xtest: add pkcs11_1031 for CKM_RSA_X_509 sign/verify (take 2) #762
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Basic test on signing/verifying with raw RSA mechanism CKM_RSA_X_509. Signed-off-by: Etienne Carriere <[email protected]>
Skip the test if CFG_PKCS11_TA_RSA_X_509 is disabled. Signed-off-by: Etienne Carriere <[email protected]>
Fix missing sub-case end call in test_rsa_raw_operations(). Signed-off-by: Etienne Carriere <[email protected]>
Use a well known padding scheme (PKCS#1 v1.5) to ensure the generated signature has to expected size. With the previously implemented padding scheme I found seldom occurrences where the generated signature was 1 byte too short. Signed-off-by: Etienne Carriere <[email protected]>
etienne-lms
force-pushed
the
pkcs11-raw-rsa
branch
from
94dbe5e to
bc2a22c
Compare
|
Updated with a more robust message padding scheme. |
jforissier
reviewed
Dec 11, 2024
host/xtest/pkcs11_1000.c
Outdated
| * key. If smaller, it is strongly recommended to inserrt padding | ||
| * bytes to reach to key size. Lets's use random data and use PKCS v1.5 | ||
| * padding scheme to ensure input data to be signed will generate well | ||
| * szied signature. |
Fix inline comment typos. Signed-off-by: Etienne Carriere <[email protected]>
|
Sorry for these typos. |
Discard the padding used here. Whatever the message data, as long as the message has the size of the private key, the PKCS#11 should be able to generate a signature. Signed-off-by: Etienne Carriere <[email protected]>
|
Updated removing the padding scheme. Strong padding is not needed as far as PKCS#11 regression tests are concerned. |
Remove unused local variable. Signed-off-by: Etienne Carriere <[email protected]>
|
Fixed an omission in the previous fixup commit. CI test should be good now. |
I missed a constraint on the input message: it must represent a value smaller than the private key modulus. Clear the message leading bit! Fix inline comment. Remove the part testing the key attribute. RSA keys generation in the PKCS#11 TA is already tested by pkcs11_1021, pkcs1022 and pkcs11_1023. No need to test again RSA keys attributes. Wrap line wider than 80char for consistency of this source file. Signed-off-by: Etienne Carriere <[email protected]>
etienne-lms
commented
Dec 13, 2024
|
Fixed message leading bit + remove some useless tests on key attributes. |
Replace static test on CFG_PKCS11_TA_RSA_X_509 with a runtime test on whether or not the PKCS#11 TA supports CKM_RSA_X_509 for signature computation and verification. This change makes xtest more flexible regarding the tested embedded TA instead of requiring a specific xtest build for a given PKCS#11 TA configuration. Signed-off-by: Etienne Carriere <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Basic test on signing/verifying with raw RSA mechanism CKM_RSA_X_509.
Replaces #757.