From 32babc6a2fbe1563a4cf4160911c98300b449f87 Mon Sep 17 00:00:00 2001 From: Etienne Carriere Date: Sat, 14 Dec 2024 11:49:13 +0100 Subject: [PATCH] [review] xtest: add pkcs11_1031 for CKM_RSA_X_509 sign/verify Replace static test on CFG_PKCS11_TA_RSA_X_509 with a runtime test on whether or not the PKCS#11 TA supports CKM_RSA_X_509 for signature computation and verification. This change makes xtest more flexible regarding the tested embedded TA instead of requiring a specific xtest build for a given PKCS#11 TA configuration. Signed-off-by: Etienne Carriere --- host/xtest/pkcs11_1000.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/host/xtest/pkcs11_1000.c b/host/xtest/pkcs11_1000.c index b93735a5c..a06587099 100644 --- a/host/xtest/pkcs11_1000.c +++ b/host/xtest/pkcs11_1000.c @@ -10261,13 +10261,9 @@ static void xtest_pkcs11_test_1031(ADBG_Case_t *c) CK_SLOT_ID slot = 0; CK_SESSION_HANDLE session = CK_INVALID_HANDLE; CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION; + CK_MECHANISM_INFO mechanism_info = { }; int ret = 0; -#ifndef CFG_PKCS11_TA_RSA_X_509 - Do_ADBG_Log("CFG_PKCS11_TA_RSA_X_509 is disabled, skip raw RSA tests"); - return; -#endif - rv = init_lib_and_find_token_slot(&slot, PIN_AUTH); if (!ADBG_EXPECT_CK_OK(c, rv)) return; @@ -10280,6 +10276,22 @@ static void xtest_pkcs11_test_1031(ADBG_Case_t *c) if (!ADBG_EXPECT_CK_OK(c, rv)) goto close_lib; + rv = C_GetMechanismInfo(slot, CKM_RSA_X_509, &mechanism_info); + + if (rv == CKR_MECHANISM_INVALID) { + Do_ADBG_Log("CKM_RSA_X_509 not supported, skip raw RSA tests"); + goto close_lib; + } + + if (!ADBG_EXPECT_CK_OK(c, rv)) + goto close_lib; + + if ((mechanism_info.flags & (CKF_SIGN | CKF_VERIFY)) != + (CKF_SIGN | CKF_VERIFY)) { + Do_ADBG_Log("CKM_RSA_X_509 sign/verify not supported, skip raw RSA tests"); + goto close_lib; + } + rv = C_OpenSession(slot, session_flags, NULL, 0, &session); if (!ADBG_EXPECT_CK_OK(c, rv)) goto close_lib;