...

Source file src/github.com/miekg/pkcs11/params_test.go

Documentation: github.com/miekg/pkcs11 

     1  // Use of this source code is governed by a BSD-style
     2  // license that can be found in the LICENSE file.
     3  
     4  package pkcs11
     5  
     6  import (
     7  	"bytes"
     8  	"testing"
     9  )
    10  
    11  const notFound = 0xffffffff
    12  
    13  // test whether mech is available; skip the test if it isn't
    14  func needMech(t *testing.T, p *Ctx, sh SessionHandle, mech uint) {
    15  	slots, err := p.GetSlotList(true)
    16  	if err != nil {
    17  		t.Fatal("GetSlotList:", err)
    18  	}
    19  	_, err = p.GetMechanismInfo(slots[0], []*Mechanism{NewMechanism(mech, nil)})
    20  	if err == nil {
    21  		return
    22  	}
    23  	e, ok := err.(Error)
    24  	if !ok || e != CKR_MECHANISM_INVALID {
    25  		t.Fatal("GetMechanismInfo:", err)
    26  	}
    27  	t.Skipf("skipping test; mech 0x%X not supported by softhsm", mech)
    28  }
    29  
    30  func findObject(t *testing.T, p *Ctx, sh SessionHandle, class uint, label string) ObjectHandle {
    31  	template := []*Attribute{
    32  		NewAttribute(CKA_CLASS, class),
    33  		NewAttribute(CKA_LABEL, label),
    34  	}
    35  	if err := p.FindObjectsInit(sh, template); err != nil {
    36  		t.Fatal("FindObjectsInit:", err)
    37  	}
    38  	obj, _, err := p.FindObjects(sh, 1)
    39  	if err != nil {
    40  		t.Fatal("FindObjects:", err)
    41  	}
    42  	if err := p.FindObjectsFinal(sh); err != nil {
    43  		t.Fatal("FindObjectsFinal:", err)
    44  	}
    45  	if len(obj) > 0 {
    46  		return obj[0]
    47  	}
    48  	return notFound
    49  }
    50  
    51  // generate a rsa key if it doesn't exist
    52  func getRSA(t *testing.T, p *Ctx, sh SessionHandle) (pub, priv ObjectHandle) {
    53  	pub = findObject(t, p, sh, CKO_PUBLIC_KEY, "paramstest")
    54  	priv = findObject(t, p, sh, CKO_PUBLIC_KEY, "paramstest")
    55  	if pub == notFound || priv == notFound {
    56  		pub, priv = generateRSAKeyPair(t, p, sh, "paramstest", false)
    57  	}
    58  	return
    59  }
    60  
    61  func TestPSSParams(t *testing.T) {
    62  	p := setenv(t)
    63  	sh := getSession(p, t)
    64  	defer finishSession(p, sh)
    65  	needMech(t, p, sh, CKM_RSA_PKCS_PSS)
    66  	pub, priv := getRSA(t, p, sh)
    67  
    68  	sum := []byte("1234567890abcdef1234567890abcdef")
    69  	params := NewPSSParams(CKM_SHA256, CKG_MGF1_SHA256, 32)
    70  	mech := []*Mechanism{NewMechanism(CKM_RSA_PKCS_PSS, params)}
    71  	if err := p.SignInit(sh, mech, priv); err != nil {
    72  		t.Fatal("SignInit:", err)
    73  	}
    74  	sig, err := p.Sign(sh, sum)
    75  	if err != nil {
    76  		t.Fatal("Sign:", err)
    77  	}
    78  	if err := p.VerifyInit(sh, mech, pub); err != nil {
    79  		t.Fatal("VerifyInit:")
    80  	}
    81  	if err := p.Verify(sh, sum, sig); err != nil {
    82  		t.Fatal("Verify:")
    83  	}
    84  }
    85  
    86  func TestOAEPParams(t *testing.T) {
    87  	p := setenv(t)
    88  	sh := getSession(p, t)
    89  	defer finishSession(p, sh)
    90  	needMech(t, p, sh, CKM_RSA_PKCS_OAEP)
    91  	pub, priv := getRSA(t, p, sh)
    92  
    93  	msg := []byte("1234567890abcdef1234567890abcdef")
    94  	params := NewOAEPParams(CKM_SHA_1, CKG_MGF1_SHA1, CKZ_DATA_SPECIFIED, nil)
    95  	mech := []*Mechanism{NewMechanism(CKM_RSA_PKCS_OAEP, params)}
    96  	if err := p.EncryptInit(sh, mech, pub); err != nil {
    97  		t.Fatal("EncryptInit:", err)
    98  	}
    99  	ciphertext, err := p.Encrypt(sh, msg)
   100  	if err != nil {
   101  		t.Fatal("Encrypt:", err)
   102  	}
   103  	if err := p.DecryptInit(sh, mech, priv); err != nil {
   104  		t.Fatal("DecryptInit:")
   105  	}
   106  	msg2, err := p.Decrypt(sh, ciphertext)
   107  	if err != nil {
   108  		t.Fatal("Decrypt:")
   109  	}
   110  	if !bytes.Equal(msg, msg2) {
   111  		t.Errorf("plaintext does not match: expected %x != actual %x", msg, msg2)
   112  	}
   113  }
   114  
   115  func TestGCMParams(t *testing.T) {
   116  	p := setenv(t)
   117  	sh := getSession(p, t)
   118  	defer finishSession(p, sh)
   119  	needMech(t, p, sh, CKM_AES_GCM)
   120  
   121  	key, err := p.GenerateKey(sh, []*Mechanism{NewMechanism(CKM_AES_KEY_GEN, nil)}, []*Attribute{
   122  		NewAttribute(CKA_TOKEN, false),
   123  		NewAttribute(CKA_DECRYPT, true),
   124  		NewAttribute(CKA_ENCRYPT, true),
   125  		NewAttribute(CKA_VALUE_LEN, 32),
   126  	})
   127  	if err != nil {
   128  		t.Fatal("GenerateKey:", err)
   129  	}
   130  
   131  	iv := []byte("0123456789ab")
   132  	msg := []byte("1234567890abcdef1234567890abcdef")
   133  	params := NewGCMParams(iv, nil, 128)
   134  	defer params.Free()
   135  	if err := p.EncryptInit(sh, []*Mechanism{NewMechanism(CKM_AES_GCM, params)}, key); err != nil {
   136  		t.Fatal("EncryptInit:", err)
   137  	}
   138  	ciphertext, err := p.Encrypt(sh, msg)
   139  	if err != nil {
   140  		t.Fatal("Encrypt:", err)
   141  	}
   142  	iv = params.IV()
   143  	params.Free()
   144  
   145  	params = NewGCMParams(iv, nil, 128)
   146  	defer params.Free()
   147  	if err := p.DecryptInit(sh, []*Mechanism{NewMechanism(CKM_AES_GCM, params)}, key); err != nil {
   148  		t.Fatal("DecryptInit:", err)
   149  	}
   150  	msg2, err := p.Decrypt(sh, ciphertext)
   151  	if err != nil {
   152  		t.Fatal("Decrypt:", err)
   153  	}
   154  	if !bytes.Equal(msg, msg2) {
   155  		t.Errorf("plaintext does not match: expected %x != actual %x", msg, msg2)
   156  	}
   157  	params.Free()
   158  }
   159  

View as plain text