[FAB-3772] Add additional UTs for pkcs11 package

This CR adds additonal UTs for the pkcs11 package and
also renames one of the test files that did not match
any of the package source files.  This gave an erroneous
total coverage number. With the file rename, this should
resolve the code coverage number issue.

Change-Id: I2da8f5e4b68962cfdb4c02ff2ecef714648b2394
Signed-off-by: John Harrison <[email protected]>

Author: John Harrison

bccsp/pkcs11/ecdsa_test.go

@@ -0,0 +1,69 @@
+/*
+Copyright IBM Corp. 2017 All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+		 http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package pkcs11
+
+import (
+	"math/big"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestUnmarshalECDSASignature(t *testing.T) {
+	_, _, err := unmarshalECDSASignature(nil)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Failed unmashalling signature [")
+
+	_, _, err = unmarshalECDSASignature([]byte{})
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Failed unmashalling signature [")
+
+	_, _, err = unmarshalECDSASignature([]byte{0})
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Failed unmashalling signature [")
+
+	sigma, err := marshalECDSASignature(big.NewInt(-1), big.NewInt(1))
+	assert.NoError(t, err)
+	_, _, err = unmarshalECDSASignature(sigma)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid signature. R must be larger than zero")
+
+	sigma, err = marshalECDSASignature(big.NewInt(0), big.NewInt(1))
+	assert.NoError(t, err)
+	_, _, err = unmarshalECDSASignature(sigma)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid signature. R must be larger than zero")
+
+	sigma, err = marshalECDSASignature(big.NewInt(1), big.NewInt(0))
+	assert.NoError(t, err)
+	_, _, err = unmarshalECDSASignature(sigma)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid signature. S must be larger than zero")
+
+	sigma, err = marshalECDSASignature(big.NewInt(1), big.NewInt(-1))
+	assert.NoError(t, err)
+	_, _, err = unmarshalECDSASignature(sigma)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid signature. S must be larger than zero")
+
+	sigma, err = marshalECDSASignature(big.NewInt(1), big.NewInt(1))
+	assert.NoError(t, err)
+	R, S, err := unmarshalECDSASignature(sigma)
+	assert.NoError(t, err)
+	assert.Equal(t, big.NewInt(1), R)
+	assert.Equal(t, big.NewInt(1), S)
+}

bccsp/pkcs11/keyimport_test.go bccsp/pkcs11/ecdsakey_test.go

@@ -60,8 +60,11 @@ func TestECDSAPKIXPublicKeyImportOptsKeyImporter(t *testing.T) {
 }
 
 func TestECDSAPrivateKeyImportOptsKeyImporter(t *testing.T) {
+	if currentBCCSP.(*impl).noPrivImport {
+		t.Skip("Key import turned off. Skipping Private Key Importer tests as they currently require Key Import.")
+	}
+
 	ki := currentBCCSP
-	ki.(*impl).noPrivImport = false
 
 	_, err := ki.KeyImport("Hello World", &bccsp.ECDSAPrivateKeyImportOpts{})
 	assert.Error(t, err)

bccsp/pkcs11/impl_test.go

@@ -636,6 +636,14 @@ func TestECDSASign(t *testing.T) {
 	if len(signature) == 0 {
 		t.Fatal("Failed generating ECDSA key. Signature must be different from nil")
 	}
+
+	_, err = currentBCCSP.Sign(nil, digest, nil)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid Key. It must not be nil.")
+
+	_, err = currentBCCSP.Sign(k, nil, nil)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid digest. Cannot be empty.")
 }
 
 func TestECDSAVerify(t *testing.T) {
@@ -678,6 +686,18 @@ func TestECDSAVerify(t *testing.T) {
 		t.Fatal("Failed verifying ECDSA signature. Signature not valid.")
 	}
 
+	_, err = currentBCCSP.Verify(nil, signature, digest, nil)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid Key. It must not be nil.")
+
+	_, err = currentBCCSP.Verify(pk, nil, digest, nil)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid signature. Cannot be empty.")
+
+	_, err = currentBCCSP.Verify(pk, signature, nil, nil)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid digest. Cannot be empty.")
+
 	// Import the exported public key
 	pkRaw, err := pk.Bytes()
 	if err != nil {
@@ -720,6 +740,14 @@ func TestECDSAKeyDeriv(t *testing.T) {
 		t.Fatalf("Failed re-randomizing ECDSA key [%s]", err)
 	}
 
+	_, err = currentBCCSP.KeyDeriv(nil, &bccsp.ECDSAReRandKeyOpts{Temporary: false, Expansion: []byte{1}})
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid Key. It must not be nil.")
+
+	_, err = currentBCCSP.KeyDeriv(k, nil)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid Opts parameter. It must not be nil.")
+
 	msg := []byte("Hello World")
 
 	digest, err := currentBCCSP.Hash(msg, &bccsp.SHAOpts{})

bccsp/pkcs11/pkcs11_test.go

@@ -174,6 +174,10 @@ func TestPKCS11ECKeySignVerify(t *testing.T) {
 		t.Fatalf("Failed signing message [%s]", err)
 	}
 
+	_, _, err = currentBCCSP.(*impl).signP11ECDSA(nil, hash1)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Private key not found")
+
 	pass, err := currentBCCSP.(*impl).verifyP11ECDSA(key, hash1, R, S, currentTestConfig.securityLevel/8)
 	if err != nil {
 		t.Fatalf("Error verifying message 1 [%s]", err)