opencryptoki/SOURCES/0032-testcase-Enhance-p11sa...

From 3247a4f1d1d8a9b8d7f3bc6c1dd85234dd184cbb Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 9 Nov 2022 09:45:21 +0100
Subject: [PATCH 32/34] testcase: Enhance p11sak testcase to generate IBM Kyber
 keys

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
 testcases/misc_tests/p11sak_test.sh | 44 +++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/testcases/misc_tests/p11sak_test.sh b/testcases/misc_tests/p11sak_test.sh
index a0d3c644..b3374c6a 100755
--- a/testcases/misc_tests/p11sak_test.sh
+++ b/testcases/misc_tests/p11sak_test.sh
@@ -38,6 +38,9 @@ P11SAK_EC_POST=p11sak-ec-post.out
 P11SAK_IBM_DIL_PRE=p11sak-ibm-dil-pre.out
 P11SAK_IBM_DIL_LONG=p11sak-ibm-dil-long.out
 P11SAK_IBM_DIL_POST=p11sak-ibm-dil-post.out
+P11SAK_IBM_KYBER_PRE=p11sak-ibm-kyber-pre.out
+P11SAK_IBM_KYBER_LONG=p11sak-ibm-kyber-long.out
+P11SAK_IBM_KYBER_POST=p11sak-ibm-kyber-post.out
 P11SAK_ALL_PINOPT=p11sak-all-pinopt
 P11SAK_ALL_PINENV=p11sak-all-pinenv
 P11SAK_ALL_PINCON=p11sak-all-pincon
@@ -83,6 +86,12 @@ if [[ -n $( pkcsconf -m -c $SLOT | grep CKM_IBM_DILITHIUM) ]]; then
 else
 	echo "Skip generating ibm-dilithium keys, slot does not support CKM_IBM_DILITHIUM"
 fi
+# ibm-kyber
+if [[ -n $( pkcsconf -m -c $SLOT | grep CKM_IBM_KYBER) ]]; then
+	p11sak generate-key ibm-kyber r2_1024 --slot $SLOT --pin $PKCS11_USER_PIN --label p11sak-ibm-kyber
+else
+	echo "Skip generating ibm-kyber keys, slot does not support CKM_IBM_KYBER"
+fi
 
 
 echo "** Now list keys and redirect output to pre-files - 'p11sak_test.sh'"
@@ -102,6 +111,7 @@ p11sak list-key aes --slot $SLOT --pin $PKCS11_USER_PIN --long &> $P11SAK_AES_LO
 p11sak list-key rsa --slot $SLOT --pin $PKCS11_USER_PIN --long &> $P11SAK_RSA_LONG
 p11sak list-key ec --slot $SLOT --pin $PKCS11_USER_PIN --long &> $P11SAK_EC_LONG
 p11sak list-key ibm-dilithium --slot $SLOT --pin $PKCS11_USER_PIN --long &> $P11SAK_IBM_DIL_LONG
+p11sak list-key ibm-kyber --slot $SLOT --pin $PKCS11_USER_PIN --long &> $P11SAK_IBM_KYBER_LONG
 
 p11sak list-key all --slot $SLOT --pin $PKCS11_USER_PIN &> $P11SAK_ALL_PINOPT
 RC_P11SAK_PINOPT=$?
@@ -143,6 +153,9 @@ p11sak remove-key ec --slot $SLOT --pin $PKCS11_USER_PIN --label p11sak-ec-secp5
 # remove ibm dilithium keys
 p11sak remove-key ibm-dilithium --slot $SLOT --pin $PKCS11_USER_PIN --label p11sak-ibm-dilithium:pub -f
 p11sak remove-key ibm-dilithium --slot $SLOT --pin $PKCS11_USER_PIN --label p11sak-ibm-dilithium:prv -f
+# remove ibm kyber keys
+p11sak remove-key ibm-kyber --slot $SLOT --pin $PKCS11_USER_PIN --label p11sak-ibm-kyber:pub -f
+p11sak remove-key ibm-kyber --slot $SLOT --pin $PKCS11_USER_PIN --label p11sak-ibm-kyber:prv -f
 
 
 echo "** Now list keys and rediirect to post-files - 'p11sak_test.sh'"
@@ -155,6 +168,7 @@ p11sak list-key aes --slot $SLOT --pin $PKCS11_USER_PIN &> $P11SAK_AES_POST
 p11sak list-key rsa --slot $SLOT --pin $PKCS11_USER_PIN &> $P11SAK_RSA_POST
 p11sak list-key ec --slot $SLOT --pin $PKCS11_USER_PIN &> $P11SAK_EC_POST
 p11sak list-key ibm-dilithium --slot $SLOT --pin $PKCS11_USER_PIN &> $P11SAK_IBM_DIL_POST
+p11sak list-key ibm-kyber --slot $SLOT --pin $PKCS11_USER_PIN &> $P11SAK_IBM_KYBER_POST
 
 
 echo "** Now checking output files to determine PASS/FAIL of tests - 'p11sak_test.sh'"
@@ -670,6 +684,33 @@ else
 	echo "* TESTCASE list-key ibm-dilithium SKIP Listed random ibm-dilithium public keys CK_BYTE attribute"
 fi
 
+if [[ -n $( pkcsconf -m -c $SLOT | grep CKM_IBM_KYBER) ]]; then
+	# CK_BBOOL
+	if [[ $(grep -A 35 'p11sak-ibm-kyber' $P11SAK_IBM_KYBER_LONG | grep -c 'CK_TRUE') == "12" ]]; then
+		echo "* TESTCASE list-key ibm-kyber PASS Listed random ibm-kyber public keys CK_BBOOL attribute"
+	else
+		echo "* TESTCASE list-key ibm-kyber FAIL Failed to list ibm-kyber public keys CK_BBOOL attribute"
+		status=1
+	fi
+	# CK_ULONG
+	if [[ $(grep -A 35 'p11sak-ibm-kyber' $P11SAK_IBM_KYBER_LONG | grep -c 'CKA_MODULUS_BITS:') == "0" ]]; then
+		echo "* TESTCASE list-key ibm-kyber PASS Listed random ibm-kyber public keys CK_ULONG attribute"
+	else
+		echo "* TESTCASE list-key ibm-kyber FAIL Failed to list ibm-kyber public keys CK_ULONG attribute"
+		status=1
+	fi
+	# CK_BYTE
+	if [[ $(grep -A 35 'p11sak-ibm-kyber' $P11SAK_IBM_KYBER_LONG | grep -c 'CKA_MODULUS:') == "0" ]]; then
+		echo "* TESTCASE list-key ibm-kyber PASS Listed random ibm-kyber public keys CK_BYTE attribute"
+	else
+		echo "* TESTCASE list-key ibm-kyber FAIL Failed to list ibm-kyber public keys CK_BYTE attribute"
+		status=1
+	fi
+else
+	echo "* TESTCASE list-key ibm-kyber SKIP Listed random ibm-kyber public keys CK_BBOOL attribute"
+	echo "* TESTCASE list-key ibm-kyber SKIP Listed random ibm-kyber public keys CK_ULONG attribute"
+	echo "* TESTCASE list-key ibm-kyber SKIP Listed random ibm-kyber public keys CK_BYTE attribute"
+fi
 
 # check token pin handling
 if [ $RC_P11SAK_PINOPT = 0 ]; then
@@ -724,6 +765,9 @@ rm -f $P11SAK_EC_POST
 rm -f $P11SAK_IBM_DIL_PRE
 rm -f $P11SAK_IBM_DIL_LONG
 rm -f $P11SAK_IBM_DIL_POST
+rm -f $P11SAK_IBM_KYBER_PRE
+rm -f $P11SAK_IBM_KYBER_LONG
+rm -f $P11SAK_IBM_KYBER_POST
 rm -f $P11SAK_ALL_PINOPT
 rm -f $P11SAK_ALL_PINENV
 rm -f $P11SAK_ALL_PINCON
-- 
2.16.2.windows.1
import opencryptoki-3.19.0-2.el9 2 years ago			`From 3247a4f1d1d8a9b8d7f3bc6c1dd85234dd184cbb Mon Sep 17 00:00:00 2001`
			`From: Ingo Franzki <ifranzki@linux.ibm.com>`
			`Date: Wed, 9 Nov 2022 09:45:21 +0100`
			`Subject: [PATCH 32/34] testcase: Enhance p11sak testcase to generate IBM Kyber`
			`keys`

			`Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>`
			`---`
			`testcases/misc_tests/p11sak_test.sh \| 44 +++++++++++++++++++++++++++++++++++++`
			`1 file changed, 44 insertions(+)`

			`diff --git a/testcases/misc_tests/p11sak_test.sh b/testcases/misc_tests/p11sak_test.sh`
			`index a0d3c644..b3374c6a 100755`
			`--- a/testcases/misc_tests/p11sak_test.sh`
			`+++ b/testcases/misc_tests/p11sak_test.sh`
			`@@ -38,6 +38,9 @@ P11SAK_EC_POST=p11sak-ec-post.out`
			`P11SAK_IBM_DIL_PRE=p11sak-ibm-dil-pre.out`
			`P11SAK_IBM_DIL_LONG=p11sak-ibm-dil-long.out`
			`P11SAK_IBM_DIL_POST=p11sak-ibm-dil-post.out`
			`+P11SAK_IBM_KYBER_PRE=p11sak-ibm-kyber-pre.out`
			`+P11SAK_IBM_KYBER_LONG=p11sak-ibm-kyber-long.out`
			`+P11SAK_IBM_KYBER_POST=p11sak-ibm-kyber-post.out`
			`P11SAK_ALL_PINOPT=p11sak-all-pinopt`
			`P11SAK_ALL_PINENV=p11sak-all-pinenv`
			`P11SAK_ALL_PINCON=p11sak-all-pincon`
			`@@ -83,6 +86,12 @@ if [[ -n $( pkcsconf -m -c $SLOT \| grep CKM_IBM_DILITHIUM) ]]; then`
			`else`
			`echo "Skip generating ibm-dilithium keys, slot does not support CKM_IBM_DILITHIUM"`
			`fi`
			`+# ibm-kyber`
			`+if [[ -n $( pkcsconf -m -c $SLOT \| grep CKM_IBM_KYBER) ]]; then`
			`+ p11sak generate-key ibm-kyber r2_1024 --slot $SLOT --pin $PKCS11_USER_PIN --label p11sak-ibm-kyber`
			`+else`
			`+ echo "Skip generating ibm-kyber keys, slot does not support CKM_IBM_KYBER"`
			`+fi`


			`echo "** Now list keys and redirect output to pre-files - 'p11sak_test.sh'"`
			`@@ -102,6 +111,7 @@ p11sak list-key aes --slot $SLOT --pin $PKCS11_USER_PIN --long &> $P11SAK_AES_LO`
			`p11sak list-key rsa --slot $SLOT --pin $PKCS11_USER_PIN --long &> $P11SAK_RSA_LONG`
			`p11sak list-key ec --slot $SLOT --pin $PKCS11_USER_PIN --long &> $P11SAK_EC_LONG`
			`p11sak list-key ibm-dilithium --slot $SLOT --pin $PKCS11_USER_PIN --long &> $P11SAK_IBM_DIL_LONG`
			`+p11sak list-key ibm-kyber --slot $SLOT --pin $PKCS11_USER_PIN --long &> $P11SAK_IBM_KYBER_LONG`

			`p11sak list-key all --slot $SLOT --pin $PKCS11_USER_PIN &> $P11SAK_ALL_PINOPT`
			`RC_P11SAK_PINOPT=$?`
			`@@ -143,6 +153,9 @@ p11sak remove-key ec --slot $SLOT --pin $PKCS11_USER_PIN --label p11sak-ec-secp5`
			`# remove ibm dilithium keys`
			`p11sak remove-key ibm-dilithium --slot $SLOT --pin $PKCS11_USER_PIN --label p11sak-ibm-dilithium:pub -f`
			`p11sak remove-key ibm-dilithium --slot $SLOT --pin $PKCS11_USER_PIN --label p11sak-ibm-dilithium:prv -f`
			`+# remove ibm kyber keys`
			`+p11sak remove-key ibm-kyber --slot $SLOT --pin $PKCS11_USER_PIN --label p11sak-ibm-kyber:pub -f`
			`+p11sak remove-key ibm-kyber --slot $SLOT --pin $PKCS11_USER_PIN --label p11sak-ibm-kyber:prv -f`


			`echo "** Now list keys and rediirect to post-files - 'p11sak_test.sh'"`
			`@@ -155,6 +168,7 @@ p11sak list-key aes --slot $SLOT --pin $PKCS11_USER_PIN &> $P11SAK_AES_POST`
			`p11sak list-key rsa --slot $SLOT --pin $PKCS11_USER_PIN &> $P11SAK_RSA_POST`
			`p11sak list-key ec --slot $SLOT --pin $PKCS11_USER_PIN &> $P11SAK_EC_POST`
			`p11sak list-key ibm-dilithium --slot $SLOT --pin $PKCS11_USER_PIN &> $P11SAK_IBM_DIL_POST`
			`+p11sak list-key ibm-kyber --slot $SLOT --pin $PKCS11_USER_PIN &> $P11SAK_IBM_KYBER_POST`


			`echo "** Now checking output files to determine PASS/FAIL of tests - 'p11sak_test.sh'"`
			`@@ -670,6 +684,33 @@ else`
			`echo "* TESTCASE list-key ibm-dilithium SKIP Listed random ibm-dilithium public keys CK_BYTE attribute"`
			`fi`

			`+if [[ -n $( pkcsconf -m -c $SLOT \| grep CKM_IBM_KYBER) ]]; then`
			`+ # CK_BBOOL`
			`+ if [[ $(grep -A 35 'p11sak-ibm-kyber' $P11SAK_IBM_KYBER_LONG \| grep -c 'CK_TRUE') == "12" ]]; then`
			`+ echo "* TESTCASE list-key ibm-kyber PASS Listed random ibm-kyber public keys CK_BBOOL attribute"`
			`+ else`
			`+ echo "* TESTCASE list-key ibm-kyber FAIL Failed to list ibm-kyber public keys CK_BBOOL attribute"`
			`+ status=1`
			`+ fi`
			`+ # CK_ULONG`
			`+ if [[ $(grep -A 35 'p11sak-ibm-kyber' $P11SAK_IBM_KYBER_LONG \| grep -c 'CKA_MODULUS_BITS:') == "0" ]]; then`
			`+ echo "* TESTCASE list-key ibm-kyber PASS Listed random ibm-kyber public keys CK_ULONG attribute"`
			`+ else`
			`+ echo "* TESTCASE list-key ibm-kyber FAIL Failed to list ibm-kyber public keys CK_ULONG attribute"`
			`+ status=1`
			`+ fi`
			`+ # CK_BYTE`
			`+ if [[ $(grep -A 35 'p11sak-ibm-kyber' $P11SAK_IBM_KYBER_LONG \| grep -c 'CKA_MODULUS:') == "0" ]]; then`
			`+ echo "* TESTCASE list-key ibm-kyber PASS Listed random ibm-kyber public keys CK_BYTE attribute"`
			`+ else`
			`+ echo "* TESTCASE list-key ibm-kyber FAIL Failed to list ibm-kyber public keys CK_BYTE attribute"`
			`+ status=1`
			`+ fi`
			`+else`
			`+ echo "* TESTCASE list-key ibm-kyber SKIP Listed random ibm-kyber public keys CK_BBOOL attribute"`
			`+ echo "* TESTCASE list-key ibm-kyber SKIP Listed random ibm-kyber public keys CK_ULONG attribute"`
			`+ echo "* TESTCASE list-key ibm-kyber SKIP Listed random ibm-kyber public keys CK_BYTE attribute"`
			`+fi`

			`# check token pin handling`
			`if [ $RC_P11SAK_PINOPT = 0 ]; then`
			`@@ -724,6 +765,9 @@ rm -f $P11SAK_EC_POST`
			`rm -f $P11SAK_IBM_DIL_PRE`
			`rm -f $P11SAK_IBM_DIL_LONG`
			`rm -f $P11SAK_IBM_DIL_POST`
			`+rm -f $P11SAK_IBM_KYBER_PRE`
			`+rm -f $P11SAK_IBM_KYBER_LONG`
			`+rm -f $P11SAK_IBM_KYBER_POST`
			`rm -f $P11SAK_ALL_PINOPT`
			`rm -f $P11SAK_ALL_PINENV`
			`rm -f $P11SAK_ALL_PINCON`
			`--`
			`2.16.2.windows.1`