Skip to content

google/pkcs11test

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

241 Commits
.github/workflows
.github/workflows
 
 
gtest-1.10.0
gtest-1.10.0
 
 
third_party/pkcs11
third_party/pkcs11
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cipher.cc
cipher.cc
 
 
describe.cc
describe.cc
 
 
digest.cc
digest.cc
 
 
dual.cc
dual.cc
 
 
globals.cc
globals.cc
 
 
globals.h
globals.h
 
 
hmac.cc
hmac.cc
 
 
init.cc
init.cc
 
 
key.cc
key.cc
 
 
keypair.cc
keypair.cc
 
 
login.cc
login.cc
 
 
makefile
makefile
 
 
object.cc
object.cc
 
 
ock
ock
 
 
pkcs11-describe.cc
pkcs11-describe.cc
 
 
pkcs11-describe.h
pkcs11-describe.h
 
 
pkcs11-env.h
pkcs11-env.h
 
 
pkcs11test.cc
pkcs11test.cc
 
 
pkcs11test.h
pkcs11test.h
 
 
rng.cc
rng.cc
 
 
session.cc
session.cc
 
 
sign.cc
sign.cc
 
 
slot.cc
slot.cc
 
 
tookan.cc
tookan.cc
 
 

Repository files navigation

pkcs11Test: A PKCS#11 Test Suite

Warning: Do not run this test suite against a PKCS#11 token that contains real data; some of the tests may erase or permanently lock the token.

This repository holds a test suite for, and is therefore derived from, the RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki).

The test suite exercises v2.2 of the PKCS#11 interface, and covers:

  • library management (init.cc)
  • slot and token management (slot.cc)
  • session management (session.cc, login.cc)
  • object management (object.cc)
  • key management (key.cc)
  • symmetric encryption and decryption (cipher.cc)
  • asymmetric encryption and decryption (cipher.cc)
  • signing and verification (sign.cc, hmac.cc)
  • message digesting (digest.cc)
  • dual-function mechanisms (dual.cc)

To build the test program on Linux, just run make. To run the tests against common Linux PKCS#11 implementations:

This is NOT an official Google product.

Additional make options:

  • PKCS11_LONG_SIZE=32 - set CK_LONG/CK_ULONG size to int32_t/uint32_t. Normally set to long int, which is machine/compiler dependent.
  • STRICT_P11=1 - set structures to packed, which tests against fully compliant PKCS11 implementations.

Example:

make PKCS11_LONG_SIZE=32 STRICT_P11=1

Test Options

The test program requires the following command-line parameters to be set:

  • -m libname: Provide the name of the PKCS#11 library to test.
  • -l libpath: Provide the path holding the PKCS#11 library.

There are also several optional command-line parameters:

  • -s slotid: Provide the slot ID that will be used for the tests
  • -v: Generate verbose output.
  • -u pwd: Provide the user PIN/password.
  • -o pwd: Provide the security officer PIN/password.
  • -w cnm: Name of cipher to use for keys being wrapped in key-wrapping tests. One of { 3DES-CBC, 3DES-ECB, AES-CBC , AES-ECB, ARIA-CBC, ARIA-CBC-PAD , ARIA-ECB, CAMELLIA-CBC, CAMELLIA-CBC-PAD , CAMELLIA-ECB, DES-CBC, DES-ECB , IDEA-CBC, IDEA-ECB }
  • -I: Perform token initialization tests. This will wipe the contents of the PKCS#11 token

The test program uses Google Test, and the Google Test command line options are also available. In particular, --gtest_filter=<filter> can be used to run a subset of the tests.

About

PKCS#11 Test Suite

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

75 stars

Watchers

14 watching

Forks

51 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 14

Languages