pkcs11_test.go

Documentation: github.com/googleapis/enterprise-certificate-proxy/internal/signer/linux/pkcs11

     1  // Copyright 2023 Google LLC.
     2  // Licensed under the Apache License, Version 2.0 (the "License");
     3  // you may not use this file except in compliance with the License.
     4  // You may obtain a copy of the License at
     5  //
     6  //     https://www.apache.org/licenses/LICENSE-2.0
     7  //
     8  // Unless required by applicable law or agreed to in writing, software
     9  // distributed under the License is distributed on an "AS IS" BASIS,
    10  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11  // See the License for the specific language governing permissions and
    12  // limitations under the License.
    13  
    14  package pkcs11
    15  
    16  import (
    17  	"bytes"
    18  	"crypto"
    19  	"crypto/rsa"
    20  	"flag"
    21  	"testing"
    22  )
    23  
    24  const (
    25  	testModule  = "/usr/lib/softhsm/libsofthsm2.so"
    26  	testLabel   = "Demo Object"
    27  	testUserPin = "0000"
    28  )
    29  
    30  var testSlot = flag.String("testSlot", "", "libsofthsm2 slot location")
    31  
    32  func makeTestKey() (*Key, error) {
    33  	key, err := Cred(testModule, *testSlot, testLabel, testUserPin)
    34  	return key, err
    35  }
    36  
    37  func TestParseHexString(t *testing.T) {
    38  	got, err := ParseHexString("0x1739427")
    39  	if err != nil {
    40  		t.Fatalf("ParseHexString error: %v", err)
    41  	}
    42  	want := uint32(0x1739427)
    43  	if got != want {
    44  		t.Errorf("Expected result is %v, got: %v", want, got)
    45  	}
    46  }
    47  
    48  func TestParseHexStringFailure(t *testing.T) {
    49  	_, err := ParseHexString("abcdefgh")
    50  	if err == nil {
    51  		t.Error("Expected error but got nil")
    52  	}
    53  }
    54  
    55  func TestCredLinux(t *testing.T) {
    56  	key, err := makeTestKey()
    57  	if err != nil {
    58  		t.Errorf("Cred error: %q", err)
    59  	}
    60  	defer key.Close()
    61  }
    62  
    63  func BenchmarkEncryptRSA(b *testing.B) {
    64  	msg := "Plain text to encrypt"
    65  	bMsg := []byte(msg)
    66  	key, errCred := makeTestKey()
    67  	if errCred != nil {
    68  		b.Errorf("Cred error: %q", errCred)
    69  		return
    70  	}
    71  	defer key.Close()
    72  	b.Run("encryptRSA Crypto", func(b *testing.B) {
    73  		for i := 0; i < b.N; i++ {
    74  			_, errEncrypt := key.encryptRSA(bMsg)
    75  			if errEncrypt != nil {
    76  				b.Errorf("EncryptRSA error: %q", errEncrypt)
    77  				return
    78  			}
    79  		}
    80  	})
    81  }
    82  
    83  func TestEncrypt(t *testing.T) {
    84  	key, errCred := makeTestKey()
    85  	if errCred != nil {
    86  		t.Errorf("Cred error: %q", errCred)
    87  		return
    88  	}
    89  	defer key.Close()
    90  	msg := "Plain text to encrypt"
    91  	bMsg := []byte(msg)
    92  	_, err := key.Encrypt(bMsg, crypto.SHA1)
    93  	if err != nil {
    94  		t.Errorf("Encrypt error: %q", err)
    95  	}
    96  }
    97  
    98  func TestDecrypt(t *testing.T) {
    99  	key, errCred := makeTestKey()
   100  	if errCred != nil {
   101  		t.Errorf("Cred error: %q", errCred)
   102  		return
   103  	}
   104  	defer key.Close()
   105  	msg := "Plain text to encrypt"
   106  	bMsg := []byte(msg)
   107  	// Softhsm only supports SHA1
   108  	ciphertext, err := key.Encrypt(bMsg, crypto.SHA1)
   109  	if err != nil {
   110  		t.Errorf("Encrypt error: %q", err)
   111  	}
   112  	decrypted, err := key.Decrypt(ciphertext, &rsa.OAEPOptions{Hash: crypto.SHA1})
   113  	if err != nil {
   114  		t.Fatalf("Decrypt error: %v", err)
   115  	}
   116  	decrypted = bytes.Trim(decrypted, "\x00")
   117  	if string(decrypted) != msg {
   118  		t.Errorf("Decrypt error: expected %q, got %q", msg, string(decrypted))
   119  	}
   120  }
   121
View as plain text