1 package crypto11
2
3 import (
4 "crypto/rand"
5 "crypto/rsa"
6 "testing"
7
8 "github.com/miekg/pkcs11"
9
10 "github.com/stretchr/testify/assert"
11 "github.com/stretchr/testify/require"
12 )
13
14
15 func withContext(t *testing.T, f func(ctx *Context)) {
16 ctx, err := ConfigureFromFile("config")
17 require.NoError(t, err)
18
19 defer func() {
20 require.NoError(t, ctx.Close())
21 }()
22
23 f(ctx)
24 }
25
26 func TestFindKeysRequiresIdOrLabel(t *testing.T) {
27 withContext(t, func(ctx *Context) {
28 _, err := ctx.FindKey(nil, nil)
29 assert.Error(t, err)
30
31 _, err = ctx.FindKeys(nil, nil)
32 assert.Error(t, err)
33
34 _, err = ctx.FindKeyPair(nil, nil)
35 assert.Error(t, err)
36
37 _, err = ctx.FindKeyPairs(nil, nil)
38 assert.Error(t, err)
39 })
40 }
41
42 func TestFindingKeysWithAttributes(t *testing.T) {
43 withContext(t, func(ctx *Context) {
44 label := randomBytes()
45 label2 := randomBytes()
46
47 key, err := ctx.GenerateSecretKeyWithLabel(randomBytes(), label, 128, CipherAES)
48 require.NoError(t, err)
49 defer func(k *SecretKey) { _ = k.Delete() }(key)
50
51 key, err = ctx.GenerateSecretKeyWithLabel(randomBytes(), label2, 128, CipherAES)
52 require.NoError(t, err)
53 defer func(k *SecretKey) { _ = k.Delete() }(key)
54
55 key, err = ctx.GenerateSecretKeyWithLabel(randomBytes(), label2, 256, CipherAES)
56 require.NoError(t, err)
57 defer func(k *SecretKey) { _ = k.Delete() }(key)
58
59 attrs := NewAttributeSet()
60 _ = attrs.Set(CkaLabel, label)
61 keys, err := ctx.FindKeysWithAttributes(attrs)
62 require.NoError(t, err)
63 require.Len(t, keys, 1)
64
65 _ = attrs.Set(CkaLabel, label2)
66 keys, err = ctx.FindKeysWithAttributes(attrs)
67 require.NoError(t, err)
68 require.Len(t, keys, 2)
69
70 attrs = NewAttributeSet()
71 err = attrs.Set(CkaValueLen, 16)
72 require.NoError(t, err)
73
74 keys, err = ctx.FindKeysWithAttributes(attrs)
75 require.NoError(t, err)
76 require.Len(t, keys, 2)
77
78 attrs = NewAttributeSet()
79 err = attrs.Set(CkaValueLen, 32)
80 require.NoError(t, err)
81
82 keys, err = ctx.FindKeysWithAttributes(attrs)
83 require.NoError(t, err)
84 require.Len(t, keys, 1)
85 })
86 }
87
88 func TestFindingKeyPairsWithAttributes(t *testing.T) {
89 withContext(t, func(ctx *Context) {
90
91
92
93
94 label := randomBytes()
95 label2 := randomBytes()
96
97 key, err := ctx.GenerateRSAKeyPairWithLabel(randomBytes(), label, rsaSize)
98 require.NoError(t, err)
99 defer func(k Signer) { _ = k.Delete() }(key)
100
101 key, err = ctx.GenerateRSAKeyPairWithLabel(randomBytes(), label2, rsaSize)
102 require.NoError(t, err)
103 defer func(k Signer) { _ = k.Delete() }(key)
104
105 key, err = ctx.GenerateRSAKeyPairWithLabel(randomBytes(), label2, rsaSize)
106 require.NoError(t, err)
107 defer func(k Signer) { _ = k.Delete() }(key)
108
109 attrs := NewAttributeSet()
110 _ = attrs.Set(CkaLabel, label)
111 keys, err := ctx.FindKeyPairsWithAttributes(attrs)
112 require.NoError(t, err)
113 require.Len(t, keys, 1)
114
115 _ = attrs.Set(CkaLabel, label2)
116 keys, err = ctx.FindKeyPairsWithAttributes(attrs)
117 require.NoError(t, err)
118 require.Len(t, keys, 2)
119
120 attrs = NewAttributeSet()
121 _ = attrs.Set(CkaKeyType, pkcs11.CKK_RSA)
122 keys, err = ctx.FindKeyPairsWithAttributes(attrs)
123 require.NoError(t, err)
124 require.Len(t, keys, 3)
125 })
126 }
127
128 func TestFindingAllKeys(t *testing.T) {
129 withContext(t, func(ctx *Context) {
130 for i := 0; i < 10; i++ {
131 id := randomBytes()
132 key, err := ctx.GenerateSecretKey(id, 128, CipherAES)
133 require.NoError(t, err)
134
135 defer func(k *SecretKey) { _ = k.Delete() }(key)
136 }
137
138 keys, err := ctx.FindAllKeys()
139 require.NoError(t, err)
140 require.NotNil(t, keys)
141
142 require.Len(t, keys, 10)
143 })
144 }
145
146 func TestFindingAllKeyPairs(t *testing.T) {
147 withContext(t, func(ctx *Context) {
148 for i := 1; i <= 5; i++ {
149 id := randomBytes()
150 key, err := ctx.GenerateRSAKeyPair(id, rsaSize)
151 require.NoError(t, err)
152
153 defer func(k Signer) { _ = k.Delete() }(key)
154 }
155
156 keys, err := ctx.FindAllKeyPairs()
157 require.NoError(t, err)
158 require.NotNil(t, keys)
159
160 require.Len(t, keys, 5)
161 })
162 }
163
164 func TestGettingPrivateKeyAttributes(t *testing.T) {
165 withContext(t, func(ctx *Context) {
166 id := randomBytes()
167
168 key, err := ctx.GenerateRSAKeyPair(id, rsaSize)
169 require.NoError(t, err)
170 defer func(k Signer) { _ = k.Delete() }(key)
171
172 attrs, err := ctx.GetAttributes(key, []AttributeType{CkaModulus})
173 require.NoError(t, err)
174 require.NotNil(t, attrs)
175 require.Len(t, attrs, 1)
176
177 require.Len(t, attrs[CkaModulus].Value, 256)
178 })
179 }
180
181 func TestGettingPublicKeyAttributes(t *testing.T) {
182 withContext(t, func(ctx *Context) {
183 id := randomBytes()
184
185 key, err := ctx.GenerateRSAKeyPair(id, rsaSize)
186 require.NoError(t, err)
187 defer func(k Signer) { _ = k.Delete() }(key)
188
189 attrs, err := ctx.GetPubAttributes(key, []AttributeType{CkaModulusBits})
190 require.NoError(t, err)
191 require.NotNil(t, attrs)
192 require.Len(t, attrs, 1)
193
194 require.Equal(t, uint(rsaSize), bytesToUlong(attrs[CkaModulusBits].Value))
195 })
196 }
197
198 func TestGettingSecretKeyAttributes(t *testing.T) {
199 withContext(t, func(ctx *Context) {
200 id := randomBytes()
201
202 key, err := ctx.GenerateSecretKey(id, 128, CipherAES)
203 require.NoError(t, err)
204 defer func(k *SecretKey) { _ = k.Delete() }(key)
205
206 attrs, err := ctx.GetAttributes(key, []AttributeType{CkaValueLen})
207 require.NoError(t, err)
208 require.NotNil(t, attrs)
209 require.Len(t, attrs, 1)
210
211 require.Equal(t, uint(16), bytesToUlong(attrs[CkaValueLen].Value))
212 })
213 }
214
215 func TestGettingUnsupportedKeyTypeAttributes(t *testing.T) {
216 withContext(t, func(ctx *Context) {
217 key, err := rsa.GenerateKey(rand.Reader, rsaSize)
218 require.NoError(t, err)
219
220 _, err = ctx.GetAttributes(key, []AttributeType{CkaModulusBits})
221 require.Error(t, err)
222 })
223 }
224
View as plain text