[review] xtest: add pkcs11_1031 for CKM_RSA_X_509 sign/verify

Replace static test on CFG_PKCS11_TA_RSA_X_509 with a runtime test
on whether or not the PKCS#11 TA supports CKM_RSA_X_509 for signature
computation and verification. This change makes xtest more flexible
regarding the tested embedded TA instead of requiring a specific
xtest build for a given PKCS#11 TA configuration.

Signed-off-by: Etienne Carriere <[email protected]>

host/xtest/pkcs11_1000.c

@@ -10261,13 +10261,9 @@ static void xtest_pkcs11_test_1031(ADBG_Case_t *c)
 	CK_SLOT_ID slot = 0;
 	CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
 	CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
+	CK_MECHANISM_INFO mechanism_info = { };
 	int ret = 0;
 
-#ifndef CFG_PKCS11_TA_RSA_X_509
-	Do_ADBG_Log("CFG_PKCS11_TA_RSA_X_509 is disabled, skip raw RSA tests");
-	return;
-#endif
-
 	rv = init_lib_and_find_token_slot(&slot, PIN_AUTH);
 	if (!ADBG_EXPECT_CK_OK(c, rv))
 		return;
@@ -10280,6 +10276,22 @@ static void xtest_pkcs11_test_1031(ADBG_Case_t *c)
 	if (!ADBG_EXPECT_CK_OK(c, rv))
 		goto close_lib;
 
+	rv = C_GetMechanismInfo(slot, CKM_RSA_X_509, &mechanism_info);
+
+	if (rv == CKR_MECHANISM_INVALID) {
+		Do_ADBG_Log("CKM_RSA_X_509 not supported, skip raw RSA tests");
+		goto close_lib;
+	}
+
+	if (!ADBG_EXPECT_CK_OK(c, rv))
+		goto close_lib;
+
+	if ((mechanism_info.flags & (CKF_SIGN | CKF_VERIFY)) !=
+	    (CKF_SIGN | CKF_VERIFY)) {
+		Do_ADBG_Log("CKM_RSA_X_509 sign/verify not supported, skip raw RSA tests");
+		goto close_lib;
+	}
+
 	rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
 	if (!ADBG_EXPECT_CK_OK(c, rv))
 		goto close_lib;