@@ -1304,6 +1304,143 @@ fn sha256_digest() -> TestResult {
13041304 Ok ( ( ) )
13051305}
13061306
1307+ #[ test]
1308+ #[ serial]
1309+ fn sha256_digest_multipart ( ) -> TestResult {
1310+ let ( pkcs11, slot) = init_pins ( ) ;
1311+
1312+ // Open a session
1313+ let session = pkcs11. open_ro_session ( slot) ?;
1314+
1315+ // Log into the session
1316+ session. login ( UserType :: User , Some ( & AuthPin :: new ( USER_PIN . into ( ) ) ) ) ?;
1317+
1318+ // Data to digest
1319+ let data1 = vec ! [ 0xAA , 0xBB , 0xCC , 0xDD , 0xEE , 0xFF ] ;
1320+ let data2 = vec ! [ 0x66 , 0x55 , 0x44 , 0x33 , 0x22 , 0x11 ] ;
1321+
1322+ // Digest data in parts
1323+ session. digest_initialize ( & Mechanism :: Sha256 ) ?;
1324+ session. digest_update ( & data1) ?;
1325+ session. digest_update ( & data2) ?;
1326+
1327+ let have = session. digest_finalize ( ) ?;
1328+ let want = vec ! [
1329+ 0x8c , 0x18 , 0xb1 , 0x5f , 0x01 , 0x47 , 0x13 , 0x2a , 0x03 , 0xc2 , 0xe3 , 0xfd , 0x4f , 0x29 , 0xb7 ,
1330+ 0x75 , 0x80 , 0x19 , 0xb5 , 0x58 , 0x5e , 0xfc , 0xeb , 0x45 , 0x18 , 0x33 , 0x2b , 0x2f , 0xa7 , 0xa4 ,
1331+ 0x1f , 0x6e ,
1332+ ] ;
1333+
1334+ assert_eq ! ( have, want) ;
1335+
1336+ Ok ( ( ) )
1337+ }
1338+
1339+ #[ test]
1340+ #[ serial]
1341+ fn sha256_digest_multipart_with_key ( ) -> TestResult {
1342+ let ( pkcs11, slot) = init_pins ( ) ;
1343+
1344+ // Open a session
1345+ let session = pkcs11. open_rw_session ( slot) ?;
1346+
1347+ // Log into the session
1348+ session. login ( UserType :: User , Some ( & AuthPin :: new ( USER_PIN . into ( ) ) ) ) ?;
1349+
1350+ // Create a key to add to the digest
1351+ let key_template = vec ! [
1352+ Attribute :: Token ( true ) ,
1353+ Attribute :: ValueLen ( ( 256 / 8 ) . into( ) ) ,
1354+ Attribute :: Sensitive ( false ) ,
1355+ Attribute :: Extractable ( true ) ,
1356+ ] ;
1357+ let key = session. generate_key ( & Mechanism :: AesKeyGen , & key_template) ?;
1358+
1359+ // Data and key bytes to digest
1360+ let mut data = vec ! [ 0xAA , 0xBB , 0xCC , 0xDD , 0xEE , 0xFF ] ;
1361+
1362+ let attributes = session. get_attributes ( key, & [ AttributeType :: Value ] ) ?;
1363+ let key_data = attributes. first ( ) . unwrap ( ) ;
1364+ let mut key_data = match key_data {
1365+ Attribute :: Value ( key_data) => key_data. to_owned ( ) ,
1366+ _ => unreachable ! ( ) ,
1367+ } ;
1368+
1369+ // Digest data in parts
1370+ session. digest_initialize ( & Mechanism :: Sha256 ) ?;
1371+ session. digest_update ( & data) ?;
1372+ session. digest_key ( key) ?;
1373+
1374+ // Create digests to compare
1375+ let have = session. digest_finalize ( ) ?;
1376+
1377+ data. append ( & mut key_data) ;
1378+ let want = session. digest ( & Mechanism :: Sha256 , & data) ?;
1379+
1380+ assert_eq ! ( have, want) ;
1381+
1382+ Ok ( ( ) )
1383+ }
1384+
1385+ #[ test]
1386+ #[ serial]
1387+ fn sha256_digest_multipart_not_initialized ( ) -> TestResult {
1388+ let ( pkcs11, slot) = init_pins ( ) ;
1389+
1390+ // Open a session
1391+ let session = pkcs11. open_ro_session ( slot) ?;
1392+
1393+ // Log into the session
1394+ session. login ( UserType :: User , Some ( & AuthPin :: new ( USER_PIN . into ( ) ) ) ) ?;
1395+
1396+ // Data to digest
1397+ let data = vec ! [ 0xAA , 0xBB , 0xCC , 0xDD , 0xEE , 0xFF ] ;
1398+
1399+ // Attempt to update digest without an operation having been initialized
1400+ let result = session. digest_update ( & data) ;
1401+
1402+ assert ! ( result. is_err( ) ) ;
1403+ assert ! ( matches!(
1404+ result. unwrap_err( ) ,
1405+ Error :: Pkcs11 ( RvError :: OperationNotInitialized , Function :: DigestUpdate )
1406+ ) ) ;
1407+
1408+ // Attempt to finalize digest without an operation having been initialized
1409+ let result = session. digest_finalize ( ) ;
1410+
1411+ assert ! ( result. is_err( ) ) ;
1412+ assert ! ( matches!(
1413+ result. unwrap_err( ) ,
1414+ Error :: Pkcs11 ( RvError :: OperationNotInitialized , Function :: DigestFinal )
1415+ ) ) ;
1416+
1417+ Ok ( ( ) )
1418+ }
1419+
1420+ #[ test]
1421+ #[ serial]
1422+ fn sha256_digest_multipart_already_initialized ( ) -> TestResult {
1423+ let ( pkcs11, slot) = init_pins ( ) ;
1424+
1425+ // Open a session
1426+ let session = pkcs11. open_ro_session ( slot) ?;
1427+
1428+ // Log into the session
1429+ session. login ( UserType :: User , Some ( & AuthPin :: new ( USER_PIN . into ( ) ) ) ) ?;
1430+
1431+ // Initialize digesting operation twice in a row
1432+ session. digest_initialize ( & Mechanism :: Sha256 ) ?;
1433+ let result = session. digest_initialize ( & Mechanism :: Sha256 ) ;
1434+
1435+ assert ! ( result. is_err( ) ) ;
1436+ assert ! ( matches!(
1437+ result. unwrap_err( ) ,
1438+ Error :: Pkcs11 ( RvError :: OperationActive , Function :: DigestInit )
1439+ ) ) ;
1440+
1441+ Ok ( ( ) )
1442+ }
1443+
13071444#[ test]
13081445#[ serial]
13091446fn gcm_param_graceful_failure ( ) -> TestResult {
0 commit comments