From 00b2adefccab211bb853c79ac84315dbd40ee05d Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Tue, 17 May 2016 23:07:20 -0400
Subject: Bugfixes to new error handling code, refactor some unreadable nested
 logic in handle lookup code.

The mapping between PKCS #11 objects and libhal handles isn't quite
right yet.  This is a snapshot of bugfixes accumulated along the way,
before refactoring mapping code to deal with the underlying problem.
---
 unit_tests.py | 46 +++++++++++++++++++++++++++++++++++++---------
 1 file changed, 37 insertions(+), 9 deletions(-)

(limited to 'unit_tests.py')

diff --git a/unit_tests.py b/unit_tests.py
index f5553d4..6866a87 100644
--- a/unit_tests.py
+++ b/unit_tests.py
@@ -272,7 +272,6 @@ class TestKeys(unittest.TestCase):
         p11.C_VerifyInit(self.session, CKM_ECDSA_SHA384, public_key)
         p11.C_Verify(self.session, hamster, sig)
 
-
     def test_gen_sign_verify_ecdsa_p521_sha512(self):
         #if not args.all_tests: self.skipTest("SHA-512 not available in current build")
         public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
@@ -286,16 +285,45 @@ class TestKeys(unittest.TestCase):
         p11.C_VerifyInit(self.session, CKM_ECDSA_SHA512, public_key)
         p11.C_Verify(self.session, hamster, sig)
 
-    def test_gen_rsa_1024(self):
-        self.assertIsKeypair(
-          p11.C_GenerateKeyPair(self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024,
-                                CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True))
+    def test_gen_sign_verify_rsa_1024(self):
+        public_key, private_key = p11.C_GenerateKeyPair(
+            self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024,
+            CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True)
+        self.assertIsKeypair(public_key, private_key)
+        hamster = "Your mother was a hamster"
+        p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
+        sig = p11.C_Sign(self.session, hamster)
+        self.assertIsInstance(sig, str)
+        p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
+        p11.C_Verify(self.session, hamster, sig)
 
-    def test_gen_rsa_2048(self):
+        if False:
+            a = p11.C_GetAttributeValue(self.session, public_key,
+                                        CKA_CLASS, CKA_KEY_TYPE, CKA_VERIFY, CKA_TOKEN,
+                                        CKA_PUBLIC_EXPONENT, CKA_MODULUS)
+            a[CKA_TOKEN] = not a[CKA_TOKEN]
+            o = p11.C_CreateObject(self.session, a)
+            p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, o)
+            p11.C_Verify(self.session, hamster, sig)
+
+            self.tearDown()
+            self.setUp()
+            o = p11.C_CreateObject(self.session, a)
+            p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, o)
+            p11.C_Verify(self.session, hamster, sig)
+
+    def test_gen_sign_verify_rsa_2048(self):
         if not args.all_tests: self.skipTest("RSA key generation is still painfully slow")
-        self.assertIsKeypair(
-          p11.C_GenerateKeyPair(self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 2048,
-                                CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True))
+        public_key, private_key = p11.C_GenerateKeyPair(
+            self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 2048,
+            CKA_ID = "RSA-2048", CKA_SIGN = True, CKA_VERIFY = True)
+        self.assertIsKeypair(public_key, private_key)
+        hamster = "Your mother was a hamster"
+        p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
+        sig = p11.C_Sign(self.session, hamster)
+        self.assertIsInstance(sig, str)
+        p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
+        p11.C_Verify(self.session, hamster, sig)
 
     @staticmethod
     def _build_ecpoint(x, y):
-- 
cgit v1.2.3