@@ -58,6 +58,10 @@ fn test_create_eddsa_objects() {
5858 ) ) ;
5959
6060 let ctx = hex:: decode ( "666f6f" ) . expect ( "Failed to decode context" ) ;
61+ let data = hex:: decode ( "f726936d19c800494e3fdaff20b276a8" )
62+ . expect ( "Failed to decode data" ) ;
63+ let sign: [ u8 ; 64 ] = [ 0 ; 64 ] ;
64+ let mut sign_len: CK_ULONG = 64 ;
6165
6266 let params: CK_EDDSA_PARAMS = CK_EDDSA_PARAMS {
6367 phFlag : CK_FALSE ,
@@ -69,40 +73,45 @@ fn test_create_eddsa_objects() {
6973 pParameter : void_ptr ! ( & params) ,
7074 ulParameterLen : sizeof ! ( CK_EDDSA_PARAMS ) ,
7175 } ;
76+
7277 let ret = fn_sign_init ( session, & mut mechanism, private_handle) ;
73- assert_eq ! ( ret, CKR_OK ) ;
78+ if cfg ! ( feature = "fips" ) {
79+ assert_eq ! ( ret, CKR_MECHANISM_PARAM_INVALID ) ;
80+ } else {
81+ assert_eq ! ( ret, CKR_OK ) ;
7482
75- let data = hex:: decode ( "f726936d19c800494e3fdaff20b276a8" )
76- . expect ( "Failed to decode data" ) ;
77- let sign: [ u8 ; 64 ] = [ 0 ; 64 ] ;
78- let mut sign_len: CK_ULONG = 64 ;
79- let ret = fn_sign (
80- session,
81- data. as_ptr ( ) as * mut u8 ,
82- data. len ( ) as CK_ULONG ,
83- sign. as_ptr ( ) as * mut _ ,
84- & mut sign_len,
85- ) ;
86- assert_eq ! ( ret, CKR_OK ) ;
87- assert_eq ! ( sign_len, 64 ) ;
88- let signature = hex:: decode (
89- "55a4cc2f70a54e04288c5f4cd1e45a7bb520b36292911876cada7323198dd87a\
90- ,
91- )
92- . expect ( "failed to decode expected signature" ) ;
93- assert_eq ! ( signature, sign) ;
83+ let ret = fn_sign (
84+ session,
85+ data. as_ptr ( ) as * mut u8 ,
86+ data. len ( ) as CK_ULONG ,
87+ sign. as_ptr ( ) as * mut _ ,
88+ & mut sign_len,
89+ ) ;
90+ assert_eq ! ( ret, CKR_OK ) ;
91+ assert_eq ! ( sign_len, 64 ) ;
92+ let signature = hex:: decode (
93+ "55a4cc2f70a54e04288c5f4cd1e45a7bb520b36292911876cada7323198dd87a\
94+ ,
95+ )
96+ . expect ( "failed to decode expected signature" ) ;
97+ assert_eq ! ( signature, sign) ;
98+ }
9499
95100 let ret = fn_verify_init ( session, & mut mechanism, public_handle) ;
96- assert_eq ! ( ret, CKR_OK ) ;
101+ if cfg ! ( feature = "fips" ) {
102+ assert_eq ! ( ret, CKR_MECHANISM_PARAM_INVALID ) ;
103+ } else {
104+ assert_eq ! ( ret, CKR_OK ) ;
97105
98- let ret = fn_verify (
99- session,
100- data. as_ptr ( ) as * mut u8 ,
101- data. len ( ) as CK_ULONG ,
102- sign. as_ptr ( ) as * mut u8 ,
103- sign_len,
104- ) ;
105- assert_eq ! ( ret, CKR_OK ) ;
106+ let ret = fn_verify (
107+ session,
108+ data. as_ptr ( ) as * mut u8 ,
109+ data. len ( ) as CK_ULONG ,
110+ sign. as_ptr ( ) as * mut u8 ,
111+ sign_len,
112+ ) ;
113+ assert_eq ! ( ret, CKR_OK ) ;
114+ }
106115
107116 testtokn. finalize ( ) ;
108117}
@@ -530,6 +539,18 @@ fn test_eddsa_units(session: CK_SESSION_HANDLE, test_data: Vec<EddsaTestUnit>) {
530539 }
531540
532541 let ret = fn_sign_init ( session, & mut mechanism, priv_handle) ;
542+ if cfg ! ( feature = "fips" ) {
543+ if unit. algo . as_str ( ) == "Ed25519ctx" {
544+ /* expect failure for this in FIPS builds */
545+ if ret != CKR_MECHANISM_PARAM_INVALID {
546+ panic ! (
547+ "Expected {} but got {} for unit test at line {}" ,
548+ CKR_MECHANISM_PARAM_INVALID , ret, unit. line
549+ ) ;
550+ }
551+ continue ;
552+ }
553+ }
533554 if ret != CKR_OK {
534555 panic ! ( "Failed ({}) unit test at line {}" , ret, unit. line) ;
535556 }
0 commit comments