aboutsummaryrefslogtreecommitdiff
path: root/tests/test-rpc_pkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'tests/test-rpc_pkey.c')
-rw-r--r--tests/test-rpc_pkey.c519
1 files changed, 343 insertions, 176 deletions
diff --git a/tests/test-rpc_pkey.c b/tests/test-rpc_pkey.c
index f6b6f15..c07a318 100644
--- a/tests/test-rpc_pkey.c
+++ b/tests/test-rpc_pkey.c
@@ -44,6 +44,8 @@
#include "test-rsa.h"
#include "test-ecdsa.h"
+#define lose(...) do { printf(__VA_ARGS__); goto fail; } while (0)
+
static inline const char *ecdsa_curve_to_string(const hal_curve_name_t curve)
{
switch (curve) {
@@ -54,287 +56,452 @@ static inline const char *ecdsa_curve_to_string(const hal_curve_name_t curve)
}
}
-static int test_rsa_testvec(const rsa_tc_t * const tc)
+static int test_attributes(const hal_pkey_handle_t pkey,
+ const hal_uuid_t * const name,
+ const hal_key_flags_t flags)
+{
+ static const size_t sizes[] = { 32, 100, 260, 1000, 2000, 0 };
+ static const char format[] = "Test attribute %lu";
+
+ hal_error_t err;
+
+ for (const size_t *size = sizes; *size; size++) {
+ uint8_t buf_1[*size], buf_2[*size];
+ memset(buf_1, 0x55, sizeof(buf_1));
+ snprintf((char *) buf_1, sizeof(buf_1), format, (unsigned long) *size);
+ hal_pkey_attribute_t attr_set = { .type = *size, .length = sizeof(buf_1), .value = buf_1 };
+ hal_pkey_attribute_t attr_get = { .type = *size };
+ hal_pkey_attribute_t attr_del = { .type = *size, .length = HAL_PKEY_ATTRIBUTE_NIL };
+
+ if ((err = hal_rpc_pkey_set_attributes(pkey, &attr_set, 1)) != HAL_OK)
+ lose("Could not set attribute %lu: %s\n",
+ (unsigned long) *size, hal_error_string(err));
+
+ if ((err = hal_rpc_pkey_get_attributes(pkey, &attr_get, 1, buf_2, sizeof(buf_2))) != HAL_OK)
+ lose("Could not get attribute %lu: %s\n",
+ (unsigned long) *size, hal_error_string(err));
+
+ if (attr_get.length != *size)
+ lose("Unexpected size returned for attribute %lu: %lu\n",
+ (unsigned long) *size, (unsigned long) attr_get.length);
+
+ if ((err = hal_rpc_pkey_set_attributes(pkey, &attr_del, 1)) != HAL_OK)
+ lose("Could not delete attribute %lu: %s\n",
+ (unsigned long) *size, hal_error_string(err));
+
+ if ((err = hal_rpc_pkey_set_attributes(pkey, &attr_set, 1)) != HAL_OK)
+ lose("Could not (re)set attribute %lu: %s\n",
+ (unsigned long) *size, hal_error_string(err));
+ }
+
+ {
+ const hal_client_handle_t client = {HAL_HANDLE_NONE};
+ const hal_session_handle_t session = {HAL_HANDLE_NONE};
+ hal_uuid_t result[10], previous_uuid = {{0}};
+ unsigned result_len;
+
+ if ((err = hal_rpc_pkey_match(client, session, HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, flags, NULL, 0,
+ result, &result_len, sizeof(result)/sizeof(*result),
+ &previous_uuid)) != HAL_OK)
+ lose("Unrestricted match() failed: %s\n", hal_error_string(err));
+
+ if (result_len == 0)
+ lose("Unrestricted match found no results\n");
+
+ for (const size_t *size = sizes; *size; size++) {
+ uint8_t buf[*size];
+ memset(buf, 0x55, sizeof(buf));
+ snprintf((char *) buf, sizeof(buf), format, (unsigned long) *size);
+ hal_pkey_attribute_t attribute[1] = {{ *size, sizeof(buf), buf }};
+
+ if ((err = hal_rpc_pkey_match(client, session, HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, flags,
+ attribute, sizeof(attribute)/sizeof(*attribute),
+ result, &result_len, sizeof(result)/sizeof(*result),
+ &previous_uuid)) != HAL_OK)
+ lose("Restricted match() for attribute %lu failed: %s\n",
+ (unsigned long) *size, hal_error_string(err));
+
+ if (result_len == 0)
+ lose("Restricted match for attribute %lu found no results\n", (unsigned long) *size);
+ }
+
+#warning More hal_rpc_pkey_match() testing here.
+
+ }
+
+ return 1;
+
+ fail:
+ return 0;
+}
+
+static int test_rsa_testvec(const rsa_tc_t * const tc, hal_key_flags_t flags)
{
- const hal_client_handle_t client = {0};
- const hal_session_handle_t session = {0};
- hal_pkey_handle_t private_key, public_key;
+ const hal_client_handle_t client = {HAL_HANDLE_NONE};
+ const hal_session_handle_t session = {HAL_HANDLE_NONE};
+ hal_pkey_handle_t private_key = {HAL_HANDLE_NONE};
+ hal_pkey_handle_t public_key = {HAL_HANDLE_NONE};
hal_error_t err;
size_t len;
assert(tc != NULL);
- printf("Starting %lu-bit RSA test vector tests\n", (unsigned long) tc->size);
+ {
+ flags |= HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE;
- uint8_t tc_keybuf[hal_rsa_key_t_size];
- hal_rsa_key_t *tc_key = NULL;
+ printf("Starting %lu-bit RSA test vector tests, flags 0x%lx\n",
+ (unsigned long) tc->size, (unsigned long) flags);
- if ((err = hal_rsa_key_load_private(&tc_key,
- tc_keybuf, sizeof(tc_keybuf),
- tc->n.val, tc->n.len,
- tc->e.val, tc->e.len,
- tc->d.val, tc->d.len,
- tc->p.val, tc->p.len,
- tc->q.val, tc->q.len,
- tc->u.val, tc->u.len,
- tc->dP.val, tc->dP.len,
- tc->dQ.val, tc->dQ.len)) != HAL_OK)
- return printf("Could not load RSA private key from test vector: %s\n", hal_error_string(err)), 0;
+ uint8_t tc_keybuf[hal_rsa_key_t_size];
+ hal_rsa_key_t *tc_key = NULL;
- const uint8_t private_label[] = "RSA private key", public_label[] = "RSA public key";
+ if ((err = hal_rsa_key_load_private(&tc_key,
+ tc_keybuf, sizeof(tc_keybuf),
+ tc->n.val, tc->n.len,
+ tc->e.val, tc->e.len,
+ tc->d.val, tc->d.len,
+ tc->p.val, tc->p.len,
+ tc->q.val, tc->q.len,
+ tc->u.val, tc->u.len,
+ tc->dP.val, tc->dP.len,
+ tc->dQ.val, tc->dQ.len)) != HAL_OK)
+ lose("Could not load RSA private key from test vector: %s\n", hal_error_string(err));
- uint8_t private_der[hal_rsa_private_key_to_der_len(tc_key)];
- uint8_t public_der[hal_rsa_public_key_to_der_len(tc_key)];
+ hal_uuid_t private_name, public_name;
- if ((err = hal_rsa_private_key_to_der(tc_key, private_der, &len, sizeof(private_der))) != HAL_OK)
- return printf("Could not DER encode private key from test vector: %s\n", hal_error_string(err)), 0;
+ uint8_t private_der[hal_rsa_private_key_to_der_len(tc_key)];
+ uint8_t public_der[hal_rsa_public_key_to_der_len(tc_key)];
- assert(len == sizeof(private_der));
+ if ((err = hal_rsa_private_key_to_der(tc_key, private_der, &len, sizeof(private_der))) != HAL_OK)
+ lose("Could not DER encode private key from test vector: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_load(client, session, &private_key, HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE,
- private_label, sizeof(private_label), private_der, sizeof(private_der),
- HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK)
- return printf("Could not load private key into RPC: %s\n", hal_error_string(err)), 0;
+ assert(len == sizeof(private_der));
- if ((err = hal_rsa_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK)
- return printf("Could not DER encode public key from test vector: %s\n", hal_error_string(err)), 0;
+ if ((err = hal_rpc_pkey_load(client, session, &private_key, HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE,
+ &private_name, private_der, sizeof(private_der), flags)) != HAL_OK)
+ lose("Could not load private key into RPC: %s\n", hal_error_string(err));
- assert(len == sizeof(public_der));
+ if ((err = hal_rsa_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK)
+ lose("Could not DER encode public key from test vector: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE,
- public_label, sizeof(public_label), public_der, sizeof(public_der),
- HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK)
- return printf("Could not load public key into RPC: %s\n", hal_error_string(err)), 0;
+ assert(len == sizeof(public_der));
- uint8_t sig[tc->s.len];
+ if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE,
+ &public_name, public_der, sizeof(public_der), flags)) != HAL_OK)
+ lose("Could not load public key into RPC: %s\n", hal_error_string(err));
- /*
- * Raw RSA test cases include PKCS #1.5 padding, we need to drill down to the DigestInfo.
- */
- assert(tc->m.len > 4 && tc->m.val[0] == 0x00 && tc->m.val[1] == 0x01 && tc->m.val[2] == 0xff);
- const uint8_t *digestinfo = memchr(tc->m.val + 2, 0x00, tc->m.len - 2);
- assert(digestinfo != NULL);
- const size_t digestinfo_len = tc->m.val + tc->m.len - ++digestinfo;
+ uint8_t sig[tc->s.len];
- if ((err = hal_rpc_pkey_sign(session, private_key, hal_hash_handle_none,
- digestinfo, digestinfo_len, sig, &len, sizeof(sig))) != HAL_OK)
- return printf("Could not sign: %s\n", hal_error_string(err)), 0;
+ /*
+ * Raw RSA test cases include PKCS #1.5 padding, we need to drill down to the DigestInfo.
+ */
+ assert(tc->m.len > 4 && tc->m.val[0] == 0x00 && tc->m.val[1] == 0x01 && tc->m.val[2] == 0xff);
+ const uint8_t *digestinfo = memchr(tc->m.val + 2, 0x00, tc->m.len - 2);
+ assert(digestinfo != NULL);
+ const size_t digestinfo_len = tc->m.val + tc->m.len - ++digestinfo;
- if (tc->s.len != len || memcmp(sig, tc->s.val, tc->s.len) != 0)
- return printf("MISMATCH\n"), 0;
+ if ((err = hal_rpc_pkey_sign(private_key, hal_hash_handle_none,
+ digestinfo, digestinfo_len, sig, &len, sizeof(sig))) != HAL_OK)
+ lose("Could not sign: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_verify(session, public_key, hal_hash_handle_none,
- digestinfo, digestinfo_len, tc->s.val, tc->s.len)) != HAL_OK)
- return printf("Could not verify: %s\n", hal_error_string(err)), 0;
+ if (tc->s.len != len || memcmp(sig, tc->s.val, tc->s.len) != 0)
+ lose("MISMATCH\n");
- if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK)
- return printf("Could not delete private key: %s\n", hal_error_string(err)), 0;
+ if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none,
+ digestinfo, digestinfo_len, tc->s.val, tc->s.len)) != HAL_OK)
+ lose("Could not verify: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK)
- return printf("Could not delete public key: %s\n", hal_error_string(err)), 0;
+ if (!test_attributes(private_key, &private_name, flags) || !test_attributes(public_key, &public_name, flags))
+ goto fail;
- printf("OK\n");
- return 1;
+ if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK)
+ lose("Could not delete private key: %s\n", hal_error_string(err));
+
+ if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK)
+ lose("Could not delete public key: %s\n", hal_error_string(err));
+
+ printf("OK\n");
+ return 1;
+ }
+
+ fail:
+ if (private_key.handle != HAL_HANDLE_NONE &&
+ (err = hal_rpc_pkey_delete(private_key)) != HAL_OK)
+ printf("Warning: could not delete private key: %s\n", hal_error_string(err));
+
+ if (public_key.handle != HAL_HANDLE_NONE &&
+ (err = hal_rpc_pkey_delete(public_key)) != HAL_OK)
+ printf("Warning: could not delete public key: %s\n", hal_error_string(err));
+
+ return 0;
}
-static int test_ecdsa_testvec(const ecdsa_tc_t * const tc)
+static int test_ecdsa_testvec(const ecdsa_tc_t * const tc, hal_key_flags_t flags)
{
- const hal_client_handle_t client = {0};
- const hal_session_handle_t session = {0};
- hal_pkey_handle_t private_key, public_key;
+ const hal_client_handle_t client = {HAL_HANDLE_NONE};
+ const hal_session_handle_t session = {HAL_HANDLE_NONE};
+ hal_pkey_handle_t private_key = {HAL_HANDLE_NONE};
+ hal_pkey_handle_t public_key = {HAL_HANDLE_NONE};
hal_error_t err;
size_t len;
assert(tc != NULL);
- printf("Starting ECDSA %s test vector tests\n", ecdsa_curve_to_string(tc->curve));
+ {
+ flags |= HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE;
- uint8_t tc_keybuf[hal_ecdsa_key_t_size];
- hal_ecdsa_key_t *tc_key = NULL;
+ printf("Starting ECDSA %s test vector tests, flags 0x%lx\n",
+ ecdsa_curve_to_string(tc->curve), (unsigned long) flags);
- if ((err = hal_ecdsa_key_load_private(&tc_key, tc_keybuf, sizeof(tc_keybuf), tc->curve,
- tc->Qx, tc->Qx_len, tc->Qy, tc->Qy_len,
- tc->d, tc->d_len)) != HAL_OK)
- return printf("Could not load ECDSA private key from test vector: %s\n", hal_error_string(err)), 0;
+ uint8_t tc_keybuf[hal_ecdsa_key_t_size];
+ hal_ecdsa_key_t *tc_key = NULL;
- const uint8_t private_label[] = "ECDSA private key", public_label[] = "ECDSA public key";
+ if ((err = hal_ecdsa_key_load_private(&tc_key, tc_keybuf, sizeof(tc_keybuf), tc->curve,
+ tc->Qx, tc->Qx_len, tc->Qy, tc->Qy_len,
+ tc->d, tc->d_len)) != HAL_OK)
+ lose("Could not load ECDSA private key from test vector: %s\n", hal_error_string(err));
- uint8_t private_der[hal_ecdsa_private_key_to_der_len(tc_key)];
- uint8_t public_der[hal_ecdsa_public_key_to_der_len(tc_key)];
+ hal_uuid_t private_name, public_name;
- if ((err = hal_ecdsa_private_key_to_der(tc_key, private_der, &len, sizeof(private_der))) != HAL_OK)
- return printf("Could not DER encode private key from test vector: %s\n", hal_error_string(err)), 0;
+ uint8_t private_der[hal_ecdsa_private_key_to_der_len(tc_key)];
+ uint8_t public_der[hal_ecdsa_public_key_to_der_len(tc_key)];
- assert(len == sizeof(private_der));
+ if ((err = hal_ecdsa_private_key_to_der(tc_key, private_der, &len, sizeof(private_der))) != HAL_OK)
+ lose("Could not DER encode private key from test vector: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_load(client, session, &private_key, HAL_KEY_TYPE_EC_PRIVATE, tc->curve,
- private_label, sizeof(private_label), private_der, sizeof(private_der),
- HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK)
- return printf("Could not load private key into RPC: %s\n", hal_error_string(err)), 0;
+ assert(len == sizeof(private_der));
- if ((err = hal_ecdsa_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK)
- return printf("Could not DER encode public key from test vector: %s\n", hal_error_string(err)), 0;
+ if ((err = hal_rpc_pkey_load(client, session, &private_key, HAL_KEY_TYPE_EC_PRIVATE, tc->curve,
+ &private_name, private_der, sizeof(private_der), flags)) != HAL_OK)
+ lose("Could not load private key into RPC: %s\n", hal_error_string(err));
- assert(len == sizeof(public_der));
+ if ((err = hal_ecdsa_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK)
+ lose("Could not DER encode public key from test vector: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_EC_PUBLIC, tc->curve,
- public_label, sizeof(public_label), public_der, sizeof(public_der),
- HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK)
- return printf("Could not load public key into RPC: %s\n", hal_error_string(err)), 0;
+ assert(len == sizeof(public_der));
- if ((err = hal_rpc_pkey_verify(session, public_key, hal_hash_handle_none,
- tc->H, tc->H_len, tc->sig, tc->sig_len)) != HAL_OK)
- return printf("Could not verify signature from test vector: %s\n", hal_error_string(err)), 0;
+ if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_EC_PUBLIC, tc->curve,
+ &public_name, public_der, sizeof(public_der), flags)) != HAL_OK)
+ lose("Could not load public key into RPC: %s\n", hal_error_string(err));
- uint8_t sig[tc->sig_len + 4];
+ if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none,
+ tc->H, tc->H_len, tc->sig, tc->sig_len)) != HAL_OK)
+ lose("Could not verify signature from test vector: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_sign(session, private_key, hal_hash_handle_none,
- tc->H, tc->H_len, sig, &len, sizeof(sig))) != HAL_OK)
- return printf("Could not sign: %s\n", hal_error_string(err)), 0;
+ uint8_t sig[tc->sig_len + 4];
- if ((err = hal_rpc_pkey_verify(session, public_key, hal_hash_handle_none,
- tc->H, tc->H_len, sig, len)) != HAL_OK)
- return printf("Could not verify own signature: %s\n", hal_error_string(err)), 0;
+ if ((err = hal_rpc_pkey_sign(private_key, hal_hash_handle_none,
+ tc->H, tc->H_len, sig, &len, sizeof(sig))) != HAL_OK)
+ lose("Could not sign: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK)
- return printf("Could not delete private key: %s\n", hal_error_string(err)), 0;
+ if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none,
+ tc->H, tc->H_len, sig, len)) != HAL_OK)
+ lose("Could not verify own signature: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK)
- return printf("Could not delete public key: %s\n", hal_error_string(err)), 0;
+ if (!test_attributes(private_key, &private_name, flags) || !test_attributes(public_key, &public_name, flags))
+ goto fail;
- printf("OK\n");
- return 1;
+ if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK)
+ lose("Could not delete private key: %s\n", hal_error_string(err));
+
+ if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK)
+ lose("Could not delete public key: %s\n", hal_error_string(err));
+
+ printf("OK\n");
+ return 1;
+ }
+
+ fail:
+ if (private_key.handle != HAL_HANDLE_NONE &&
+ (err = hal_rpc_pkey_delete(private_key)) != HAL_OK)
+ printf("Warning: could not delete private key: %s\n", hal_error_string(err));
+
+ if (public_key.handle != HAL_HANDLE_NONE &&
+ (err = hal_rpc_pkey_delete(public_key)) != HAL_OK)
+ printf("Warning: could not delete public key: %s\n", hal_error_string(err));
+
+ return 0;
}
-static int test_rsa_generate(const rsa_tc_t * const tc)
+static int test_rsa_generate(const rsa_tc_t * const tc, hal_key_flags_t flags)
{
- const hal_client_handle_t client = {0};
- const hal_session_handle_t session = {0};
- hal_pkey_handle_t private_key, public_key;
+ const hal_client_handle_t client = {HAL_HANDLE_NONE};
+ const hal_session_handle_t session = {HAL_HANDLE_NONE};
+ hal_pkey_handle_t private_key = {HAL_HANDLE_NONE};
+ hal_pkey_handle_t public_key = {HAL_HANDLE_NONE};
hal_error_t err;
size_t len;
assert(tc != NULL);
- printf("Starting %lu-bit RSA key generation tests\n", (unsigned long) tc->size);
+ {
+ flags |= HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE;
- const uint8_t private_label[] = "Generated RSA private key", public_label[] = "Generated RSA public key";
+ printf("Starting %lu-bit RSA key generation tests, flags 0x%lx\n",
+ (unsigned long) tc->size, (unsigned long) flags);
- if ((err = hal_rpc_pkey_generate_rsa(client, session, &private_key, private_label, sizeof(private_label),
- tc->size, tc->e.val, tc->e.len,
- HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK)
- return printf("Could not generate RSA private key: %s\n", hal_error_string(err)), 0;
+ hal_uuid_t private_name, public_name;
- uint8_t public_der[hal_rpc_pkey_get_public_key_len(private_key)];
+ if ((err = hal_rpc_pkey_generate_rsa(client, session, &private_key, &private_name,
+ tc->size, tc->e.val, tc->e.len, flags)) != HAL_OK)
+ lose("Could not generate RSA private key: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_get_public_key(private_key, public_der, &len, sizeof(public_der))) != HAL_OK)
- return printf("Could not DER encode RPC RSA public key from RPC RSA private key: %s\n", hal_error_string(err)), 0;
+ uint8_t public_der[hal_rpc_pkey_get_public_key_len(private_key)];
- assert(len == sizeof(public_der));
+ if ((err = hal_rpc_pkey_get_public_key(private_key, public_der, &len, sizeof(public_der))) != HAL_OK)
+ lose("Could not DER encode RPC RSA public key from RPC RSA private key: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE,
- public_label, sizeof(public_label), public_der, sizeof(public_der),
- HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK)
- return printf("Could not load public key into RPC: %s\n", hal_error_string(err)), 0;
+ assert(len == sizeof(public_der));
- uint8_t sig[tc->s.len];
+ if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE,
+ &public_name, public_der, sizeof(public_der), flags)) != HAL_OK)
+ lose("Could not load public key into RPC: %s\n", hal_error_string(err));
- /*
- * Raw RSA test cases include PKCS #1.5 padding, we need to drill down to the DigestInfo.
- */
- assert(tc->m.len > 4 && tc->m.val[0] == 0x00 && tc->m.val[1] == 0x01 && tc->m.val[2] == 0xff);
- const uint8_t *digestinfo = memchr(tc->m.val + 2, 0x00, tc->m.len - 2);
- assert(digestinfo != NULL);
- const size_t digestinfo_len = tc->m.val + tc->m.len - ++digestinfo;
+ uint8_t sig[tc->s.len];
- if ((err = hal_rpc_pkey_sign(session, private_key, hal_hash_handle_none,
- digestinfo, digestinfo_len, sig, &len, sizeof(sig))) != HAL_OK)
- return printf("Could not sign: %s\n", hal_error_string(err)), 0;
+ /*
+ * Raw RSA test cases include PKCS #1.5 padding, we need to drill down to the DigestInfo.
+ */
+ assert(tc->m.len > 4 && tc->m.val[0] == 0x00 && tc->m.val[1] == 0x01 && tc->m.val[2] == 0xff);
+ const uint8_t *digestinfo = memchr(tc->m.val + 2, 0x00, tc->m.len - 2);
+ assert(digestinfo != NULL);
+ const size_t digestinfo_len = tc->m.val + tc->m.len - ++digestinfo;
- if ((err = hal_rpc_pkey_verify(session, public_key, hal_hash_handle_none,
- digestinfo, digestinfo_len, sig, len)) != HAL_OK)
- return printf("Could not verify: %s\n", hal_error_string(err)), 0;
+ if ((err = hal_rpc_pkey_sign(private_key, hal_hash_handle_none,
+ digestinfo, digestinfo_len, sig, &len, sizeof(sig))) != HAL_OK)
+ lose("Could not sign: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK)
- return printf("Could not delete private key: %s\n", hal_error_string(err)), 0;
+ if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none,
+ digestinfo, digestinfo_len, sig, len)) != HAL_OK)
+ lose("Could not verify: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK)
- return printf("Could not delete public key: %s\n", hal_error_string(err)), 0;
+ if (!test_attributes(private_key, &private_name, flags) || !test_attributes(public_key, &public_name, flags))
+ goto fail;
- printf("OK\n");
- return 1;
+ if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK)
+ lose("Could not delete private key: %s\n", hal_error_string(err));
+
+ if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK)
+ lose("Could not delete public key: %s\n", hal_error_string(err));
+
+ printf("OK\n");
+ return 1;
+ }
+
+ fail:
+ if (private_key.handle != HAL_HANDLE_NONE &&
+ (err = hal_rpc_pkey_delete(private_key)) != HAL_OK)
+ printf("Warning: could not delete private key: %s\n", hal_error_string(err));
+
+ if (public_key.handle != HAL_HANDLE_NONE &&
+ (err = hal_rpc_pkey_delete(public_key)) != HAL_OK)
+ printf("Warning: could not delete public key: %s\n", hal_error_string(err));
+
+ return 0;
}
-static int test_ecdsa_generate(const ecdsa_tc_t * const tc)
+static int test_ecdsa_generate(const ecdsa_tc_t * const tc, hal_key_flags_t flags)
{
- const hal_client_handle_t client = {0};
- const hal_session_handle_t session = {0};
- hal_pkey_handle_t private_key, public_key;
+ const hal_client_handle_t client = {HAL_HANDLE_NONE};
+ const hal_session_handle_t session = {HAL_HANDLE_NONE};
+ hal_pkey_handle_t private_key = {HAL_HANDLE_NONE};
+ hal_pkey_handle_t public_key = {HAL_HANDLE_NONE};
hal_error_t err;
size_t len;
assert(tc != NULL);
- printf("Starting ECDSA %s key generation tests\n", ecdsa_curve_to_string(tc->curve));
+ {
+ flags |= HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE;
- const uint8_t private_label[] = "Generated ECDSA private key", public_label[] = "Generated ECDSA public key";
+ printf("Starting ECDSA %s key generation tests, flags 0x%lx\n",
+ ecdsa_curve_to_string(tc->curve), (unsigned long) flags);
- if ((err = hal_rpc_pkey_generate_ec(client, session, &private_key,
- private_label, sizeof(private_label),
- tc->curve, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK)
- return printf("Could not generate EC key pair: %s\n", hal_error_string(err)), 0;
+ hal_uuid_t private_name, public_name;
- uint8_t public_der[hal_rpc_pkey_get_public_key_len(private_key)];
+ if ((err = hal_rpc_pkey_generate_ec(client, session, &private_key, &private_name, tc->curve, flags)) != HAL_OK)
+ lose("Could not generate EC key pair: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_get_public_key(private_key, public_der, &len, sizeof(public_der))) != HAL_OK)
- return printf("Could not DER encode public key from test vector: %s\n", hal_error_string(err)), 0;
+ uint8_t public_der[hal_rpc_pkey_get_public_key_len(private_key)];
- assert(len == sizeof(public_der));
+ if ((err = hal_rpc_pkey_get_public_key(private_key, public_der, &len, sizeof(public_der))) != HAL_OK)
+ lose("Could not DER encode public key from test vector: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_EC_PUBLIC, tc->curve,
- public_label, sizeof(public_label), public_der, sizeof(public_der),
- HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK)
- return printf("Could not load public key into RPC: %s\n", hal_error_string(err)), 0;
+ assert(len == sizeof(public_der));
- uint8_t sig[tc->sig_len + 4];
+ if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_EC_PUBLIC, tc->curve,
+ &public_name, public_der, sizeof(public_der), flags)) != HAL_OK)
+ lose("Could not load public key into RPC: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_sign(session, private_key, hal_hash_handle_none,
- tc->H, tc->H_len, sig, &len, sizeof(sig))) != HAL_OK)
- return printf("Could not sign: %s\n", hal_error_string(err)), 0;
+ uint8_t sig[tc->sig_len + 4];
- if ((err = hal_rpc_pkey_verify(session, public_key, hal_hash_handle_none,
- tc->H, tc->H_len, sig, len)) != HAL_OK)
- return printf("Could not verify own signature: %s\n", hal_error_string(err)), 0;
+ if ((err = hal_rpc_pkey_sign(private_key, hal_hash_handle_none,
+ tc->H, tc->H_len, sig, &len, sizeof(sig))) != HAL_OK)
+ lose("Could not sign: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK)
- return printf("Could not delete private key: %s\n", hal_error_string(err)), 0;
+ if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none,
+ tc->H, tc->H_len, sig, len)) != HAL_OK)
+ lose("Could not verify own signature: %s\n", hal_error_string(err));
- if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK)
- return printf("Could not delete public key: %s\n", hal_error_string(err)), 0;
+ if (!test_attributes(private_key, &private_name, flags) || !test_attributes(public_key, &public_name, flags))
+ goto fail;
- printf("OK\n");
- return 1;
+ if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK)
+ lose("Could not delete private key: %s\n", hal_error_string(err));
+
+ if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK)
+ lose("Could not delete public key: %s\n", hal_error_string(err));
+
+ printf("OK\n");
+ return 1;
+ }
+
+ fail:
+ if (private_key.handle != HAL_HANDLE_NONE &&
+ (err = hal_rpc_pkey_delete(private_key)) != HAL_OK)
+ printf("Warning: could not delete private key: %s\n", hal_error_string(err));
+
+ if (public_key.handle != HAL_HANDLE_NONE &&
+ (err = hal_rpc_pkey_delete(public_key)) != HAL_OK)
+ printf("Warning: could not delete public key: %s\n", hal_error_string(err));
+
+ return 0;
}
int main (int argc, char *argv[])
{
+ const hal_client_handle_t client = {HAL_HANDLE_NONE};
+ const char *pin = argc > 1 ? argv[1] : "fnord";
+ hal_error_t err;
int ok = 1;
- hal_rpc_client_init();
+ if ((err = hal_rpc_client_init()) != HAL_OK)
+ printf("Warning: Trouble initializing RPC client: %s\n", hal_error_string(err));
+
+ if ((err = hal_rpc_login(client, HAL_USER_NORMAL, pin, strlen(pin))) != HAL_OK)
+ printf("Warning: Trouble logging into HSM: %s\n", hal_error_string(err));
for (int i = 0; i < (sizeof(rsa_tc)/sizeof(*rsa_tc)); i++)
- ok &= test_rsa_testvec(&rsa_tc[i]);
+ for (int j = 0; j < 2; j++)
+ ok &= test_rsa_testvec(&rsa_tc[i], j * HAL_KEY_FLAG_TOKEN);
for (int i = 0; i < (sizeof(ecdsa_tc)/sizeof(*ecdsa_tc)); i++)
- ok &= test_ecdsa_testvec(&ecdsa_tc[i]);
+ for (int j = 0; j < 2; j++)
+ ok &= test_ecdsa_testvec(&ecdsa_tc[i], j * HAL_KEY_FLAG_TOKEN);
for (int i = 0; i < (sizeof(rsa_tc)/sizeof(*rsa_tc)); i++)
- ok &= test_rsa_generate(&rsa_tc[i]);
+ for (int j = 0; j < 2; j++)
+ ok &= test_rsa_generate(&rsa_tc[i], j * HAL_KEY_FLAG_TOKEN);
for (int i = 0; i < (sizeof(ecdsa_tc)/sizeof(*ecdsa_tc)); i++)
- ok &= test_ecdsa_generate(&ecdsa_tc[i]);
+ for (int j = 0; j < 2; j++)
+ ok &= test_ecdsa_generate(&ecdsa_tc[i], j * HAL_KEY_FLAG_TOKEN);
+
+ if ((err = hal_rpc_logout(client)) != HAL_OK)
+ printf("Warning: Trouble logging out of HSM: %s\n", hal_error_string(err));
- ok &= hal_rpc_client_close();
+ if ((err = hal_rpc_client_close()) != HAL_OK)
+ printf("Warning: Trouble shutting down RPC client: %s\n", hal_error_string(err));
return !ok;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 03:51:41 +0000