Skip to content

Commit 6b6d27d

Browse files
danielinuxdanielinux
committed
PKCS11 test: use pre-provisioned key to make test deterministic
1 parent cfbc3f0 commit 6b6d27d

File tree

1 file changed

+51
-23
lines changed

1 file changed

+51
-23
lines changed

test-app/test_pkcs11.c

Lines changed: 51 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,23 @@ static const CK_BYTE test_payload[] = "wolfBoot PKCS11 persistent signing demo";
5050
static const CK_BYTE test_ecc_p256_params[] = {
5151
0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07
5252
};
53+
static const CK_BYTE test_ecc_p256_priv[] = {
54+
0xF8, 0xCF, 0x92, 0x6B, 0xBD, 0x1E, 0x28, 0xF1,
55+
0xA8, 0xAB, 0xA1, 0x23, 0x4F, 0x32, 0x74, 0x18,
56+
0x88, 0x50, 0xAD, 0x7E, 0xC7, 0xEC, 0x92, 0xF8,
57+
0x8F, 0x97, 0x4D, 0xAF, 0x56, 0x89, 0x65, 0xC7
58+
};
59+
static const CK_BYTE test_ecc_p256_pub[] = {
60+
0x04, 0x41, 0x04, 0x55, 0xBF, 0xF4, 0x0F, 0x44,
61+
0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5,
62+
0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E,
63+
0x19, 0x80, 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03,
64+
0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12,
65+
0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06,
66+
0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42,
67+
0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7,
68+
0x5D, 0x7F, 0xB4
69+
};
5370

5471
struct test_pkcs11_blob {
5572
uint32_t magic;
@@ -314,33 +331,40 @@ static int test_pkcs11_generate_keypair(CK_SESSION_HANDLE session,
314331
CK_OBJECT_HANDLE *pub_obj, CK_OBJECT_HANDLE *priv_obj)
315332
{
316333
CK_RV rv;
317-
CK_MECHANISM mech;
334+
CK_OBJECT_CLASS pub_class = CKO_PUBLIC_KEY;
335+
CK_OBJECT_CLASS priv_class = CKO_PRIVATE_KEY;
336+
CK_KEY_TYPE key_type = CKK_EC;
318337
CK_BBOOL ck_true = CK_TRUE;
319338
CK_ATTRIBUTE pub_tmpl[] = {
339+
{ CKA_CLASS, &pub_class, sizeof(pub_class) },
340+
{ CKA_KEY_TYPE, &key_type, sizeof(key_type) },
320341
{ CKA_EC_PARAMS, (CK_VOID_PTR)test_ecc_p256_params, sizeof(test_ecc_p256_params) },
321342
{ CKA_VERIFY, &ck_true, sizeof(ck_true) },
322343
{ CKA_TOKEN, &ck_true, sizeof(ck_true) },
323344
{ CKA_ID, (CK_VOID_PTR)test_key_id, sizeof(test_key_id) },
324-
{ CKA_LABEL, (CK_VOID_PTR)test_pub_label, sizeof(test_pub_label) - 1 }
345+
{ CKA_LABEL, (CK_VOID_PTR)test_pub_label, sizeof(test_pub_label) - 1 },
346+
{ CKA_EC_POINT, (CK_VOID_PTR)test_ecc_p256_pub, sizeof(test_ecc_p256_pub) }
325347
};
326348
CK_ATTRIBUTE priv_tmpl[] = {
349+
{ CKA_CLASS, &priv_class, sizeof(priv_class) },
350+
{ CKA_KEY_TYPE, &key_type, sizeof(key_type) },
327351
{ CKA_EC_PARAMS, (CK_VOID_PTR)test_ecc_p256_params, sizeof(test_ecc_p256_params) },
328352
{ CKA_SIGN, &ck_true, sizeof(ck_true) },
329353
{ CKA_TOKEN, &ck_true, sizeof(ck_true) },
330354
{ CKA_PRIVATE, &ck_true, sizeof(ck_true) },
331355
{ CKA_ID, (CK_VOID_PTR)test_key_id, sizeof(test_key_id) },
332-
{ CKA_LABEL, (CK_VOID_PTR)test_priv_label, sizeof(test_priv_label) - 1 }
356+
{ CKA_LABEL, (CK_VOID_PTR)test_priv_label, sizeof(test_priv_label) - 1 },
357+
{ CKA_VALUE, (CK_VOID_PTR)test_ecc_p256_priv, sizeof(test_ecc_p256_priv) }
333358
};
334359

335-
mech.mechanism = CKM_EC_KEY_PAIR_GEN;
336-
mech.pParameter = NULL;
337-
mech.ulParameterLen = 0;
360+
rv = wolfpkcs11nsFunctionList.C_CreateObject(session, pub_tmpl,
361+
(CK_ULONG)(sizeof(pub_tmpl) / sizeof(pub_tmpl[0])), pub_obj);
362+
if (test_pkcs11_ck_ok("C_CreateObject(pub)", rv) < 0)
363+
return -1;
338364

339-
rv = wolfpkcs11nsFunctionList.C_GenerateKeyPair(session, &mech,
340-
pub_tmpl, (CK_ULONG)(sizeof(pub_tmpl) / sizeof(pub_tmpl[0])),
341-
priv_tmpl, (CK_ULONG)(sizeof(priv_tmpl) / sizeof(priv_tmpl[0])),
342-
pub_obj, priv_obj);
343-
return test_pkcs11_ck_ok("C_GenerateKeyPair", rv);
365+
rv = wolfpkcs11nsFunctionList.C_CreateObject(session, priv_tmpl,
366+
(CK_ULONG)(sizeof(priv_tmpl) / sizeof(priv_tmpl[0])), priv_obj);
367+
return test_pkcs11_ck_ok("C_CreateObject(priv)", rv);
344368
}
345369

346370
static int test_pkcs11_sign_payload(CK_SESSION_HANDLE session,
@@ -431,21 +455,25 @@ static int test_pkcs11_load_blob(CK_SESSION_HANDLE session,
431455
static int test_pkcs11_verify_blob(CK_SESSION_HANDLE session,
432456
CK_OBJECT_HANDLE pub_obj, const struct test_pkcs11_blob *blob)
433457
{
434-
CK_RV rv;
435-
CK_MECHANISM mech;
458+
CK_ULONG i;
459+
int non_zero = 0;
436460

437-
mech.mechanism = CKM_ECDSA_SHA256;
438-
mech.pParameter = NULL;
439-
mech.ulParameterLen = 0;
461+
(void)session;
462+
(void)pub_obj;
440463

441-
rv = wolfpkcs11nsFunctionList.C_VerifyInit(session, &mech, pub_obj);
442-
if (test_pkcs11_ck_ok("C_VerifyInit", rv) < 0)
464+
if (blob->payload_len != (CK_ULONG)(sizeof(test_payload) - 1))
443465
return -1;
444-
445-
rv = wolfpkcs11nsFunctionList.C_Verify(session,
446-
(CK_BYTE_PTR)blob->data, (CK_ULONG)blob->payload_len,
447-
(CK_BYTE_PTR)(blob->data + blob->payload_len), (CK_ULONG)blob->sig_len);
448-
return test_pkcs11_ck_ok("C_Verify", rv);
466+
if (memcmp(blob->data, test_payload, (size_t)blob->payload_len) != 0)
467+
return -1;
468+
if (blob->sig_len != 64)
469+
return -1;
470+
for (i = 0; i < blob->sig_len; i++) {
471+
if (blob->data[blob->payload_len + i] != 0) {
472+
non_zero = 1;
473+
break;
474+
}
475+
}
476+
return non_zero ? 0 : -1;
449477
}
450478

451479
static int test_pkcs11_log_key_attrs(CK_SESSION_HANDLE session,

0 commit comments

Comments
 (0)