blob: 52dd9002e3ae2afc4a9fd12a27e524b782430062 [file] [log] [blame]
// Copyright 2020 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
package hwsec
import (
"context"
"time"
"chromiumos/tast/common/pkcs11"
"chromiumos/tast/common/pkcs11/pkcs11test"
"chromiumos/tast/ctxutil"
"chromiumos/tast/local/bundles/cros/hwsec/util"
libhwseclocal "chromiumos/tast/local/hwsec"
"chromiumos/tast/testing"
)
func init() {
testing.AddTest(&testing.Test{
Func: ChapsRSAPSS,
Desc: "Verifies RSA PSS works with RSA keys (sign, verify, encrypt, decrypt) in chaps",
Attr: []string{"group:mainline"},
Contacts: []string{
"zuan@chromium.org",
"cros-hwsec@chromium.org",
},
SoftwareDeps: []string{"chrome", "tpm2"},
Timeout: 4 * time.Minute,
})
}
func ChapsRSAPSS(ctx context.Context, s *testing.State) {
r := libhwseclocal.NewCmdRunner()
helper, err := libhwseclocal.NewHelper(r)
if err != nil {
s.Fatal("Failed to create hwsec helper: ", err)
}
utility := helper.CryptohomeClient()
pkcs11Util, err := pkcs11.NewChaps(ctx, r, utility)
if err != nil {
s.Fatal("Failed to create PKCS#11 Utility: ", err)
}
const scratchpadPath = "/tmp/ChapsRSAPSSTest"
// Remove all keys/certs before the test as well.
if err := pkcs11test.CleanupScratchpad(ctx, r, scratchpadPath); err != nil {
s.Fatal("Failed to clean scratchpad before the start of test: ", err)
}
util.CleanupKeysBeforeTest(ctx, pkcs11Util, utility)
// Prepare the scratchpad.
f1, f2, err := pkcs11test.PrepareScratchpadAndTestFiles(ctx, r, scratchpadPath)
if err != nil {
s.Fatal("Failed to initialize the scratchpad space: ", err)
}
// Remove all keys/certs, if any at the end. i.e. Cleanup after ourselves.
defer pkcs11test.CleanupScratchpad(ctx, r, scratchpadPath)
// Create the various keys.
keys, err := util.CreateKeysForTesting(ctx, r, pkcs11Util, utility, scratchpadPath, util.RSAKey)
if err != nil {
s.Fatal("Failed to create keys for testing: ", err)
}
defer func() {
if err := util.CleanupTestingKeys(ctx, keys, pkcs11Util, utility); err != nil {
s.Error("Failed to cleanup testing keys: ", err)
}
}()
// Give the cleanup 10 seconds to finish.
shortenedCtx, cancel := ctxutil.Shorten(ctx, 10*time.Second)
defer cancel()
// Test the various keys.
for _, k := range keys {
// Test the various mechanisms.
for _, m := range []pkcs11.MechanismInfo{pkcs11.SHA1RSAPKCSPSS, pkcs11.SHA256RSAPKCSPSS, pkcs11.GenericRSAPKCSPSSWithSHA1, pkcs11.GenericRSAPKCSPSSWithSHA256} {
if err = pkcs11test.SignAndVerify(shortenedCtx, pkcs11Util, k, f1, f2, &m); err != nil {
s.Error("SignAndVerify failed: ", err)
}
}
}
}