests +{ + INDEX=$1 + for FILE_SIZE in $FILE_SIZES + do + FILE_NAME="${FILE_SIZE}_byte_file" + run_test ${digest_types[$INDEX]} ${FILE_NAME} "${validators[$INDEX]}" + if test $RC -ne 0; then + echo "error testing ${digest_types[$INDEX]} $FILE_NAME" + fi + done +} + +# +# delete test files +# +function cleanup_testfiles +{ + for FILE_SIZE in $FILE_SIZES + do + FILE_NAME="${FILE_SIZE}_byte_file" + rm -f ./$FILE_NAME + done +} + +function usage +{ + echo "usage: $1 [-slot <slot id>]" + exit -1 +} + +# +# main() +# + +# +# Check for -slot param +# +while test "x$1" != "x"; do + if test "x$1" == "x-slot"; then + if test "x$2" != "x"; then + shift + SLOT_ID=$1 + shift + continue + else + usage $0 + fi + else + usage $0 + fi +done + +# +# for each of the digest types, try to hash some random file as a test to +# see if that algorithm is supported on this token +# +for i in $(seq 0 $(( $num_digest_types - 1 ))) +do + echo "Testing if slot $SLOT_ID supports ${digest_types[$i]}..." + run_test ${digest_types[$i]} /bin/ls + RC=$? + if test $RC -eq $CKR_MECHANISM_INVALID + then + # this alg isn't supported on this token, test the next alg + echo "nope." + continue + elif test $RC -eq $CKR_OK + then + # this alg is supported, add it to the list to test + echo "yes. ${digest_types[$i]} will be tested." + digest_types_to_test="$digest_types_to_test $i" + else + # error, exit as user intervention is required + echo "Error ($RC) while determining if ${digest_types[$i]} is supported" + exit_with_code $RC + fi +done + +# generate files to test and run the testcases +for i in $digest_types_to_test +do + echo "Testing ${digest_types[$i]}..." + generate_testfiles ${digest_sizes[$i]} + RC=$? + if test $RC -ne 0 + then + GLOBAL_RC=$RC + cleanup_testfiles + else + run_tests $i + fi + cleanup_testfiles + FILE_SIZES=${FILE_SIZES_INITIALIZER} +done + +exit $GLOBAL_RC diff --git a/testcases/oc-digest/oc-digest.c b/testcases/oc-digest/oc-digest.c index dc596bc..78d735d 100644 --- a/testcases/oc-digest/oc-digest.c +++ b/testcases/oc-digest/oc-digest.c @@ -292,9 +292,17 @@ mech_close: free(mech_list); session_close: - /* Close the session */ - if( (rc = funcs->C_CloseSession(session_handle)) != CKR_OK ) { - oc_err_msg("C_CloseSession", rc); + /* Close the session, being careful not to clobber rc */ + { + CK_RV loc_rc; + + if( (loc_rc = funcs->C_CloseSession(session_handle)) != CKR_OK ) { + oc_err_msg("C_CloseSession", loc_rc); + + if (rc == CKR_OK) { + rc = loc_rc; + } + } } file_close: @@ -302,7 +310,9 @@ file_close: close(fd); /* Call C_Finalize and dlclose the library */ - return clean_up(); + clean_up(); + + return rc; } int clean_up(void) ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Opencryptoki-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
