From 8a36a9c42b6c327056ca334d556c221c28375d15 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sat, 3 Sep 2016 02:27:09 -0400
Subject: Hack PKCS #11 to work with revised libhal pkey API.

---
 unit_tests.py | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

(limited to 'unit_tests.py')

diff --git a/unit_tests.py b/unit_tests.py
index c9d3886..02863c8 100644
--- a/unit_tests.py
+++ b/unit_tests.py
@@ -259,27 +259,32 @@ class TestKeys(TestCase):
     def test_keygen_token_vs_session(self):
         "Test C_GenerateKeypair() CKA_TOKEN restrictions"
 
-        with self.assertRaises(CKR_TEMPLATE_INCONSISTENT):
-            p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = False,
-                                  CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
-                                  CKA_SIGN = True, CKA_VERIFY = True)
+        self.assertIsKeypair(
+          p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = False,
+                                CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+                                CKA_SIGN = True, CKA_VERIFY = True))
 
         self.assertIsKeypair(
           p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = True,
                                 CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
                                 CKA_SIGN = True, CKA_VERIFY = True))
 
+        # Might need to do this until we expand the number of key slots
+        if False:
+          for handle in p11.FindObjects(self.session):
+            p11.C_DestroyObject(self.session, handle)
+
         self.assertIsKeypair(
             p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
                                   public_CKA_TOKEN = False, private_CKA_TOKEN = True,
                                   CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
                                   CKA_SIGN = True, CKA_VERIFY = True))
 
-        with self.assertRaises(CKR_TEMPLATE_INCONSISTENT):
-            p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
-                                  public_CKA_TOKEN = True, private_CKA_TOKEN = False,
-                                  CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
-                                  CKA_SIGN = True, CKA_VERIFY = True)
+        self.assertIsKeypair(
+          p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
+                                public_CKA_TOKEN = True, private_CKA_TOKEN = False,
+                                CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+                                CKA_SIGN = True, CKA_VERIFY = True))
 
     def test_gen_sign_verify_ecdsa_p256_sha256(self):
         "Generate/sign/verify with ECDSA-P256-SHA-256"
-- 
cgit v1.2.3