Skip to content

Commit 67e2c09

Browse files
author
John Harrison
committed
[FAB-3772] Improve coverage for PKCS11 package (1 of 3)
This is the first of three patches to improve the coverage of the bccsp/pkcs11 package. This patch builds on top of https://gerrit.hyperledger.org/r/#/c/9441 Change-Id: If29efc543004ac6e72e6d91327e20fe227627c6b Signed-off-by: John Harrison <[email protected]>
1 parent df39698 commit 67e2c09

File tree

2 files changed

+69
-2
lines changed

2 files changed

+69
-2
lines changed

bccsp/pkcs11/impl.go

+9-2
Original file line numberDiff line numberDiff line change
@@ -150,6 +150,9 @@ func (csp *impl) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, e
150150
// Re-randomized an ECDSA public key
151151
case *bccsp.ECDSAReRandKeyOpts:
152152
pubKey := ecdsaK.pub
153+
if pubKey == nil {
154+
return nil, errors.New("Public base key cannot be nil.")
155+
}
153156
reRandOpts := opts.(*bccsp.ECDSAReRandKeyOpts)
154157
tempSK := &ecdsa.PublicKey{
155158
Curve: pubKey.Curve,
@@ -208,6 +211,10 @@ func (csp *impl) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, e
208211
case *bccsp.ECDSAReRandKeyOpts:
209212
reRandOpts := opts.(*bccsp.ECDSAReRandKeyOpts)
210213
pubKey := ecdsaK.pub.pub
214+
if pubKey == nil {
215+
return nil, errors.New("Public base key cannot be nil.")
216+
}
217+
211218
secret := csp.getSecretValue(ecdsaK.ski)
212219
if secret == nil {
213220
return nil, errors.New("Could not obtain EC Private Key")
@@ -271,7 +278,7 @@ func (csp *impl) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, e
271278
func (csp *impl) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error) {
272279
// Validate arguments
273280
if raw == nil {
274-
return nil, errors.New("Invalid raw. Cannot be nil")
281+
return nil, errors.New("Invalid raw. Cannot be nil.")
275282
}
276283

277284
if opts == nil {
@@ -414,7 +421,7 @@ func (csp *impl) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.K
414421
case *rsa.PublicKey:
415422
return csp.KeyImport(pk, &bccsp.RSAGoPublicKeyImportOpts{Temporary: opts.Ephemeral()})
416423
default:
417-
return nil, errors.New("Certificate public key type not recognized. Supported keys: [ECDSA, RSA]")
424+
return nil, errors.New("Certificate's public key type not recognized. Supported keys: [ECDSA, RSA]")
418425
}
419426

420427
default:

bccsp/pkcs11/impl_test.go

100644100755
+60
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,8 @@ import (
4040
"github.com/hyperledger/fabric/bccsp/signer"
4141
"github.com/hyperledger/fabric/bccsp/sw"
4242
"github.com/hyperledger/fabric/bccsp/utils"
43+
"github.com/op/go-logging"
44+
"github.com/stretchr/testify/assert"
4345
"golang.org/x/crypto/sha3"
4446
)
4547

@@ -57,6 +59,9 @@ type testConfig struct {
5759
}
5860

5961
func TestMain(m *testing.M) {
62+
// Activate DEBUG level to cover listAttrs function
63+
logging.SetLevel(logging.DEBUG, "bccsp_p11")
64+
6065
ks, err := sw.NewFileBasedKeyStore(nil, os.TempDir(), false)
6166
if err != nil {
6267
fmt.Printf("Failed initiliazing KeyStore [%s]", err)
@@ -107,6 +112,61 @@ func TestMain(m *testing.M) {
107112
os.Exit(0)
108113
}
109114

115+
func TestNew(t *testing.T) {
116+
opts := PKCS11Opts{
117+
HashFamily: "SHA2",
118+
SecLevel: 256,
119+
SoftVerify: false,
120+
Sensitive: true,
121+
Library: "lib",
122+
Label: "ForFabric",
123+
Pin: "98765432",
124+
}
125+
126+
// Setup PKCS11 library and provide initial set of values
127+
lib, _, _ := FindPKCS11Lib()
128+
opts.Library = lib
129+
130+
// Test for nil keystore
131+
_, err := New(opts, nil)
132+
assert.Error(t, err)
133+
assert.Contains(t, err.Error(), "Invalid bccsp.KeyStore instance. It must be different from nil.")
134+
135+
// Test for invalid PKCS11 loadLib
136+
opts.Library = ""
137+
_, err = New(opts, currentKS)
138+
assert.Error(t, err)
139+
assert.Contains(t, err.Error(), "Failed initializing PKCS11 library")
140+
}
141+
142+
func TestFindPKCS11LibEnvVars(t *testing.T) {
143+
const (
144+
dummy_PKCS11_LIB = "/usr/lib/pkcs11"
145+
dummy_PKCS11_PIN = "98765432"
146+
dummy_PKCS11_LABEL = "testing"
147+
)
148+
149+
// Set environment variables used for test and preserve
150+
// original values for restoration after test completion
151+
orig_PKCS11_LIB := os.Getenv("PKCS11_LIB")
152+
os.Setenv("PKCS11_LIB", dummy_PKCS11_LIB)
153+
154+
orig_PKCS11_PIN := os.Getenv("PKCS11_PIN")
155+
os.Setenv("PKCS11_PIN", dummy_PKCS11_PIN)
156+
157+
orig_PKCS11_LABEL := os.Getenv("PKCS11_LABEL")
158+
os.Setenv("PKCS11_LABEL", dummy_PKCS11_LABEL)
159+
160+
lib, pin, label := FindPKCS11Lib()
161+
assert.EqualValues(t, dummy_PKCS11_LIB, lib, "FindPKCS11Lib did not return expected library")
162+
assert.EqualValues(t, dummy_PKCS11_PIN, pin, "FindPKCS11Lib did not return expected pin")
163+
assert.EqualValues(t, dummy_PKCS11_LABEL, label, "FindPKCS11Lib did not return expected label")
164+
165+
os.Setenv("PKCS11_LIB", orig_PKCS11_LIB)
166+
os.Setenv("PKCS11_PIN", orig_PKCS11_PIN)
167+
os.Setenv("PKCS11_LABEL", orig_PKCS11_LABEL)
168+
}
169+
110170
func TestInvalidNewParameter(t *testing.T) {
111171
lib, pin, label := FindPKCS11Lib()
112172
opts := PKCS11Opts{

0 commit comments

Comments
 (0)