Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test operations with pem keys #428

Merged
merged 3 commits into from
Aug 2, 2024
Merged

Test operations with pem keys #428

merged 3 commits into from
Aug 2, 2024

Conversation

simo5
Copy link
Member

@simo5 simo5 commented Aug 1, 2024

Description

Try to exercise PEM Key import for operations

Related to #305

Checklist

  • [ ] Code modified for feature
  • Test suite updated with functionality tests
  • [ ] Test suite updated with negative tests
  • [ ] Documentation updated

Reviewer's checklist:

  • Any issues marked for closing are addressed
  • There is a test suite reasonably covering new functionality or modifications
  • This feature/change has adequate documentation added
  • Code conform to coding style that today cannot yet be enforced via the check style test
  • Commits have short titles and sensible commit messages
  • Coverity Scan has run if needed (code PR) and no new defects were found

simo5 added 3 commits August 1, 2024 15:20
Makes it easier to check what operations each test sends to the token
by writing the title of "PARA" sections to the provider's debug file.

Signed-off-by: Simo Sorce <simo@redhat.com>
Among other things this tests that a public key sourced by a PEM file
gets correctly imported in the token for the on-token ECDH operation.

Signed-off-by: Simo Sorce <simo@redhat.com>
If an attribute had an empty value (which is apparently possible with
some tokens), the copy function would fail to initialize the pointer
causing an invalid free when the attributes array is freed.

Ensure pValue is zeroed on copy if the attri bute length is 0, and
also ensure the attribute length is correctly set to 0.

Then belt&suspender approach ensure the buffer is allocated with
OPENSSL_zalloc instead of OPENSSL_malloc, which will eansure by default
all addresses and legth are a safe default NULL/0 value.

Signed-off-by: Simo Sorce <simo@redhat.com>
Comment on lines +27 to +31
#title PARA "ECDH Exchange forced: private key in file"
#ossl '
#pkeyutl -derive -inkey ${TESTSSRCDIR}/testp256.pri.pem
# -peerkey ${ECPEERPUBURI}
# -out ${TMPPDIR}/forced.pri.ecdh.bin'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How much work is adding the support for EC private key export as URI PEM file?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not about export or URI PEM, this is about importing an actual Private key in a PEM file as a session object for use in operations.

Ii is not a commonly needed operation but was one of the goals for using a pkcs11 module as a FIPS token.
It is also necessary if you need to use a private key in a file when default_properties=?pkcs11_provider

@simo5 simo5 merged commit 22ddcf5 into latchset:main Aug 2, 2024
36 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants