From 9d6fd322bb9a435b181f2f74661e2903dc9c4f89 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mon, 9 Jun 2025 15:59:32 +0200 Subject: [PATCH 1/3] ci: Run tests also on i686 Related: #282 Signed-off-by: Jakub Jelen --- .github/actions/ci_script/action.yml | 19 ++++++++++++++++++- ci.sh | 6 +++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/.github/actions/ci_script/action.yml b/.github/actions/ci_script/action.yml index 18a98e3a..0f157f59 100644 --- a/.github/actions/ci_script/action.yml +++ b/.github/actions/ci_script/action.yml @@ -4,7 +4,7 @@ description: "Installs SoftHSM and executes tests" runs: using: "composite" steps: - - name: Install SoftHSM + - name: Install & set up SoftHSM (64b) run: | sudo apt-get update -y -qq && sudo apt-get install -y -qq libsofthsm2 && @@ -35,3 +35,20 @@ runs: SOFTHSM2_CONF: /tmp/softhsm2.conf run: ./ci.sh shell: bash + + - name: Install SoftHSM (32b) and ix86 dependencies + run: | + sudo dpkg --add-architecture i386 && + sudo apt-get update -y -qq && + sudo apt-get remove -y -qq libsofthsm2 && + sudo apt-get install -y -qq gcc-multilib libsofthsm2:i386 + shell: bash + + - name: Test script on i386 + env: + TEST_PKCS11_MODULE: /usr/lib/softhsm/libsofthsm2.so + SOFTHSM2_CONF: /tmp/softhsm2.conf + TEST_TARGET: --target i686-unknown-linux-gnu + run: ./ci.sh + shell: bash + diff --git a/ci.sh b/ci.sh index 93bfde39..78b68f06 100755 --- a/ci.sh +++ b/ci.sh @@ -37,4 +37,8 @@ RUST_BACKTRACE=1 cargo build --target x86_64-apple-darwin RUST_BACKTRACE=1 cargo build --target aarch64-apple-darwin RUST_BACKTRACE=1 cargo build --target x86_64-unknown-freebsd -RUST_BACKTRACE=1 cargo test +if [[ -z "${TEST_TARGET:-}" ]]; then + RUST_BACKTRACE=1 cargo test +else + RUST_BACKTRACE=1 cargo test $TEST_TARGET +fi From 63ad20914d8b6759445011aef5a89b8b5c9395ac Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mon, 9 Jun 2025 19:30:27 +0200 Subject: [PATCH 2/3] tests: 32b compatibility Fixes: #282 Signed-off-by: Jakub Jelen --- cryptoki/tests/basic.rs | 82 ++++++++++++++++++++--------------------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs index 6f54db3b..0e8affb7 100644 --- a/cryptoki/tests/basic.rs +++ b/cryptoki/tests/basic.rs @@ -455,7 +455,7 @@ fn encrypt_decrypt_multipart() -> TestResult { let template = vec![ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -566,7 +566,7 @@ fn encrypt_decrypt_multipart_already_initialized() -> TestResult { let template = vec![ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -775,7 +775,7 @@ fn session_find_objects() -> testresult::TestResult { Attribute::Token(true), Attribute::Encrypt(true), Attribute::Label(format!("key_{}", i).as_bytes().to_vec()), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into().unwrap()), Attribute::Id("12345678".as_bytes().to_vec()), // reusing the same CKA_ID ]; @@ -825,7 +825,7 @@ fn session_objecthandle_iterator() -> testresult::TestResult { let key_template = vec![ Attribute::Token(true), Attribute::Encrypt(true), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Label(format!("key_{}", i).as_bytes().to_vec()), Attribute::Id("12345678".as_bytes().to_vec()), // reusing the same CKA_ID ]; @@ -915,7 +915,7 @@ fn wrap_and_unwrap_key() { let key_to_be_wrapped_template = vec![ Attribute::Token(true), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into().unwrap()), // the key needs to be extractable to be suitable for being wrapped Attribute::Extractable(true), Attribute::Encrypt(true), @@ -1197,7 +1197,7 @@ fn get_attribute_info_test() -> TestResult { session.generate_key_pair(&mechanism, &pub_key_template, &priv_key_template)?; let pub_attribs = vec![AttributeType::PublicExponent, AttributeType::Modulus]; - let mut priv_attribs = [ + let priv_attribs = [ AttributeType::PublicExponent, AttributeType::Modulus, AttributeType::PrivateExponent, @@ -1369,7 +1369,7 @@ fn aes_key_attributes_test() -> TestResult { Attribute::Class(ObjectClass::SECRET_KEY), Attribute::Token(true), Attribute::Sensitive(true), - Attribute::ValueLen(16.into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::KeyType(KeyType::AES), Attribute::Label(b"testAES".to_vec()), Attribute::Private(true), @@ -1465,7 +1465,7 @@ fn session_copy_object() -> TestResult { Attribute::Private(true), Attribute::Sensitive(true), Attribute::Extractable(false), - Attribute::ValueLen(16.into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Label("original".as_bytes().to_vec()), ]; @@ -1678,7 +1678,7 @@ fn sha256_digest_multipart_with_key() -> TestResult { let key_template = vec![ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), // Key must be non-sensitive and extractable to get its bytes and digest them directly, for comparison Attribute::Sensitive(false), Attribute::Extractable(true), @@ -2119,7 +2119,7 @@ fn ekdf_aes_cbc_encrypt_data() -> TestResult { Attribute::Token(true), Attribute::Sensitive(true), Attribute::Private(true), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; @@ -2179,7 +2179,7 @@ fn kbkdf_counter_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2190,7 +2190,7 @@ fn kbkdf_counter_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -2234,7 +2234,7 @@ fn kbkdf_counter_mode() -> TestResult { let wanted_attributes = [ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2272,7 +2272,7 @@ fn kbkdf_feedback_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2283,7 +2283,7 @@ fn kbkdf_feedback_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -2350,7 +2350,7 @@ fn kbkdf_feedback_mode() -> TestResult { let wanted_attributes = [ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2389,7 +2389,7 @@ fn kbkdf_double_pipeline_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2400,7 +2400,7 @@ fn kbkdf_double_pipeline_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -2440,7 +2440,7 @@ fn kbkdf_double_pipeline_mode() -> TestResult { let wanted_attributes = [ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2478,7 +2478,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2490,7 +2490,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ], @@ -2499,7 +2499,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Sign(true), Attribute::Verify(true), ], @@ -2570,7 +2570,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2580,7 +2580,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(false), Attribute::Decrypt(false), Attribute::Sign(true), @@ -2634,7 +2634,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2646,7 +2646,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ], @@ -2655,7 +2655,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Sign(true), Attribute::Verify(true), ], @@ -2759,7 +2759,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2769,7 +2769,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(false), Attribute::Decrypt(false), Attribute::Sign(true), @@ -2819,7 +2819,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2831,7 +2831,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ], @@ -2840,7 +2840,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Sign(true), Attribute::Verify(true), ], @@ -2907,7 +2907,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2917,7 +2917,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(false), Attribute::Decrypt(false), Attribute::Sign(true), @@ -2971,7 +2971,7 @@ fn kbkdf_invalid_data_params_counter_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2982,7 +2982,7 @@ fn kbkdf_invalid_data_params_counter_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -3120,7 +3120,7 @@ fn kbkdf_invalid_data_params_feedback_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -3131,7 +3131,7 @@ fn kbkdf_invalid_data_params_feedback_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -3243,7 +3243,7 @@ fn kbkdf_invalid_data_params_double_pipeline_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -3254,7 +3254,7 @@ fn kbkdf_invalid_data_params_double_pipeline_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -3707,7 +3707,7 @@ fn unique_id() -> TestResult { let generate_template = vec![ Attribute::Token(true), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), ]; From 28ba5990765389c0c3a577633567669d21fae12d Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mon, 9 Jun 2025 20:13:21 +0200 Subject: [PATCH 3/3] tests: Skip the overflow test on 32bit arch Signed-off-by: Jakub Jelen --- cryptoki/tests/basic.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs index 0e8affb7..ef301856 100644 --- a/cryptoki/tests/basic.rs +++ b/cryptoki/tests/basic.rs @@ -1771,6 +1771,7 @@ fn sha256_digest_multipart_already_initialized() -> TestResult { Ok(()) } +#[cfg(target_pointer_width = "64")] #[test] #[serial] fn gcm_param_graceful_failure() -> TestResult {