|
 |
27025e |
From eb38d2278937ec3fe45d0af30cd080953bbb5b54 Mon Sep 17 00:00:00 2001
|
|
|
e55890 |
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
|
|
e55890 |
Date: Tue, 2 Jan 2018 18:13:07 +0100
|
|
|
e55890 |
Subject: [PATCH] Fix pkcs11 variants atf tests
|
|
|
e55890 |
|
|
|
e55890 |
Add dns-pkcs11 tests Makefile to configure
|
|
|
e55890 |
|
|
|
e55890 |
Add pkcs11 Kyuafile, fix dh_test to pass in pkcs11 mode
|
|
|
e55890 |
---
|
|
|
27025e |
configure.ac | 1 +
|
|
|
e55890 |
lib/Kyuafile | 2 ++
|
|
|
e55890 |
lib/dns-pkcs11/tests/Makefile.in | 10 +++++-----
|
|
|
e55890 |
lib/dns-pkcs11/tests/dh_test.c | 3 ++-
|
|
|
e55890 |
lib/isc-pkcs11/tests/Makefile.in | 6 +++---
|
|
|
e55890 |
lib/isc-pkcs11/tests/hash_test.c | 32 +++++++++++++++++++++++++-------
|
|
|
27025e |
6 files changed, 38 insertions(+), 16 deletions(-)
|
|
|
e55890 |
|
|
|
27025e |
diff --git a/configure.ac b/configure.ac
|
|
|
27025e |
index 0532feb..a83ddd5 100644
|
|
|
27025e |
--- a/configure.ac
|
|
|
27025e |
+++ b/configure.ac
|
|
|
27025e |
@@ -5578,6 +5578,7 @@ AC_CONFIG_FILES([
|
|
|
e55890 |
lib/dns-pkcs11/include/Makefile
|
|
|
e55890 |
lib/dns-pkcs11/include/dns/Makefile
|
|
|
e55890 |
lib/dns-pkcs11/include/dst/Makefile
|
|
|
e55890 |
+ lib/dns-pkcs11/tests/Makefile
|
|
|
e55890 |
lib/irs/Makefile
|
|
|
e55890 |
lib/irs/include/Makefile
|
|
|
e55890 |
lib/irs/include/irs/Makefile
|
|
|
e55890 |
diff --git a/lib/Kyuafile b/lib/Kyuafile
|
|
|
27025e |
index 7c8bab0..eec9564 100644
|
|
|
e55890 |
--- a/lib/Kyuafile
|
|
|
e55890 |
+++ b/lib/Kyuafile
|
|
|
27025e |
@@ -2,8 +2,10 @@ syntax(2)
|
|
|
e55890 |
test_suite('bind9')
|
|
|
e55890 |
|
|
|
e55890 |
include('dns/Kyuafile')
|
|
|
e55890 |
+include('dns-pkcs11/Kyuafile')
|
|
|
e55890 |
include('irs/Kyuafile')
|
|
|
e55890 |
include('isc/Kyuafile')
|
|
|
e55890 |
+include('isc-pkcs11/Kyuafile')
|
|
|
27025e |
include('isccc/Kyuafile')
|
|
|
e55890 |
include('isccfg/Kyuafile')
|
|
|
e55890 |
include('lwres/Kyuafile')
|
|
|
e55890 |
diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in
|
|
|
27025e |
index 7671e1d..e237d5c 100644
|
|
|
e55890 |
--- a/lib/dns-pkcs11/tests/Makefile.in
|
|
|
e55890 |
+++ b/lib/dns-pkcs11/tests/Makefile.in
|
|
|
27025e |
@@ -17,12 +17,12 @@ VERSION=@BIND9_VERSION@
|
|
|
e55890 |
|
|
|
e55890 |
CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \
|
|
|
e55890 |
@DST_OPENSSL_INC@
|
|
|
e55890 |
-CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns/tests/\""
|
|
|
27025e |
+CDEFINES = @CRYPTO_PK11@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\""
|
|
|
e55890 |
|
|
|
e55890 |
-ISCLIBS = ../../isc/libisc.@A@
|
|
|
e55890 |
-ISCDEPLIBS = ../../isc/libisc.@A@
|
|
|
27025e |
-DNSLIBS = ../libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
|
|
|
e55890 |
-DNSDEPLIBS = ../libdns.@A@
|
|
|
e55890 |
+ISCLIBS = ../../isc-pkcs11/libisc-pkcs11.@A@
|
|
|
e55890 |
+ISCDEPLIBS = ../../isc-pkcs11/libisc-pkcs11.@A@
|
|
|
27025e |
+DNSLIBS = ../libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
|
|
|
e55890 |
+DNSDEPLIBS = ../libdns-pkcs11.@A@
|
|
|
e55890 |
|
|
|
27025e |
LIBS = @LIBS@ @CMOCKA_LIBS@
|
|
|
27025e |
CFLAGS = @CFLAGS@ @CMOCKA_CFLAGS@
|
|
|
e55890 |
diff --git a/lib/dns-pkcs11/tests/dh_test.c b/lib/dns-pkcs11/tests/dh_test.c
|
|
|
27025e |
index 4dbfd82..a383b8e 100644
|
|
|
e55890 |
--- a/lib/dns-pkcs11/tests/dh_test.c
|
|
|
e55890 |
+++ b/lib/dns-pkcs11/tests/dh_test.c
|
|
|
27025e |
@@ -86,7 +86,8 @@ dh_computesecret(void **state) {
|
|
|
27025e |
result = dst_key_computesecret(key, key, &buf;;
|
|
|
27025e |
assert_int_equal(result, DST_R_NOTPRIVATEKEY);
|
|
|
27025e |
result = key->func->computesecret(key, key, &buf;;
|
|
|
27025e |
- assert_int_equal(result, DST_R_COMPUTESECRETFAILURE);
|
|
|
e55890 |
+ /* PKCS11 variant gives different result, accept both */
|
|
|
27025e |
+ assert_true(result == DST_R_COMPUTESECRETFAILURE || result == DST_R_INVALIDPRIVATEKEY);
|
|
|
e55890 |
|
|
|
e55890 |
dst_key_free(&key);
|
|
|
27025e |
}
|
|
|
e55890 |
diff --git a/lib/isc-pkcs11/tests/Makefile.in b/lib/isc-pkcs11/tests/Makefile.in
|
|
|
27025e |
index 2fdee0b..a263b35 100644
|
|
|
e55890 |
--- a/lib/isc-pkcs11/tests/Makefile.in
|
|
|
e55890 |
+++ b/lib/isc-pkcs11/tests/Makefile.in
|
|
|
27025e |
@@ -16,10 +16,10 @@ VERSION=@BIND9_VERSION@
|
|
|
e55890 |
@BIND9_MAKE_INCLUDES@
|
|
|
e55890 |
|
|
|
e55890 |
CINCLUDES = -I. -Iinclude ${ISC_INCLUDES} @ISC_OPENSSL_INC@
|
|
|
e55890 |
-CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/isc/tests/\""
|
|
|
27025e |
+CDEFINES = @CRYPTO_PK11@ -DTESTS="\"${top_builddir}/lib/isc-pkcs11/tests/\""
|
|
|
e55890 |
|
|
|
e55890 |
-ISCLIBS = ../libisc.@A@ @ISC_OPENSSL_LIBS@
|
|
|
e55890 |
-ISCDEPLIBS = ../libisc.@A@
|
|
|
e55890 |
+ISCLIBS = ../libisc-pkcs11.@A@ @ISC_OPENSSL_LIBS@
|
|
|
e55890 |
+ISCDEPLIBS = ../libisc-pkcs11.@A@
|
|
|
e55890 |
|
|
|
27025e |
LIBS = @LIBS@ @CMOCKA_LIBS@
|
|
|
27025e |
CFLAGS = @CFLAGS@ @CMOCKA_CFLAGS@
|
|
|
e55890 |
diff --git a/lib/isc-pkcs11/tests/hash_test.c b/lib/isc-pkcs11/tests/hash_test.c
|
|
|
27025e |
index 9c4d299..d9deba2 100644
|
|
|
e55890 |
--- a/lib/isc-pkcs11/tests/hash_test.c
|
|
|
e55890 |
+++ b/lib/isc-pkcs11/tests/hash_test.c
|
|
|
27025e |
@@ -85,7 +85,7 @@ typedef struct hash_testcase {
|
|
|
e55890 |
|
|
|
e55890 |
typedef struct hash_test_key {
|
|
|
e55890 |
const char *key;
|
|
|
e55890 |
- const int len;
|
|
|
e55890 |
+ const unsigned len;
|
|
|
e55890 |
} hash_test_key_t;
|
|
|
e55890 |
|
|
|
e55890 |
/* non-hmac tests */
|
|
|
27025e |
@@ -956,8 +956,11 @@ isc_hmacsha1_test(void **state) {
|
|
|
e55890 |
hash_test_key_t *test_key = test_keys;
|
|
|
e55890 |
|
|
|
e55890 |
while (testcase->input != NULL && testcase->result != NULL) {
|
|
|
e55890 |
+ int len = ISC_MAX(test_key->len, ISC_SHA1_DIGESTLENGTH);
|
|
|
e55890 |
+
|
|
|
e55890 |
+ memset(buffer, 0, ISC_SHA1_DIGESTLENGTH);
|
|
|
e55890 |
memmove(buffer, test_key->key, test_key->len);
|
|
|
e55890 |
- isc_hmacsha1_init(&hmacsha1, buffer, test_key->len);
|
|
|
e55890 |
+ isc_hmacsha1_init(&hmacsha1, buffer, len);
|
|
|
e55890 |
isc_hmacsha1_update(&hmacsha1,
|
|
|
27025e |
(const uint8_t *) testcase->input,
|
|
|
e55890 |
testcase->input_len);
|
|
|
27025e |
@@ -1116,8 +1119,11 @@ isc_hmacsha224_test(void **state) {
|
|
|
e55890 |
hash_test_key_t *test_key = test_keys;
|
|
|
e55890 |
|
|
|
e55890 |
while (testcase->input != NULL && testcase->result != NULL) {
|
|
|
e55890 |
+ int len = ISC_MAX(test_key->len, ISC_SHA224_DIGESTLENGTH);
|
|
|
e55890 |
+
|
|
|
e55890 |
+ memset(buffer, 0, ISC_SHA224_DIGESTLENGTH);
|
|
|
e55890 |
memmove(buffer, test_key->key, test_key->len);
|
|
|
e55890 |
- isc_hmacsha224_init(&hmacsha224, buffer, test_key->len);
|
|
|
e55890 |
+ isc_hmacsha224_init(&hmacsha224, buffer, len);
|
|
|
e55890 |
isc_hmacsha224_update(&hmacsha224,
|
|
|
27025e |
(const uint8_t *) testcase->input,
|
|
|
e55890 |
testcase->input_len);
|
|
|
27025e |
@@ -1277,8 +1283,11 @@ isc_hmacsha256_test(void **state) {
|
|
|
e55890 |
hash_test_key_t *test_key = test_keys;
|
|
|
e55890 |
|
|
|
e55890 |
while (testcase->input != NULL && testcase->result != NULL) {
|
|
|
e55890 |
+ int len = ISC_MAX(test_key->len, ISC_SHA256_DIGESTLENGTH);
|
|
|
e55890 |
+
|
|
|
e55890 |
+ memset(buffer, 0, ISC_SHA256_DIGESTLENGTH);
|
|
|
e55890 |
memmove(buffer, test_key->key, test_key->len);
|
|
|
e55890 |
- isc_hmacsha256_init(&hmacsha256, buffer, test_key->len);
|
|
|
e55890 |
+ isc_hmacsha256_init(&hmacsha256, buffer, len);
|
|
|
e55890 |
isc_hmacsha256_update(&hmacsha256,
|
|
|
27025e |
(const uint8_t *) testcase->input,
|
|
|
e55890 |
testcase->input_len);
|
|
|
27025e |
@@ -1444,8 +1453,11 @@ isc_hmacsha384_test(void **state) {
|
|
|
e55890 |
hash_test_key_t *test_key = test_keys;
|
|
|
e55890 |
|
|
|
e55890 |
while (testcase->input != NULL && testcase->result != NULL) {
|
|
|
e55890 |
+ int len = ISC_MAX(test_key->len, ISC_SHA384_DIGESTLENGTH);
|
|
|
e55890 |
+
|
|
|
e55890 |
+ memset(buffer, 0, ISC_SHA384_DIGESTLENGTH);
|
|
|
e55890 |
memmove(buffer, test_key->key, test_key->len);
|
|
|
e55890 |
- isc_hmacsha384_init(&hmacsha384, buffer, test_key->len);
|
|
|
e55890 |
+ isc_hmacsha384_init(&hmacsha384, buffer, len);
|
|
|
e55890 |
isc_hmacsha384_update(&hmacsha384,
|
|
|
27025e |
(const uint8_t *) testcase->input,
|
|
|
e55890 |
testcase->input_len);
|
|
|
27025e |
@@ -1611,8 +1623,11 @@ isc_hmacsha512_test(void **state) {
|
|
|
e55890 |
hash_test_key_t *test_key = test_keys;
|
|
|
e55890 |
|
|
|
e55890 |
while (testcase->input != NULL && testcase->result != NULL) {
|
|
|
e55890 |
+ int len = ISC_MAX(test_key->len, ISC_SHA512_DIGESTLENGTH);
|
|
|
e55890 |
+
|
|
|
e55890 |
+ memset(buffer, 0, ISC_SHA512_DIGESTLENGTH);
|
|
|
e55890 |
memmove(buffer, test_key->key, test_key->len);
|
|
|
e55890 |
- isc_hmacsha512_init(&hmacsha512, buffer, test_key->len);
|
|
|
e55890 |
+ isc_hmacsha512_init(&hmacsha512, buffer, len);
|
|
|
e55890 |
isc_hmacsha512_update(&hmacsha512,
|
|
|
27025e |
(const uint8_t *) testcase->input,
|
|
|
e55890 |
testcase->input_len);
|
|
|
27025e |
@@ -1755,8 +1770,11 @@ isc_hmacmd5_test(void **state) {
|
|
|
e55890 |
hash_test_key_t *test_key = test_keys;
|
|
|
e55890 |
|
|
|
e55890 |
while (testcase->input != NULL && testcase->result != NULL) {
|
|
|
e55890 |
+ int len = ISC_MAX(test_key->len, ISC_MD5_DIGESTLENGTH);
|
|
|
e55890 |
+
|
|
|
e55890 |
+ memset(buffer, 0, ISC_MD5_DIGESTLENGTH);
|
|
|
e55890 |
memmove(buffer, test_key->key, test_key->len);
|
|
|
e55890 |
- isc_hmacmd5_init(&hmacmd5, buffer, test_key->len);
|
|
|
e55890 |
+ isc_hmacmd5_init(&hmacmd5, buffer, len);
|
|
|
e55890 |
isc_hmacmd5_update(&hmacmd5,
|
|
|
27025e |
(const uint8_t *) testcase->input,
|
|
|
e55890 |
testcase->input_len);
|
|
|
e55890 |
--
|
|
|
27025e |
2.20.1
|
|
|
e55890 |
|