Merged. Thanks!
regards,
Joy
On Tue, 2015-07-14 at 14:48 +0200, Harald Freudenberger wrote:
> obj_mgmt.c now uses a 'real' RSA key and not just 123.
> speed.c checks for CCA token and skips ECB if CCA.
> tok_des.c compiler warning fixed.
> misc_func.c smarter random test and now uses AES instead of DES.
> sess_perf.c now uses AES instead of DES.
>
> Signed-off-by: Harald Freudenberger <fre...@linux.vnet.ibm.com>
> ---
> testcases/misc_tests/obj_mgmt.c | 19 ++++++++++--
> testcases/misc_tests/speed.c | 6 ++++
> testcases/misc_tests/tok_des.c | 2 +-
> testcases/pkcs11/misc_func.c | 63
> ++++++++++++++++++++++-----------------
> testcases/pkcs11/sess_perf.c | 25 +++++++++-------
> 5 files changed, 73 insertions(+), 42 deletions(-)
>
> diff --git a/testcases/misc_tests/obj_mgmt.c b/testcases/misc_tests/obj_mgmt.c
> index 0c17a00..bd67d3b 100644
> --- a/testcases/misc_tests/obj_mgmt.c
> +++ b/testcases/misc_tests/obj_mgmt.c
> @@ -66,8 +66,23 @@ CK_RV do_CreateSessionObject(void)
> CK_OBJECT_HANDLE h_key;
> CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
> CK_KEY_TYPE key_type = CKK_RSA;
> - CK_BYTE key_modulus[] = "1234567890987654321";
> - CK_BYTE key_exponent[] = "123";
> + CK_BYTE key_modulus[] = {
> 0xa5,0x6e,0x4a,0x0e,0x70,0x10,0x17,0x58,
> +
> 0x9a,0x51,0x87,0xdc,0x7e,0xa8,0x41,0xd1,
> +
> 0x56,0xf2,0xec,0x0e,0x36,0xad,0x52,0xa4,
> +
> 0x4d,0xfe,0xb1,0xe6,0x1f,0x7a,0xd9,0x91,
> +
> 0xd8,0xc5,0x10,0x56,0xff,0xed,0xb1,0x62,
> +
> 0xb4,0xc0,0xf2,0x83,0xa1,0x2a,0x88,0xa3,
> +
> 0x94,0xdf,0xf5,0x26,0xab,0x72,0x91,0xcb,
> +
> 0xb3,0x07,0xce,0xab,0xfc,0xe0,0xb1,0xdf,
> +
> 0xd5,0xcd,0x95,0x08,0x09,0x6d,0x5b,0x2b,
> +
> 0x8b,0x6d,0xf5,0xd6,0x71,0xef,0x63,0x77,
> +
> 0xc0,0x92,0x1c,0xb2,0x3c,0x27,0x0a,0x70,
> +
> 0xe2,0x59,0x8e,0x6f,0xf8,0x9d,0x19,0xf1,
> +
> 0x05,0xac,0xc2,0xd3,0xf0,0xcb,0x35,0xf2,
> +
> 0x92,0x80,0xe1,0x38,0x6b,0x6f,0x64,0xc4,
> +
> 0xef,0x22,0xe1,0xe1,0xf2,0x0d,0x0c,0xe8,
> +
> 0xcf,0xfb,0x22,0x49,0xbd,0x9a,0x21,0x37 };
> + CK_BYTE key_exponent[] = { 0x01, 0x00, 0x01 };
> CK_ATTRIBUTE key_attribs[] =
> {
> {CKA_CLASS, &key_class, sizeof(key_class) },
> diff --git a/testcases/misc_tests/speed.c b/testcases/misc_tests/speed.c
> index 9b404f1..79d63a6 100755
> --- a/testcases/misc_tests/speed.c
> +++ b/testcases/misc_tests/speed.c
> @@ -489,6 +489,12 @@ int do_DES3_EncrDecr(const char* mode)
> testcase_begin("DES3 Encrypt with mode=%s datalen=%d\n",
> mode, BIG_REQUEST);
>
> + if (is_cca_token(SLOT_ID) && strcmp(mode, "ECB") == 0) {
> + testcase_skip("Slot %u doesn't support DES3 ECB En/Decrypt\n",
> + (unsigned) SLOT_ID);
> + return TRUE;
> + }
> +
> testcase_rw_session();
> testcase_user_login();
>
> diff --git a/testcases/misc_tests/tok_des.c b/testcases/misc_tests/tok_des.c
> index d0ec221..d477c19 100644
> --- a/testcases/misc_tests/tok_des.c
> +++ b/testcases/misc_tests/tok_des.c
> @@ -79,7 +79,7 @@ do_VerifyTokenSymKey(CK_SESSION_HANDLE sess, CK_BYTE *label)
>
> /* The public exponent is element 0 and modulus is element 1 */
> if (tmpl[0].ulValueLen > 256 || tmpl[0].ulValueLen < 8) {
> - PRINT_ERR("secret key value (%lu) OOB!",
> tmpl[1].ulValueLen);
> + PRINT_ERR("secret key value (%lu) OOB!",
> tmpl[0].ulValueLen);
> return CKR_FUNCTION_FAILED;
> }
>
> diff --git a/testcases/pkcs11/misc_func.c b/testcases/pkcs11/misc_func.c
> index e361c29..28e0ca1 100644
> --- a/testcases/pkcs11/misc_func.c
> +++ b/testcases/pkcs11/misc_func.c
> @@ -14,6 +14,7 @@
> #include "pkcs11types.h"
> #include "regress.h"
> #include "pkcs32.h"
> +#include "common.c"
>
> #define BAD_USER_PIN "534566346"
> #define BAD_USER_PIN_LEN strlen(BAD_USER_PIN)
> @@ -893,7 +894,7 @@ CK_RV do_GenerateRandomData( void )
>
>
> rc = funcs->C_SeedRandom(h1, rand_seed,sizeof(rand_seed));
> - if (rc != CKR_OK){
> + if (rc != CKR_OK && rc != CKR_RANDOM_SEED_NOT_SUPPORTED) {
> show_error(" C_SeedRandom #1",rc);
> return rc;
> }
> @@ -922,18 +923,18 @@ CK_RV do_GenerateRandomData( void )
> }
>
>
> -// //1) generate a DES key from a RO, PUBLIC session. should fail
> -// //2) generate a DES key from a RW, PUBLIC session. should fail
> -// 3) generate a DES key from a RO, USER session.
> -// 4) generate a DES key from a RW, USER session.
> +// //1) generate a AES key from a RO, PUBLIC session. should fail
> +// //2) generate a AES key from a RW, PUBLIC session. should fail
> +// 3) generate a AES key from a RO, USER session.
> +// 4) generate a AES key from a RW, USER session.
> //
> -// 5) generate a DES key from a RO, PUBLIC session. specify template for
> PUBLIC object
> -// 6) generate a DES key from a RO, PUBLIC session. specify template for
> PUBLIC object
> +// 5) generate a AES key from a RO, PUBLIC session. specify template for
> PUBLIC object
> +// 6) generate a AES key from a RO, PUBLIC session. specify template for
> PUBLIC object
> //
> -// 7) generate a DES key from a RW, USER session. specify wrong class
> -// 8) generate a DES key from a RW, USER session. specify right class
> -// 9) generate a DES key from a RW, USER session. specify wrong key type
> -// 10) generate a DES key from a RW, USER session. specify right key type
> +// 7) generate a AES key from a RW, USER session. specify wrong class
> +// 8) generate a AES key from a RW, USER session. specify right class
> +// 9) generate a AES key from a RW, USER session. specify wrong key type
> +// 10) generate a AES key from a RW, USER session. specify right key type
> //
> //
> CK_RV do_GenerateKey( void )
> @@ -956,7 +957,7 @@ CK_RV do_GenerateKey( void )
> return CKR_FUNCTION_FAILED;
> user_pin_len = (CK_ULONG)strlen((char *)user_pin);
>
> - mech.mechanism = CKM_DES_KEY_GEN;
> + mech.mechanism = CKM_AES_KEY_GEN;
> mech.ulParameterLen = 0;
> mech.pParameter = NULL;
>
> @@ -983,7 +984,7 @@ CK_RV do_GenerateKey( void )
> // }
> //
> //
> - // // 2) generate a DES key from RW PUBLIC session. this should also
> fail.
> + // // 2) generate a AES key from RW PUBLIC session. this should also
> fail.
> // //
> // flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
> // rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session );
> @@ -1006,7 +1007,7 @@ CK_RV do_GenerateKey( void )
> // }
>
>
> - // 3) generate a DES key from RO USER session
> + // 3) generate a AES key from RO USER session
> //
> flags = CKF_SERIAL_SESSION;
> rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session );
> @@ -1034,7 +1035,7 @@ CK_RV do_GenerateKey( void )
> }
>
>
> - // 4) generate a DES key from RW USER session
> + // 4) generate a AES key from RW USER session
> //
> flags = CKF_SERIAL_SESSION;
> rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session );
> @@ -1062,7 +1063,7 @@ CK_RV do_GenerateKey( void )
> }
>
>
> - // 5) generate a DES key from a RO PUBLIC session. specify a template
> + // 5) generate a AES key from a RO PUBLIC session. specify a template
> // to indicate this is a public object
> //
> {
> @@ -1092,7 +1093,7 @@ CK_RV do_GenerateKey( void )
> }
>
>
> - // 6) generate a DES key from a RW PUBLIC session. specify a template
> + // 6) generate a AES key from a RW PUBLIC session. specify a template
> // to indicate this is a public object
> //
> {
> @@ -1122,7 +1123,7 @@ CK_RV do_GenerateKey( void )
> }
>
>
> - // 7) generate a DES key from a RW USER session. specify a template
> + // 7) generate a AES key from a RW USER session. specify a template
> // to that specifies the wrong CKA_CLASS
> //
> {
> @@ -1160,7 +1161,7 @@ CK_RV do_GenerateKey( void )
> }
>
>
> - // 8) generate a DES key from a RW USER session. specify a template
> + // 8) generate a AES key from a RW USER session. specify a template
> // to that specifies the correct CKA_CLASS
> //
> {
> @@ -1197,7 +1198,7 @@ CK_RV do_GenerateKey( void )
> }
>
>
> - // 9) generate a DES key from a RW USER session. specify a template
> + // 9) generate a AES key from a RW USER session. specify a template
> // to that specifies the wrong CKA_KEY_TYPE
> //
> {
> @@ -1235,11 +1236,11 @@ CK_RV do_GenerateKey( void )
> }
>
>
> - // 10) generate a DES key from a RW USER session. specify a template
> + // 10) generate a AES key from a RW USER session. specify a template
> // to that specifies the correct CKA_KEY_TYPE
> //
> {
> - CK_KEY_TYPE keytype = CKK_DES;
> + CK_KEY_TYPE keytype = CKK_AES;
> CK_ATTRIBUTE tmpl[] =
> {
> {CKA_KEY_TYPE, &keytype, sizeof(keytype) }
> @@ -1367,24 +1368,30 @@ do_ExtractableSensitiveTest()
> mech.ulParameterLen = 0;
> mech.pParameter = NULL;
>
> - rc |= test_ExtractableAndSensitive(session, &mech, sens_tmpl, 1,
> "Sensitive DES key");
> - rc |= test_ExtractableAndSensitive(session, &mech, ext_tmpl, 1,
> "Extractable DES key");
> + if (mech_supported(slot_id, mech.mechanism)){
> + rc |= test_ExtractableAndSensitive(session, &mech, sens_tmpl,
> 1, "Sensitive DES key");
> + rc |= test_ExtractableAndSensitive(session, &mech, ext_tmpl, 1,
> "Extractable DES key");
> + }
>
> /* TEST 2: 3DES key */
> mech.mechanism = CKM_DES3_KEY_GEN;
> mech.ulParameterLen = 0;
> mech.pParameter = NULL;
>
> - rc |= test_ExtractableAndSensitive(session, &mech, sens_tmpl, 1,
> "Sensitive 3DES key");
> - rc |= test_ExtractableAndSensitive(session, &mech, ext_tmpl, 1,
> "Extractable 3DES key");
> + if (mech_supported(slot_id, mech.mechanism)){
> + rc |= test_ExtractableAndSensitive(session, &mech, sens_tmpl,
> 1, "Sensitive 3DES key");
> + rc |= test_ExtractableAndSensitive(session, &mech, ext_tmpl, 1,
> "Extractable 3DES key");
> + }
>
> /* TEST 3: SSLv3 key */
> mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN;
> mech.ulParameterLen = sizeof(CK_VERSION);
> mech.pParameter = &version;
>
> - rc |= test_ExtractableAndSensitive(session, &mech, sens_tmpl, 1,
> "Sensitive SSLv3 key");
> - rc |= test_ExtractableAndSensitive(session, &mech, ext_tmpl, 1,
> "Extractable SSLv3 key");
> + if (mech_supported(slot_id, mech.mechanism)){
> + rc |= test_ExtractableAndSensitive(session, &mech, sens_tmpl,
> 1, "Sensitive SSLv3 key");
> + rc |= test_ExtractableAndSensitive(session, &mech, ext_tmpl, 1,
> "Extractable SSLv3 key");
> + }
>
> /* TEST 4: AES 128 key */
> mech.mechanism = CKM_AES_KEY_GEN;
> diff --git a/testcases/pkcs11/sess_perf.c b/testcases/pkcs11/sess_perf.c
> index 930de21..db0e2e1 100644
> --- a/testcases/pkcs11/sess_perf.c
> +++ b/testcases/pkcs11/sess_perf.c
> @@ -53,7 +53,9 @@ int create_des_encrypt_context(CK_SESSION_HANDLE_PTR hsess,
> CK_OBJECT_HANDLE_PTR
> CK_SLOT_ID slot_id;
> CK_FLAGS flags;
> CK_RV rc;
> - CK_MECHANISM mech;
> + CK_MECHANISM mech;
> + CK_ULONG key_len = 16;
> + CK_ATTRIBUTE tkey = {CKA_VALUE_LEN, &key_len, sizeof(CK_ULONG)};
>
> /* create session */
> slot_id = SLOT_ID;
> @@ -66,20 +68,20 @@ int create_des_encrypt_context(CK_SESSION_HANDLE_PTR
> hsess, CK_OBJECT_HANDLE_PTR
> }
>
> /* generate key in this specific session */
> - mech.mechanism = CKM_DES_KEY_GEN;
> + mech.mechanism = CKM_AES_KEY_GEN;
> mech.ulParameterLen = 0;
> mech.pParameter = NULL;
>
> - rc = funcs->C_GenerateKey(*hsess, &mech, NULL, 0, hkey);
> + rc = funcs->C_GenerateKey(*hsess, &mech, &tkey, 1, hkey);
> if (rc != CKR_OK) {
> show_error(" C_GenerateKey #1", rc);
> return FALSE;
> }
>
> /* Get Random for Initialization Vector */
> - mech.mechanism = CKM_DES_CBC;
> - mech.ulParameterLen = 8;
> - mech.pParameter = "12345678";
> + mech.mechanism = CKM_AES_CBC;
> + mech.ulParameterLen = 16;
> + mech.pParameter = "1234567890123456";
>
> /* Create encryption context using this session and key */
> rc = funcs->C_EncryptInit(*hsess, &mech, *hkey);
> @@ -91,10 +93,11 @@ int create_des_encrypt_context(CK_SESSION_HANDLE_PTR
> hsess, CK_OBJECT_HANDLE_PTR
> return TRUE;
> }
>
> -int encrypt_DATA(CK_SESSION_HANDLE hsess, CK_OBJECT_HANDLE hkey, CK_ULONG
> blocklen) {
> +int encrypt_DATA(CK_SESSION_HANDLE hsess, CK_OBJECT_HANDLE hkey, CK_ULONG
> blocklen)
> +{
> CK_RV rc;
> - CK_ULONG outlen = 8;
> - unsigned long int i;
> + CK_ULONG outlen = 16;
> + unsigned long int i;
>
> for (i = 0; i < DATALEN; i+=outlen) {
> rc = funcs->C_EncryptUpdate(hsess, (CK_BYTE_PTR)(DATA + i) ,
> blocklen,
> @@ -175,14 +178,14 @@ int do_SessionPerformance(unsigned int count)
>
> /* Time encrypt operation in the first and last session */
> GetSystemTime(&t1);
> - rc = encrypt_DATA(t[0].hsess, t[0].hkey, 8);
> + rc = encrypt_DATA(t[0].hsess, t[0].hkey, 16);
> if (rc == FALSE) {
> show_error(" encrypt_DATA #1", (CK_RV)0);
> return FALSE;
>
> }
>
> - rc = encrypt_DATA(t[count - 1].hsess, t[count - 1].hkey, 8);
> + rc = encrypt_DATA(t[count - 1].hsess, t[count - 1].hkey, 16);
> if (rc == FALSE) {
> show_error(" encrypt_DATA #2", (CK_RV)0);
> return FALSE;
------------------------------------------------------------------------------
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________
Opencryptoki-tech mailing list
Opencryptoki-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
