fixup! Add support for HMAC.

Removed SoftHSM from supported suites list.
During test, force all ops on token.

Signed-off-by: Ilie Halip <[email protected]>

Author: ilie-halip-nxp

tests/meson.build

@@ -154,7 +154,7 @@ tests = {
   'fork': {'suites': all_suites},
   'oaepsha2': {'suites': ['softokn', 'kryoptic', 'kryoptic.nss']},
   'hkdf': {'suites': ['softokn', 'kryoptic', 'kryoptic.nss']},
-  'hmac': {'suites': all_suites},
+  'hmac': {'suites': ['softokn', 'kryoptic', 'kryoptic.nss']},
   'imported' : {'suites': ['softokn', 'kryoptic', 'kryoptic.nss']},
   'pem_encoder': {'suites': all_suites},
   'rsa': {'suites': all_suites},

tests/thmac

@@ -6,46 +6,41 @@ source "${TESTSSRCDIR}/helpers.sh"
 
 title PARA "Test HMAC support"
 
-# Use a large key size, softhsm requires it to be >= digest size
-HMAC_HEX_KEY=aaaabbbbaaaabbbbaaaabbbbaaaabbbbaaaabbbbaaaabbbbaaaabbbbaaaabbbb
-
-declare -A digests=(
-    # These HMAC digests should be generally supported
-    ["supported"]="sha1 SSL3-SHA1 SHA1 SHA256 SHA-256 SHA2-256 SHA384 SHA-384 SHA2-384 SHA512 SHA-512 SHA2-512"
-
-    ["optional"]="SHA512-224 SHA-512/224 SHA2-512/224 SHA512-256 SHA-512/256 SHA2-512/256"
+HMAC_HEX_KEY=aaaabbbbaaaabbbbaaaabbbbaaaabbbb
+
+digests=(
+    SHA1
+    SHA256
+    SHA384
+    SHA512
+    SHA3-224
+    SHA3-256
+    SHA3-384
+    SHA3-512
 )
 
-for key in "${!digests[@]}"; do
-    IFS=" " read -r -a values <<< "${digests[$key]}"
-    FAIL=0
-
-    for digest in "${values[@]}"; do
-        ossl "
-        mac -digest ${digest}
-            -macopt key:${HMAC_HEX_KEY}
-            -in ${RAND64FILE}
-            -out ${TMPPDIR}/hmac-out-pkcs11.bin
-            -propquery provider=pkcs11
-            hmac" || FAIL=1
-        if [ $FAIL -eq 1 ]; then
-            if [ "${key}" = "supported" ]; then
-                exit 1
-            else
-                continue
-            fi
-        fi
-
-        ossl "
-        mac -digest ${digest}
-            -macopt key:${HMAC_HEX_KEY}
-            -in ${RAND64FILE}
-            -out ${TMPPDIR}/hmac-out.bin
-            hmac" || FAIL=1
-        if [ $FAIL -eq 1 ]; then
-            exit 1
-        fi
-
-        diff "${TMPPDIR}/hmac-out-pkcs11.bin" "${TMPPDIR}/hmac-out.bin"
-    done
+for digest in ${digests[@]}; do
+    ossl "
+    mac -digest ${digest}
+        -macopt key:${HMAC_HEX_KEY}
+        -in ${RAND64FILE}
+        -out ${TMPPDIR}/hmac-out-${digest}.bin
+        hmac" || exit 1
+done
+
+# After hmac generation force all operations on the token
+ORIG_OPENSSL_CONF=${OPENSSL_CONF}
+sed -e "s/#MORECONF/alg_section = algorithm_sec\n\n[algorithm_sec]\ndefault_properties = ?provider=pkcs11/" \
+    "${OPENSSL_CONF}" > "${OPENSSL_CONF}.forcetoken"
+OPENSSL_CONF=${OPENSSL_CONF}.forcetoken
+
+for digest in ${digests[@]}; do
+    ossl "
+    mac -digest ${digest}
+        -macopt key:${HMAC_HEX_KEY}
+        -in ${RAND64FILE}
+        -out ${TMPPDIR}/hmac-out-pkcs11-${digest}.bin
+        hmac" || exit 1
+
+    diff "${TMPPDIR}/hmac-out-${digest}.bin" "${TMPPDIR}/hmac-out-pkcs11-${digest}.bin"
 done