diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/test-bus.c | 3 | ||||
-rw-r--r-- | tests/test-mkmif.c | 10 | ||||
-rw-r--r-- | tests/test-rpc_bighash.c | 2 | ||||
-rw-r--r-- | tests/test-rpc_hash.c | 92 | ||||
-rw-r--r-- | tests/test-rpc_pkey.c | 519 | ||||
-rw-r--r-- | tests/test-trng.c | 4 |
6 files changed, 399 insertions, 231 deletions
diff --git a/tests/test-bus.c b/tests/test-bus.c index b4a3e1c..94d7a70 100644 --- a/tests/test-bus.c +++ b/tests/test-bus.c @@ -68,7 +68,8 @@ static int sanity(const hal_core_t *board_core) } if (data != rnd) { - printf("Data bus fail: expected %08x, got %08x, diff %08x\n", rnd, data, data ^ rnd); + printf("Data bus fail: expected %08lx, got %08lx, diff %08lx\n", + (unsigned long) rnd, (unsigned long) data, (unsigned long) (data ^ rnd)); return 1; } diff --git a/tests/test-mkmif.c b/tests/test-mkmif.c index ab5801e..3645577 100644 --- a/tests/test-mkmif.c +++ b/tests/test-mkmif.c @@ -61,12 +61,12 @@ static hal_error_t write_test(hal_core_t *core) uint32_t write_address; int i; hal_error_t err; - + for (write_data = 0x01020304, write_address = 0, i = 0; i < 0x10; write_data += 0x01010101, write_address += 4, ++i) { - printf("Trying to write 0x%08x to memory address 0x%08x.\n", + printf("Trying to write 0x%08x to memory address 0x%08x.\n", (unsigned int)write_data, (unsigned int)write_address); if ((err = hal_mkmif_write_word(core, write_address, write_data)) != HAL_OK) { @@ -84,7 +84,7 @@ static hal_error_t read_test(hal_core_t *core) uint32_t read_address; int i; hal_error_t err; - + for (read_address = 0, i = 0; i < 0x10; read_address += 4, ++i) { @@ -115,7 +115,7 @@ static hal_error_t write_read_test(hal_core_t *core) printf("write error: %s\n", hal_error_string(err)); return err; } - + if ((err = hal_mkmif_read_word(core, 0x00000000, &readback)) != HAL_OK) { printf("read error: %s\n", hal_error_string(err)); return err; @@ -125,7 +125,7 @@ static hal_error_t write_read_test(hal_core_t *core) printf("read %08x, expected %08x\n", (unsigned int)readback, (unsigned int)data); return HAL_ERROR_IO_UNEXPECTED; } - + return HAL_OK; } diff --git a/tests/test-rpc_bighash.c b/tests/test-rpc_bighash.c index e18d9b0..823baf6 100644 --- a/tests/test-rpc_bighash.c +++ b/tests/test-rpc_bighash.c @@ -108,7 +108,7 @@ int main (int argc, char *argv[]) expected = NULL; check(hal_rpc_client_init()); - check(hal_rpc_hash_initialize(client, session, &hash, hal_digest_algorithm_sha256, NULL, 0)); + check(hal_rpc_hash_initialize(client, session, &hash, HAL_DIGEST_ALGORITHM_SHA256, NULL, 0)); for (int i = 0; i < iterations; ++i) { check(hal_rpc_hash_update(hash, block, sizeof(block))); diff --git a/tests/test-rpc_hash.c b/tests/test-rpc_hash.c index a0c571c..24f8ede 100644 --- a/tests/test-rpc_hash.c +++ b/tests/test-rpc_hash.c @@ -656,52 +656,52 @@ int main (int argc, char *argv[]) ok &= hal_rpc_client_init(); - ok &= test_hash(hal_digest_algorithm_sha1, nist_512_single, sha1_single_digest, "SHA-1 single block"); - ok &= test_hash(hal_digest_algorithm_sha1, nist_512_double, sha1_double_digest, "SHA-1 double block"); - - ok &= test_hash(hal_digest_algorithm_sha256, nist_512_single, sha256_single_digest, "SHA-256 single block"); - ok &= test_hash(hal_digest_algorithm_sha256, nist_512_double, sha256_double_digest, "SHA-256 double block"); - - ok &= test_hash(hal_digest_algorithm_sha512_224, nist_1024_single, sha512_224_single_digest, "SHA-512/224 single block"); - ok &= test_hash(hal_digest_algorithm_sha512_224, nist_1024_double, sha512_224_double_digest, "SHA-512/224 double block"); - - ok &= test_hash(hal_digest_algorithm_sha512_256, nist_1024_single, sha512_256_single_digest, "SHA-512/256 single block"); - ok &= test_hash(hal_digest_algorithm_sha512_256, nist_1024_double, sha512_256_double_digest, "SHA-512/256 double block"); - - ok &= test_hash(hal_digest_algorithm_sha384, nist_1024_single, sha384_single_digest, "SHA-384 single block"); - ok &= test_hash(hal_digest_algorithm_sha384, nist_1024_double, sha384_double_digest, "SHA-384 double block"); - - ok &= test_hash(hal_digest_algorithm_sha512, nist_1024_single, sha512_single_digest, "SHA-512 single block"); - ok &= test_hash(hal_digest_algorithm_sha512, nist_1024_double, sha512_double_digest, "SHA-512 double block"); - - ok &= test_hmac(hal_digest_algorithm_sha1, hmac_sha1_tc_1_key, hmac_sha1_tc_1_data, hmac_sha1_tc_1_result_sha1, "HMAC-SHA-1 test case 1"); - ok &= test_hmac(hal_digest_algorithm_sha1, hmac_sha1_tc_2_key, hmac_sha1_tc_2_data, hmac_sha1_tc_2_result_sha1, "HMAC-SHA-1 test case 2"); - ok &= test_hmac(hal_digest_algorithm_sha1, hmac_sha1_tc_3_key, hmac_sha1_tc_3_data, hmac_sha1_tc_3_result_sha1, "HMAC-SHA-1 test case 3"); - ok &= test_hmac(hal_digest_algorithm_sha1, hmac_sha1_tc_4_key, hmac_sha1_tc_4_data, hmac_sha1_tc_4_result_sha1, "HMAC-SHA-1 test case 4"); - ok &= test_hmac(hal_digest_algorithm_sha1, hmac_sha1_tc_5_key, hmac_sha1_tc_5_data, hmac_sha1_tc_5_result_sha1, "HMAC-SHA-1 test case 5"); - ok &= test_hmac(hal_digest_algorithm_sha1, hmac_sha1_tc_6_key, hmac_sha1_tc_6_data, hmac_sha1_tc_6_result_sha1, "HMAC-SHA-1 test case 6"); - ok &= test_hmac(hal_digest_algorithm_sha1, hmac_sha1_tc_7_key, hmac_sha1_tc_7_data, hmac_sha1_tc_7_result_sha1, "HMAC-SHA-1 test case 7"); - - ok &= test_hmac(hal_digest_algorithm_sha256, hmac_sha2_tc_1_key, hmac_sha2_tc_1_data, hmac_sha2_tc_1_result_sha256, "HMAC-SHA-256 test case 1"); - ok &= test_hmac(hal_digest_algorithm_sha256, hmac_sha2_tc_2_key, hmac_sha2_tc_2_data, hmac_sha2_tc_2_result_sha256, "HMAC-SHA-256 test case 2"); - ok &= test_hmac(hal_digest_algorithm_sha256, hmac_sha2_tc_3_key, hmac_sha2_tc_3_data, hmac_sha2_tc_3_result_sha256, "HMAC-SHA-256 test case 3"); - ok &= test_hmac(hal_digest_algorithm_sha256, hmac_sha2_tc_4_key, hmac_sha2_tc_4_data, hmac_sha2_tc_4_result_sha256, "HMAC-SHA-256 test case 4"); - ok &= test_hmac(hal_digest_algorithm_sha256, hmac_sha2_tc_6_key, hmac_sha2_tc_6_data, hmac_sha2_tc_6_result_sha256, "HMAC-SHA-256 test case 6"); - ok &= test_hmac(hal_digest_algorithm_sha256, hmac_sha2_tc_7_key, hmac_sha2_tc_7_data, hmac_sha2_tc_7_result_sha256, "HMAC-SHA-256 test case 7"); - - ok &= test_hmac(hal_digest_algorithm_sha384, hmac_sha2_tc_1_key, hmac_sha2_tc_1_data, hmac_sha2_tc_1_result_sha384, "HMAC-SHA-384 test case 1"); - ok &= test_hmac(hal_digest_algorithm_sha384, hmac_sha2_tc_2_key, hmac_sha2_tc_2_data, hmac_sha2_tc_2_result_sha384, "HMAC-SHA-384 test case 2"); - ok &= test_hmac(hal_digest_algorithm_sha384, hmac_sha2_tc_3_key, hmac_sha2_tc_3_data, hmac_sha2_tc_3_result_sha384, "HMAC-SHA-384 test case 3"); - ok &= test_hmac(hal_digest_algorithm_sha384, hmac_sha2_tc_4_key, hmac_sha2_tc_4_data, hmac_sha2_tc_4_result_sha384, "HMAC-SHA-384 test case 4"); - ok &= test_hmac(hal_digest_algorithm_sha384, hmac_sha2_tc_6_key, hmac_sha2_tc_6_data, hmac_sha2_tc_6_result_sha384, "HMAC-SHA-384 test case 6"); - ok &= test_hmac(hal_digest_algorithm_sha384, hmac_sha2_tc_7_key, hmac_sha2_tc_7_data, hmac_sha2_tc_7_result_sha384, "HMAC-SHA-384 test case 7"); - - ok &= test_hmac(hal_digest_algorithm_sha512, hmac_sha2_tc_1_key, hmac_sha2_tc_1_data, hmac_sha2_tc_1_result_sha512, "HMAC-SHA-512 test case 1"); - ok &= test_hmac(hal_digest_algorithm_sha512, hmac_sha2_tc_2_key, hmac_sha2_tc_2_data, hmac_sha2_tc_2_result_sha512, "HMAC-SHA-512 test case 2"); - ok &= test_hmac(hal_digest_algorithm_sha512, hmac_sha2_tc_3_key, hmac_sha2_tc_3_data, hmac_sha2_tc_3_result_sha512, "HMAC-SHA-512 test case 3"); - ok &= test_hmac(hal_digest_algorithm_sha512, hmac_sha2_tc_4_key, hmac_sha2_tc_4_data, hmac_sha2_tc_4_result_sha512, "HMAC-SHA-512 test case 4"); - ok &= test_hmac(hal_digest_algorithm_sha512, hmac_sha2_tc_6_key, hmac_sha2_tc_6_data, hmac_sha2_tc_6_result_sha512, "HMAC-SHA-512 test case 6"); - ok &= test_hmac(hal_digest_algorithm_sha512, hmac_sha2_tc_7_key, hmac_sha2_tc_7_data, hmac_sha2_tc_7_result_sha512, "HMAC-SHA-512 test case 7"); + ok &= test_hash(HAL_DIGEST_ALGORITHM_SHA1, nist_512_single, sha1_single_digest, "SHA-1 single block"); + ok &= test_hash(HAL_DIGEST_ALGORITHM_SHA1, nist_512_double, sha1_double_digest, "SHA-1 double block"); + + ok &= test_hash(HAL_DIGEST_ALGORITHM_SHA256, nist_512_single, sha256_single_digest, "SHA-256 single block"); + ok &= test_hash(HAL_DIGEST_ALGORITHM_SHA256, nist_512_double, sha256_double_digest, "SHA-256 double block"); + + ok &= test_hash(HAL_DIGEST_ALGORITHM_SHA512_224, nist_1024_single, sha512_224_single_digest, "SHA-512/224 single block"); + ok &= test_hash(HAL_DIGEST_ALGORITHM_SHA512_224, nist_1024_double, sha512_224_double_digest, "SHA-512/224 double block"); + + ok &= test_hash(HAL_DIGEST_ALGORITHM_SHA512_256, nist_1024_single, sha512_256_single_digest, "SHA-512/256 single block"); + ok &= test_hash(HAL_DIGEST_ALGORITHM_SHA512_256, nist_1024_double, sha512_256_double_digest, "SHA-512/256 double block"); + + ok &= test_hash(HAL_DIGEST_ALGORITHM_SHA384, nist_1024_single, sha384_single_digest, "SHA-384 single block"); + ok &= test_hash(HAL_DIGEST_ALGORITHM_SHA384, nist_1024_double, sha384_double_digest, "SHA-384 double block"); + + ok &= test_hash(HAL_DIGEST_ALGORITHM_SHA512, nist_1024_single, sha512_single_digest, "SHA-512 single block"); + ok &= test_hash(HAL_DIGEST_ALGORITHM_SHA512, nist_1024_double, sha512_double_digest, "SHA-512 double block"); + + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA1, hmac_sha1_tc_1_key, hmac_sha1_tc_1_data, hmac_sha1_tc_1_result_sha1, "HMAC-SHA-1 test case 1"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA1, hmac_sha1_tc_2_key, hmac_sha1_tc_2_data, hmac_sha1_tc_2_result_sha1, "HMAC-SHA-1 test case 2"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA1, hmac_sha1_tc_3_key, hmac_sha1_tc_3_data, hmac_sha1_tc_3_result_sha1, "HMAC-SHA-1 test case 3"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA1, hmac_sha1_tc_4_key, hmac_sha1_tc_4_data, hmac_sha1_tc_4_result_sha1, "HMAC-SHA-1 test case 4"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA1, hmac_sha1_tc_5_key, hmac_sha1_tc_5_data, hmac_sha1_tc_5_result_sha1, "HMAC-SHA-1 test case 5"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA1, hmac_sha1_tc_6_key, hmac_sha1_tc_6_data, hmac_sha1_tc_6_result_sha1, "HMAC-SHA-1 test case 6"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA1, hmac_sha1_tc_7_key, hmac_sha1_tc_7_data, hmac_sha1_tc_7_result_sha1, "HMAC-SHA-1 test case 7"); + + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA256, hmac_sha2_tc_1_key, hmac_sha2_tc_1_data, hmac_sha2_tc_1_result_sha256, "HMAC-SHA-256 test case 1"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA256, hmac_sha2_tc_2_key, hmac_sha2_tc_2_data, hmac_sha2_tc_2_result_sha256, "HMAC-SHA-256 test case 2"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA256, hmac_sha2_tc_3_key, hmac_sha2_tc_3_data, hmac_sha2_tc_3_result_sha256, "HMAC-SHA-256 test case 3"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA256, hmac_sha2_tc_4_key, hmac_sha2_tc_4_data, hmac_sha2_tc_4_result_sha256, "HMAC-SHA-256 test case 4"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA256, hmac_sha2_tc_6_key, hmac_sha2_tc_6_data, hmac_sha2_tc_6_result_sha256, "HMAC-SHA-256 test case 6"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA256, hmac_sha2_tc_7_key, hmac_sha2_tc_7_data, hmac_sha2_tc_7_result_sha256, "HMAC-SHA-256 test case 7"); + + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA384, hmac_sha2_tc_1_key, hmac_sha2_tc_1_data, hmac_sha2_tc_1_result_sha384, "HMAC-SHA-384 test case 1"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA384, hmac_sha2_tc_2_key, hmac_sha2_tc_2_data, hmac_sha2_tc_2_result_sha384, "HMAC-SHA-384 test case 2"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA384, hmac_sha2_tc_3_key, hmac_sha2_tc_3_data, hmac_sha2_tc_3_result_sha384, "HMAC-SHA-384 test case 3"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA384, hmac_sha2_tc_4_key, hmac_sha2_tc_4_data, hmac_sha2_tc_4_result_sha384, "HMAC-SHA-384 test case 4"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA384, hmac_sha2_tc_6_key, hmac_sha2_tc_6_data, hmac_sha2_tc_6_result_sha384, "HMAC-SHA-384 test case 6"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA384, hmac_sha2_tc_7_key, hmac_sha2_tc_7_data, hmac_sha2_tc_7_result_sha384, "HMAC-SHA-384 test case 7"); + + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA512, hmac_sha2_tc_1_key, hmac_sha2_tc_1_data, hmac_sha2_tc_1_result_sha512, "HMAC-SHA-512 test case 1"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA512, hmac_sha2_tc_2_key, hmac_sha2_tc_2_data, hmac_sha2_tc_2_result_sha512, "HMAC-SHA-512 test case 2"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA512, hmac_sha2_tc_3_key, hmac_sha2_tc_3_data, hmac_sha2_tc_3_result_sha512, "HMAC-SHA-512 test case 3"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA512, hmac_sha2_tc_4_key, hmac_sha2_tc_4_data, hmac_sha2_tc_4_result_sha512, "HMAC-SHA-512 test case 4"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA512, hmac_sha2_tc_6_key, hmac_sha2_tc_6_data, hmac_sha2_tc_6_result_sha512, "HMAC-SHA-512 test case 6"); + ok &= test_hmac(HAL_DIGEST_ALGORITHM_SHA512, hmac_sha2_tc_7_key, hmac_sha2_tc_7_data, hmac_sha2_tc_7_result_sha512, "HMAC-SHA-512 test case 7"); ok &= hal_rpc_client_close(); diff --git a/tests/test-rpc_pkey.c b/tests/test-rpc_pkey.c index f6b6f15..c07a318 100644 --- a/tests/test-rpc_pkey.c +++ b/tests/test-rpc_pkey.c @@ -44,6 +44,8 @@ #include "test-rsa.h" #include "test-ecdsa.h" +#define lose(...) do { printf(__VA_ARGS__); goto fail; } while (0) + static inline const char *ecdsa_curve_to_string(const hal_curve_name_t curve) { switch (curve) { @@ -54,287 +56,452 @@ static inline const char *ecdsa_curve_to_string(const hal_curve_name_t curve) } } -static int test_rsa_testvec(const rsa_tc_t * const tc) +static int test_attributes(const hal_pkey_handle_t pkey, + const hal_uuid_t * const name, + const hal_key_flags_t flags) +{ + static const size_t sizes[] = { 32, 100, 260, 1000, 2000, 0 }; + static const char format[] = "Test attribute %lu"; + + hal_error_t err; + + for (const size_t *size = sizes; *size; size++) { + uint8_t buf_1[*size], buf_2[*size]; + memset(buf_1, 0x55, sizeof(buf_1)); + snprintf((char *) buf_1, sizeof(buf_1), format, (unsigned long) *size); + hal_pkey_attribute_t attr_set = { .type = *size, .length = sizeof(buf_1), .value = buf_1 }; + hal_pkey_attribute_t attr_get = { .type = *size }; + hal_pkey_attribute_t attr_del = { .type = *size, .length = HAL_PKEY_ATTRIBUTE_NIL }; + + if ((err = hal_rpc_pkey_set_attributes(pkey, &attr_set, 1)) != HAL_OK) + lose("Could not set attribute %lu: %s\n", + (unsigned long) *size, hal_error_string(err)); + + if ((err = hal_rpc_pkey_get_attributes(pkey, &attr_get, 1, buf_2, sizeof(buf_2))) != HAL_OK) + lose("Could not get attribute %lu: %s\n", + (unsigned long) *size, hal_error_string(err)); + + if (attr_get.length != *size) + lose("Unexpected size returned for attribute %lu: %lu\n", + (unsigned long) *size, (unsigned long) attr_get.length); + + if ((err = hal_rpc_pkey_set_attributes(pkey, &attr_del, 1)) != HAL_OK) + lose("Could not delete attribute %lu: %s\n", + (unsigned long) *size, hal_error_string(err)); + + if ((err = hal_rpc_pkey_set_attributes(pkey, &attr_set, 1)) != HAL_OK) + lose("Could not (re)set attribute %lu: %s\n", + (unsigned long) *size, hal_error_string(err)); + } + + { + const hal_client_handle_t client = {HAL_HANDLE_NONE}; + const hal_session_handle_t session = {HAL_HANDLE_NONE}; + hal_uuid_t result[10], previous_uuid = {{0}}; + unsigned result_len; + + if ((err = hal_rpc_pkey_match(client, session, HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, flags, NULL, 0, + result, &result_len, sizeof(result)/sizeof(*result), + &previous_uuid)) != HAL_OK) + lose("Unrestricted match() failed: %s\n", hal_error_string(err)); + + if (result_len == 0) + lose("Unrestricted match found no results\n"); + + for (const size_t *size = sizes; *size; size++) { + uint8_t buf[*size]; + memset(buf, 0x55, sizeof(buf)); + snprintf((char *) buf, sizeof(buf), format, (unsigned long) *size); + hal_pkey_attribute_t attribute[1] = {{ *size, sizeof(buf), buf }}; + + if ((err = hal_rpc_pkey_match(client, session, HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, flags, + attribute, sizeof(attribute)/sizeof(*attribute), + result, &result_len, sizeof(result)/sizeof(*result), + &previous_uuid)) != HAL_OK) + lose("Restricted match() for attribute %lu failed: %s\n", + (unsigned long) *size, hal_error_string(err)); + + if (result_len == 0) + lose("Restricted match for attribute %lu found no results\n", (unsigned long) *size); + } + +#warning More hal_rpc_pkey_match() testing here. + + } + + return 1; + + fail: + return 0; +} + +static int test_rsa_testvec(const rsa_tc_t * const tc, hal_key_flags_t flags) { - const hal_client_handle_t client = {0}; - const hal_session_handle_t session = {0}; - hal_pkey_handle_t private_key, public_key; + const hal_client_handle_t client = {HAL_HANDLE_NONE}; + const hal_session_handle_t session = {HAL_HANDLE_NONE}; + hal_pkey_handle_t private_key = {HAL_HANDLE_NONE}; + hal_pkey_handle_t public_key = {HAL_HANDLE_NONE}; hal_error_t err; size_t len; assert(tc != NULL); - printf("Starting %lu-bit RSA test vector tests\n", (unsigned long) tc->size); + { + flags |= HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE; - uint8_t tc_keybuf[hal_rsa_key_t_size]; - hal_rsa_key_t *tc_key = NULL; + printf("Starting %lu-bit RSA test vector tests, flags 0x%lx\n", + (unsigned long) tc->size, (unsigned long) flags); - if ((err = hal_rsa_key_load_private(&tc_key, - tc_keybuf, sizeof(tc_keybuf), - tc->n.val, tc->n.len, - tc->e.val, tc->e.len, - tc->d.val, tc->d.len, - tc->p.val, tc->p.len, - tc->q.val, tc->q.len, - tc->u.val, tc->u.len, - tc->dP.val, tc->dP.len, - tc->dQ.val, tc->dQ.len)) != HAL_OK) - return printf("Could not load RSA private key from test vector: %s\n", hal_error_string(err)), 0; + uint8_t tc_keybuf[hal_rsa_key_t_size]; + hal_rsa_key_t *tc_key = NULL; - const uint8_t private_label[] = "RSA private key", public_label[] = "RSA public key"; + if ((err = hal_rsa_key_load_private(&tc_key, + tc_keybuf, sizeof(tc_keybuf), + tc->n.val, tc->n.len, + tc->e.val, tc->e.len, + tc->d.val, tc->d.len, + tc->p.val, tc->p.len, + tc->q.val, tc->q.len, + tc->u.val, tc->u.len, + tc->dP.val, tc->dP.len, + tc->dQ.val, tc->dQ.len)) != HAL_OK) + lose("Could not load RSA private key from test vector: %s\n", hal_error_string(err)); - uint8_t private_der[hal_rsa_private_key_to_der_len(tc_key)]; - uint8_t public_der[hal_rsa_public_key_to_der_len(tc_key)]; + hal_uuid_t private_name, public_name; - if ((err = hal_rsa_private_key_to_der(tc_key, private_der, &len, sizeof(private_der))) != HAL_OK) - return printf("Could not DER encode private key from test vector: %s\n", hal_error_string(err)), 0; + uint8_t private_der[hal_rsa_private_key_to_der_len(tc_key)]; + uint8_t public_der[hal_rsa_public_key_to_der_len(tc_key)]; - assert(len == sizeof(private_der)); + if ((err = hal_rsa_private_key_to_der(tc_key, private_der, &len, sizeof(private_der))) != HAL_OK) + lose("Could not DER encode private key from test vector: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_load(client, session, &private_key, HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE, - private_label, sizeof(private_label), private_der, sizeof(private_der), - HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK) - return printf("Could not load private key into RPC: %s\n", hal_error_string(err)), 0; + assert(len == sizeof(private_der)); - if ((err = hal_rsa_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK) - return printf("Could not DER encode public key from test vector: %s\n", hal_error_string(err)), 0; + if ((err = hal_rpc_pkey_load(client, session, &private_key, HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE, + &private_name, private_der, sizeof(private_der), flags)) != HAL_OK) + lose("Could not load private key into RPC: %s\n", hal_error_string(err)); - assert(len == sizeof(public_der)); + if ((err = hal_rsa_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK) + lose("Could not DER encode public key from test vector: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, - public_label, sizeof(public_label), public_der, sizeof(public_der), - HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK) - return printf("Could not load public key into RPC: %s\n", hal_error_string(err)), 0; + assert(len == sizeof(public_der)); - uint8_t sig[tc->s.len]; + if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, + &public_name, public_der, sizeof(public_der), flags)) != HAL_OK) + lose("Could not load public key into RPC: %s\n", hal_error_string(err)); - /* - * Raw RSA test cases include PKCS #1.5 padding, we need to drill down to the DigestInfo. - */ - assert(tc->m.len > 4 && tc->m.val[0] == 0x00 && tc->m.val[1] == 0x01 && tc->m.val[2] == 0xff); - const uint8_t *digestinfo = memchr(tc->m.val + 2, 0x00, tc->m.len - 2); - assert(digestinfo != NULL); - const size_t digestinfo_len = tc->m.val + tc->m.len - ++digestinfo; + uint8_t sig[tc->s.len]; - if ((err = hal_rpc_pkey_sign(session, private_key, hal_hash_handle_none, - digestinfo, digestinfo_len, sig, &len, sizeof(sig))) != HAL_OK) - return printf("Could not sign: %s\n", hal_error_string(err)), 0; + /* + * Raw RSA test cases include PKCS #1.5 padding, we need to drill down to the DigestInfo. + */ + assert(tc->m.len > 4 && tc->m.val[0] == 0x00 && tc->m.val[1] == 0x01 && tc->m.val[2] == 0xff); + const uint8_t *digestinfo = memchr(tc->m.val + 2, 0x00, tc->m.len - 2); + assert(digestinfo != NULL); + const size_t digestinfo_len = tc->m.val + tc->m.len - ++digestinfo; - if (tc->s.len != len || memcmp(sig, tc->s.val, tc->s.len) != 0) - return printf("MISMATCH\n"), 0; + if ((err = hal_rpc_pkey_sign(private_key, hal_hash_handle_none, + digestinfo, digestinfo_len, sig, &len, sizeof(sig))) != HAL_OK) + lose("Could not sign: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_verify(session, public_key, hal_hash_handle_none, - digestinfo, digestinfo_len, tc->s.val, tc->s.len)) != HAL_OK) - return printf("Could not verify: %s\n", hal_error_string(err)), 0; + if (tc->s.len != len || memcmp(sig, tc->s.val, tc->s.len) != 0) + lose("MISMATCH\n"); - if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK) - return printf("Could not delete private key: %s\n", hal_error_string(err)), 0; + if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none, + digestinfo, digestinfo_len, tc->s.val, tc->s.len)) != HAL_OK) + lose("Could not verify: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK) - return printf("Could not delete public key: %s\n", hal_error_string(err)), 0; + if (!test_attributes(private_key, &private_name, flags) || !test_attributes(public_key, &public_name, flags)) + goto fail; - printf("OK\n"); - return 1; + if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK) + lose("Could not delete private key: %s\n", hal_error_string(err)); + + if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK) + lose("Could not delete public key: %s\n", hal_error_string(err)); + + printf("OK\n"); + return 1; + } + + fail: + if (private_key.handle != HAL_HANDLE_NONE && + (err = hal_rpc_pkey_delete(private_key)) != HAL_OK) + printf("Warning: could not delete private key: %s\n", hal_error_string(err)); + + if (public_key.handle != HAL_HANDLE_NONE && + (err = hal_rpc_pkey_delete(public_key)) != HAL_OK) + printf("Warning: could not delete public key: %s\n", hal_error_string(err)); + + return 0; } -static int test_ecdsa_testvec(const ecdsa_tc_t * const tc) +static int test_ecdsa_testvec(const ecdsa_tc_t * const tc, hal_key_flags_t flags) { - const hal_client_handle_t client = {0}; - const hal_session_handle_t session = {0}; - hal_pkey_handle_t private_key, public_key; + const hal_client_handle_t client = {HAL_HANDLE_NONE}; + const hal_session_handle_t session = {HAL_HANDLE_NONE}; + hal_pkey_handle_t private_key = {HAL_HANDLE_NONE}; + hal_pkey_handle_t public_key = {HAL_HANDLE_NONE}; hal_error_t err; size_t len; assert(tc != NULL); - printf("Starting ECDSA %s test vector tests\n", ecdsa_curve_to_string(tc->curve)); + { + flags |= HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE; - uint8_t tc_keybuf[hal_ecdsa_key_t_size]; - hal_ecdsa_key_t *tc_key = NULL; + printf("Starting ECDSA %s test vector tests, flags 0x%lx\n", + ecdsa_curve_to_string(tc->curve), (unsigned long) flags); - if ((err = hal_ecdsa_key_load_private(&tc_key, tc_keybuf, sizeof(tc_keybuf), tc->curve, - tc->Qx, tc->Qx_len, tc->Qy, tc->Qy_len, - tc->d, tc->d_len)) != HAL_OK) - return printf("Could not load ECDSA private key from test vector: %s\n", hal_error_string(err)), 0; + uint8_t tc_keybuf[hal_ecdsa_key_t_size]; + hal_ecdsa_key_t *tc_key = NULL; - const uint8_t private_label[] = "ECDSA private key", public_label[] = "ECDSA public key"; + if ((err = hal_ecdsa_key_load_private(&tc_key, tc_keybuf, sizeof(tc_keybuf), tc->curve, + tc->Qx, tc->Qx_len, tc->Qy, tc->Qy_len, + tc->d, tc->d_len)) != HAL_OK) + lose("Could not load ECDSA private key from test vector: %s\n", hal_error_string(err)); - uint8_t private_der[hal_ecdsa_private_key_to_der_len(tc_key)]; - uint8_t public_der[hal_ecdsa_public_key_to_der_len(tc_key)]; + hal_uuid_t private_name, public_name; - if ((err = hal_ecdsa_private_key_to_der(tc_key, private_der, &len, sizeof(private_der))) != HAL_OK) - return printf("Could not DER encode private key from test vector: %s\n", hal_error_string(err)), 0; + uint8_t private_der[hal_ecdsa_private_key_to_der_len(tc_key)]; + uint8_t public_der[hal_ecdsa_public_key_to_der_len(tc_key)]; - assert(len == sizeof(private_der)); + if ((err = hal_ecdsa_private_key_to_der(tc_key, private_der, &len, sizeof(private_der))) != HAL_OK) + lose("Could not DER encode private key from test vector: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_load(client, session, &private_key, HAL_KEY_TYPE_EC_PRIVATE, tc->curve, - private_label, sizeof(private_label), private_der, sizeof(private_der), - HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK) - return printf("Could not load private key into RPC: %s\n", hal_error_string(err)), 0; + assert(len == sizeof(private_der)); - if ((err = hal_ecdsa_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK) - return printf("Could not DER encode public key from test vector: %s\n", hal_error_string(err)), 0; + if ((err = hal_rpc_pkey_load(client, session, &private_key, HAL_KEY_TYPE_EC_PRIVATE, tc->curve, + &private_name, private_der, sizeof(private_der), flags)) != HAL_OK) + lose("Could not load private key into RPC: %s\n", hal_error_string(err)); - assert(len == sizeof(public_der)); + if ((err = hal_ecdsa_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK) + lose("Could not DER encode public key from test vector: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_EC_PUBLIC, tc->curve, - public_label, sizeof(public_label), public_der, sizeof(public_der), - HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK) - return printf("Could not load public key into RPC: %s\n", hal_error_string(err)), 0; + assert(len == sizeof(public_der)); - if ((err = hal_rpc_pkey_verify(session, public_key, hal_hash_handle_none, - tc->H, tc->H_len, tc->sig, tc->sig_len)) != HAL_OK) - return printf("Could not verify signature from test vector: %s\n", hal_error_string(err)), 0; + if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_EC_PUBLIC, tc->curve, + &public_name, public_der, sizeof(public_der), flags)) != HAL_OK) + lose("Could not load public key into RPC: %s\n", hal_error_string(err)); - uint8_t sig[tc->sig_len + 4]; + if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none, + tc->H, tc->H_len, tc->sig, tc->sig_len)) != HAL_OK) + lose("Could not verify signature from test vector: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_sign(session, private_key, hal_hash_handle_none, - tc->H, tc->H_len, sig, &len, sizeof(sig))) != HAL_OK) - return printf("Could not sign: %s\n", hal_error_string(err)), 0; + uint8_t sig[tc->sig_len + 4]; - if ((err = hal_rpc_pkey_verify(session, public_key, hal_hash_handle_none, - tc->H, tc->H_len, sig, len)) != HAL_OK) - return printf("Could not verify own signature: %s\n", hal_error_string(err)), 0; + if ((err = hal_rpc_pkey_sign(private_key, hal_hash_handle_none, + tc->H, tc->H_len, sig, &len, sizeof(sig))) != HAL_OK) + lose("Could not sign: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK) - return printf("Could not delete private key: %s\n", hal_error_string(err)), 0; + if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none, + tc->H, tc->H_len, sig, len)) != HAL_OK) + lose("Could not verify own signature: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK) - return printf("Could not delete public key: %s\n", hal_error_string(err)), 0; + if (!test_attributes(private_key, &private_name, flags) || !test_attributes(public_key, &public_name, flags)) + goto fail; - printf("OK\n"); - return 1; + if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK) + lose("Could not delete private key: %s\n", hal_error_string(err)); + + if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK) + lose("Could not delete public key: %s\n", hal_error_string(err)); + + printf("OK\n"); + return 1; + } + + fail: + if (private_key.handle != HAL_HANDLE_NONE && + (err = hal_rpc_pkey_delete(private_key)) != HAL_OK) + printf("Warning: could not delete private key: %s\n", hal_error_string(err)); + + if (public_key.handle != HAL_HANDLE_NONE && + (err = hal_rpc_pkey_delete(public_key)) != HAL_OK) + printf("Warning: could not delete public key: %s\n", hal_error_string(err)); + + return 0; } -static int test_rsa_generate(const rsa_tc_t * const tc) +static int test_rsa_generate(const rsa_tc_t * const tc, hal_key_flags_t flags) { - const hal_client_handle_t client = {0}; - const hal_session_handle_t session = {0}; - hal_pkey_handle_t private_key, public_key; + const hal_client_handle_t client = {HAL_HANDLE_NONE}; + const hal_session_handle_t session = {HAL_HANDLE_NONE}; + hal_pkey_handle_t private_key = {HAL_HANDLE_NONE}; + hal_pkey_handle_t public_key = {HAL_HANDLE_NONE}; hal_error_t err; size_t len; assert(tc != NULL); - printf("Starting %lu-bit RSA key generation tests\n", (unsigned long) tc->size); + { + flags |= HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE; - const uint8_t private_label[] = "Generated RSA private key", public_label[] = "Generated RSA public key"; + printf("Starting %lu-bit RSA key generation tests, flags 0x%lx\n", + (unsigned long) tc->size, (unsigned long) flags); - if ((err = hal_rpc_pkey_generate_rsa(client, session, &private_key, private_label, sizeof(private_label), - tc->size, tc->e.val, tc->e.len, - HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK) - return printf("Could not generate RSA private key: %s\n", hal_error_string(err)), 0; + hal_uuid_t private_name, public_name; - uint8_t public_der[hal_rpc_pkey_get_public_key_len(private_key)]; + if ((err = hal_rpc_pkey_generate_rsa(client, session, &private_key, &private_name, + tc->size, tc->e.val, tc->e.len, flags)) != HAL_OK) + lose("Could not generate RSA private key: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_get_public_key(private_key, public_der, &len, sizeof(public_der))) != HAL_OK) - return printf("Could not DER encode RPC RSA public key from RPC RSA private key: %s\n", hal_error_string(err)), 0; + uint8_t public_der[hal_rpc_pkey_get_public_key_len(private_key)]; - assert(len == sizeof(public_der)); + if ((err = hal_rpc_pkey_get_public_key(private_key, public_der, &len, sizeof(public_der))) != HAL_OK) + lose("Could not DER encode RPC RSA public key from RPC RSA private key: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, - public_label, sizeof(public_label), public_der, sizeof(public_der), - HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK) - return printf("Could not load public key into RPC: %s\n", hal_error_string(err)), 0; + assert(len == sizeof(public_der)); - uint8_t sig[tc->s.len]; + if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, + &public_name, public_der, sizeof(public_der), flags)) != HAL_OK) + lose("Could not load public key into RPC: %s\n", hal_error_string(err)); - /* - * Raw RSA test cases include PKCS #1.5 padding, we need to drill down to the DigestInfo. - */ - assert(tc->m.len > 4 && tc->m.val[0] == 0x00 && tc->m.val[1] == 0x01 && tc->m.val[2] == 0xff); - const uint8_t *digestinfo = memchr(tc->m.val + 2, 0x00, tc->m.len - 2); - assert(digestinfo != NULL); - const size_t digestinfo_len = tc->m.val + tc->m.len - ++digestinfo; + uint8_t sig[tc->s.len]; - if ((err = hal_rpc_pkey_sign(session, private_key, hal_hash_handle_none, - digestinfo, digestinfo_len, sig, &len, sizeof(sig))) != HAL_OK) - return printf("Could not sign: %s\n", hal_error_string(err)), 0; + /* + * Raw RSA test cases include PKCS #1.5 padding, we need to drill down to the DigestInfo. + */ + assert(tc->m.len > 4 && tc->m.val[0] == 0x00 && tc->m.val[1] == 0x01 && tc->m.val[2] == 0xff); + const uint8_t *digestinfo = memchr(tc->m.val + 2, 0x00, tc->m.len - 2); + assert(digestinfo != NULL); + const size_t digestinfo_len = tc->m.val + tc->m.len - ++digestinfo; - if ((err = hal_rpc_pkey_verify(session, public_key, hal_hash_handle_none, - digestinfo, digestinfo_len, sig, len)) != HAL_OK) - return printf("Could not verify: %s\n", hal_error_string(err)), 0; + if ((err = hal_rpc_pkey_sign(private_key, hal_hash_handle_none, + digestinfo, digestinfo_len, sig, &len, sizeof(sig))) != HAL_OK) + lose("Could not sign: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK) - return printf("Could not delete private key: %s\n", hal_error_string(err)), 0; + if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none, + digestinfo, digestinfo_len, sig, len)) != HAL_OK) + lose("Could not verify: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK) - return printf("Could not delete public key: %s\n", hal_error_string(err)), 0; + if (!test_attributes(private_key, &private_name, flags) || !test_attributes(public_key, &public_name, flags)) + goto fail; - printf("OK\n"); - return 1; + if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK) + lose("Could not delete private key: %s\n", hal_error_string(err)); + + if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK) + lose("Could not delete public key: %s\n", hal_error_string(err)); + + printf("OK\n"); + return 1; + } + + fail: + if (private_key.handle != HAL_HANDLE_NONE && + (err = hal_rpc_pkey_delete(private_key)) != HAL_OK) + printf("Warning: could not delete private key: %s\n", hal_error_string(err)); + + if (public_key.handle != HAL_HANDLE_NONE && + (err = hal_rpc_pkey_delete(public_key)) != HAL_OK) + printf("Warning: could not delete public key: %s\n", hal_error_string(err)); + + return 0; } -static int test_ecdsa_generate(const ecdsa_tc_t * const tc) +static int test_ecdsa_generate(const ecdsa_tc_t * const tc, hal_key_flags_t flags) { - const hal_client_handle_t client = {0}; - const hal_session_handle_t session = {0}; - hal_pkey_handle_t private_key, public_key; + const hal_client_handle_t client = {HAL_HANDLE_NONE}; + const hal_session_handle_t session = {HAL_HANDLE_NONE}; + hal_pkey_handle_t private_key = {HAL_HANDLE_NONE}; + hal_pkey_handle_t public_key = {HAL_HANDLE_NONE}; hal_error_t err; size_t len; assert(tc != NULL); - printf("Starting ECDSA %s key generation tests\n", ecdsa_curve_to_string(tc->curve)); + { + flags |= HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE; - const uint8_t private_label[] = "Generated ECDSA private key", public_label[] = "Generated ECDSA public key"; + printf("Starting ECDSA %s key generation tests, flags 0x%lx\n", + ecdsa_curve_to_string(tc->curve), (unsigned long) flags); - if ((err = hal_rpc_pkey_generate_ec(client, session, &private_key, - private_label, sizeof(private_label), - tc->curve, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK) - return printf("Could not generate EC key pair: %s\n", hal_error_string(err)), 0; + hal_uuid_t private_name, public_name; - uint8_t public_der[hal_rpc_pkey_get_public_key_len(private_key)]; + if ((err = hal_rpc_pkey_generate_ec(client, session, &private_key, &private_name, tc->curve, flags)) != HAL_OK) + lose("Could not generate EC key pair: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_get_public_key(private_key, public_der, &len, sizeof(public_der))) != HAL_OK) - return printf("Could not DER encode public key from test vector: %s\n", hal_error_string(err)), 0; + uint8_t public_der[hal_rpc_pkey_get_public_key_len(private_key)]; - assert(len == sizeof(public_der)); + if ((err = hal_rpc_pkey_get_public_key(private_key, public_der, &len, sizeof(public_der))) != HAL_OK) + lose("Could not DER encode public key from test vector: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_EC_PUBLIC, tc->curve, - public_label, sizeof(public_label), public_der, sizeof(public_der), - HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK) - return printf("Could not load public key into RPC: %s\n", hal_error_string(err)), 0; + assert(len == sizeof(public_der)); - uint8_t sig[tc->sig_len + 4]; + if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_EC_PUBLIC, tc->curve, + &public_name, public_der, sizeof(public_der), flags)) != HAL_OK) + lose("Could not load public key into RPC: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_sign(session, private_key, hal_hash_handle_none, - tc->H, tc->H_len, sig, &len, sizeof(sig))) != HAL_OK) - return printf("Could not sign: %s\n", hal_error_string(err)), 0; + uint8_t sig[tc->sig_len + 4]; - if ((err = hal_rpc_pkey_verify(session, public_key, hal_hash_handle_none, - tc->H, tc->H_len, sig, len)) != HAL_OK) - return printf("Could not verify own signature: %s\n", hal_error_string(err)), 0; + if ((err = hal_rpc_pkey_sign(private_key, hal_hash_handle_none, + tc->H, tc->H_len, sig, &len, sizeof(sig))) != HAL_OK) + lose("Could not sign: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK) - return printf("Could not delete private key: %s\n", hal_error_string(err)), 0; + if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none, + tc->H, tc->H_len, sig, len)) != HAL_OK) + lose("Could not verify own signature: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK) - return printf("Could not delete public key: %s\n", hal_error_string(err)), 0; + if (!test_attributes(private_key, &private_name, flags) || !test_attributes(public_key, &public_name, flags)) + goto fail; - printf("OK\n"); - return 1; + if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK) + lose("Could not delete private key: %s\n", hal_error_string(err)); + + if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK) + lose("Could not delete public key: %s\n", hal_error_string(err)); + + printf("OK\n"); + return 1; + } + + fail: + if (private_key.handle != HAL_HANDLE_NONE && + (err = hal_rpc_pkey_delete(private_key)) != HAL_OK) + printf("Warning: could not delete private key: %s\n", hal_error_string(err)); + + if (public_key.handle != HAL_HANDLE_NONE && + (err = hal_rpc_pkey_delete(public_key)) != HAL_OK) + printf("Warning: could not delete public key: %s\n", hal_error_string(err)); + + return 0; } int main (int argc, char *argv[]) { + const hal_client_handle_t client = {HAL_HANDLE_NONE}; + const char *pin = argc > 1 ? argv[1] : "fnord"; + hal_error_t err; int ok = 1; - hal_rpc_client_init(); + if ((err = hal_rpc_client_init()) != HAL_OK) + printf("Warning: Trouble initializing RPC client: %s\n", hal_error_string(err)); + + if ((err = hal_rpc_login(client, HAL_USER_NORMAL, pin, strlen(pin))) != HAL_OK) + printf("Warning: Trouble logging into HSM: %s\n", hal_error_string(err)); for (int i = 0; i < (sizeof(rsa_tc)/sizeof(*rsa_tc)); i++) - ok &= test_rsa_testvec(&rsa_tc[i]); + for (int j = 0; j < 2; j++) + ok &= test_rsa_testvec(&rsa_tc[i], j * HAL_KEY_FLAG_TOKEN); for (int i = 0; i < (sizeof(ecdsa_tc)/sizeof(*ecdsa_tc)); i++) - ok &= test_ecdsa_testvec(&ecdsa_tc[i]); + for (int j = 0; j < 2; j++) + ok &= test_ecdsa_testvec(&ecdsa_tc[i], j * HAL_KEY_FLAG_TOKEN); for (int i = 0; i < (sizeof(rsa_tc)/sizeof(*rsa_tc)); i++) - ok &= test_rsa_generate(&rsa_tc[i]); + for (int j = 0; j < 2; j++) + ok &= test_rsa_generate(&rsa_tc[i], j * HAL_KEY_FLAG_TOKEN); for (int i = 0; i < (sizeof(ecdsa_tc)/sizeof(*ecdsa_tc)); i++) - ok &= test_ecdsa_generate(&ecdsa_tc[i]); + for (int j = 0; j < 2; j++) + ok &= test_ecdsa_generate(&ecdsa_tc[i], j * HAL_KEY_FLAG_TOKEN); + + if ((err = hal_rpc_logout(client)) != HAL_OK) + printf("Warning: Trouble logging out of HSM: %s\n", hal_error_string(err)); - ok &= hal_rpc_client_close(); + if ((err = hal_rpc_client_close()) != HAL_OK) + printf("Warning: Trouble shutting down RPC client: %s\n", hal_error_string(err)); return !ok; } diff --git a/tests/test-trng.c b/tests/test-trng.c index ebfe701..f570752 100644 --- a/tests/test-trng.c +++ b/tests/test-trng.c @@ -84,7 +84,7 @@ static hal_error_t test_random(const char *name) return err; } - printf("%08x ", rnd); + printf("%08lx ", (unsigned long) rnd); } printf("\n"); @@ -106,7 +106,7 @@ int main(void) } else { for (i = 0; i < 8; ++i) { - printf("%08x ", rnd[i]); + printf("%08lx ", (unsigned long) rnd[i]); } printf("\n"); } |