diff --git a/.github/actions/ci_script/action.yml b/.github/actions/ci_script/action.yml index 18a98e3a..0f157f59 100644 --- a/.github/actions/ci_script/action.yml +++ b/.github/actions/ci_script/action.yml @@ -4,7 +4,7 @@ description: "Installs SoftHSM and executes tests" runs: using: "composite" steps: - - name: Install SoftHSM + - name: Install & set up SoftHSM (64b) run: | sudo apt-get update -y -qq && sudo apt-get install -y -qq libsofthsm2 && @@ -35,3 +35,20 @@ runs: SOFTHSM2_CONF: /tmp/softhsm2.conf run: ./ci.sh shell: bash + + - name: Install SoftHSM (32b) and ix86 dependencies + run: | + sudo dpkg --add-architecture i386 && + sudo apt-get update -y -qq && + sudo apt-get remove -y -qq libsofthsm2 && + sudo apt-get install -y -qq gcc-multilib libsofthsm2:i386 + shell: bash + + - name: Test script on i386 + env: + TEST_PKCS11_MODULE: /usr/lib/softhsm/libsofthsm2.so + SOFTHSM2_CONF: /tmp/softhsm2.conf + TEST_TARGET: --target i686-unknown-linux-gnu + run: ./ci.sh + shell: bash + diff --git a/ci.sh b/ci.sh index 93bfde39..78b68f06 100755 --- a/ci.sh +++ b/ci.sh @@ -37,4 +37,8 @@ RUST_BACKTRACE=1 cargo build --target x86_64-apple-darwin RUST_BACKTRACE=1 cargo build --target aarch64-apple-darwin RUST_BACKTRACE=1 cargo build --target x86_64-unknown-freebsd -RUST_BACKTRACE=1 cargo test +if [[ -z "${TEST_TARGET:-}" ]]; then + RUST_BACKTRACE=1 cargo test +else + RUST_BACKTRACE=1 cargo test $TEST_TARGET +fi diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs index 6f54db3b..ef301856 100644 --- a/cryptoki/tests/basic.rs +++ b/cryptoki/tests/basic.rs @@ -455,7 +455,7 @@ fn encrypt_decrypt_multipart() -> TestResult { let template = vec![ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -566,7 +566,7 @@ fn encrypt_decrypt_multipart_already_initialized() -> TestResult { let template = vec![ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -775,7 +775,7 @@ fn session_find_objects() -> testresult::TestResult { Attribute::Token(true), Attribute::Encrypt(true), Attribute::Label(format!("key_{}", i).as_bytes().to_vec()), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into().unwrap()), Attribute::Id("12345678".as_bytes().to_vec()), // reusing the same CKA_ID ]; @@ -825,7 +825,7 @@ fn session_objecthandle_iterator() -> testresult::TestResult { let key_template = vec![ Attribute::Token(true), Attribute::Encrypt(true), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Label(format!("key_{}", i).as_bytes().to_vec()), Attribute::Id("12345678".as_bytes().to_vec()), // reusing the same CKA_ID ]; @@ -915,7 +915,7 @@ fn wrap_and_unwrap_key() { let key_to_be_wrapped_template = vec![ Attribute::Token(true), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into().unwrap()), // the key needs to be extractable to be suitable for being wrapped Attribute::Extractable(true), Attribute::Encrypt(true), @@ -1197,7 +1197,7 @@ fn get_attribute_info_test() -> TestResult { session.generate_key_pair(&mechanism, &pub_key_template, &priv_key_template)?; let pub_attribs = vec![AttributeType::PublicExponent, AttributeType::Modulus]; - let mut priv_attribs = [ + let priv_attribs = [ AttributeType::PublicExponent, AttributeType::Modulus, AttributeType::PrivateExponent, @@ -1369,7 +1369,7 @@ fn aes_key_attributes_test() -> TestResult { Attribute::Class(ObjectClass::SECRET_KEY), Attribute::Token(true), Attribute::Sensitive(true), - Attribute::ValueLen(16.into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::KeyType(KeyType::AES), Attribute::Label(b"testAES".to_vec()), Attribute::Private(true), @@ -1465,7 +1465,7 @@ fn session_copy_object() -> TestResult { Attribute::Private(true), Attribute::Sensitive(true), Attribute::Extractable(false), - Attribute::ValueLen(16.into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Label("original".as_bytes().to_vec()), ]; @@ -1678,7 +1678,7 @@ fn sha256_digest_multipart_with_key() -> TestResult { let key_template = vec![ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), // Key must be non-sensitive and extractable to get its bytes and digest them directly, for comparison Attribute::Sensitive(false), Attribute::Extractable(true), @@ -1771,6 +1771,7 @@ fn sha256_digest_multipart_already_initialized() -> TestResult { Ok(()) } +#[cfg(target_pointer_width = "64")] #[test] #[serial] fn gcm_param_graceful_failure() -> TestResult { @@ -2119,7 +2120,7 @@ fn ekdf_aes_cbc_encrypt_data() -> TestResult { Attribute::Token(true), Attribute::Sensitive(true), Attribute::Private(true), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; @@ -2179,7 +2180,7 @@ fn kbkdf_counter_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2190,7 +2191,7 @@ fn kbkdf_counter_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -2234,7 +2235,7 @@ fn kbkdf_counter_mode() -> TestResult { let wanted_attributes = [ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2272,7 +2273,7 @@ fn kbkdf_feedback_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2283,7 +2284,7 @@ fn kbkdf_feedback_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -2350,7 +2351,7 @@ fn kbkdf_feedback_mode() -> TestResult { let wanted_attributes = [ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2389,7 +2390,7 @@ fn kbkdf_double_pipeline_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2400,7 +2401,7 @@ fn kbkdf_double_pipeline_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -2440,7 +2441,7 @@ fn kbkdf_double_pipeline_mode() -> TestResult { let wanted_attributes = [ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2478,7 +2479,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2490,7 +2491,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ], @@ -2499,7 +2500,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Sign(true), Attribute::Verify(true), ], @@ -2570,7 +2571,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2580,7 +2581,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(false), Attribute::Decrypt(false), Attribute::Sign(true), @@ -2634,7 +2635,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2646,7 +2647,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ], @@ -2655,7 +2656,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Sign(true), Attribute::Verify(true), ], @@ -2759,7 +2760,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2769,7 +2770,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(false), Attribute::Decrypt(false), Attribute::Sign(true), @@ -2819,7 +2820,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2831,7 +2832,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ], @@ -2840,7 +2841,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Sign(true), Attribute::Verify(true), ], @@ -2907,7 +2908,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2917,7 +2918,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(false), Attribute::Decrypt(false), Attribute::Sign(true), @@ -2971,7 +2972,7 @@ fn kbkdf_invalid_data_params_counter_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2982,7 +2983,7 @@ fn kbkdf_invalid_data_params_counter_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -3120,7 +3121,7 @@ fn kbkdf_invalid_data_params_feedback_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -3131,7 +3132,7 @@ fn kbkdf_invalid_data_params_feedback_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -3243,7 +3244,7 @@ fn kbkdf_invalid_data_params_double_pipeline_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -3254,7 +3255,7 @@ fn kbkdf_invalid_data_params_double_pipeline_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -3707,7 +3708,7 @@ fn unique_id() -> TestResult { let generate_template = vec![ Attribute::Token(true), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), ];