diff --git a/.github/actions/ci_script/action.yml b/.github/actions/ci_script/action.yml deleted file mode 100644 index 18a98e3a..00000000 --- a/.github/actions/ci_script/action.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: "CI script Tests" -description: "Installs SoftHSM and executes tests" - -runs: - using: "composite" - steps: - - name: Install SoftHSM - run: | - sudo apt-get update -y -qq && - sudo apt-get install -y -qq libsofthsm2 && - mkdir /tmp/tokens - echo "directories.tokendir = /tmp/tokens" > /tmp/softhsm2.conf - shell: bash - - - name: Install Rust targets - run: | - rustup target add armv7-unknown-linux-gnueabi && - rustup target add armv7-unknown-linux-gnueabihf && - rustup target add arm-unknown-linux-gnueabi && - rustup target add aarch64-unknown-linux-gnu && - rustup target add i686-unknown-linux-gnu && - rustup target add loongarch64-unknown-linux-gnu && - rustup target add powerpc64-unknown-linux-gnu && - rustup target add powerpc64le-unknown-linux-gnu && - rustup target add x86_64-pc-windows-msvc && - rustup target add x86_64-apple-darwin && - rustup target add aarch64-apple-darwin && - rustup target add x86_64-unknown-freebsd && - rustup target add riscv64gc-unknown-linux-gnu - shell: bash - - - name: Test script - env: - TEST_PKCS11_MODULE: /usr/lib/softhsm/libsofthsm2.so - SOFTHSM2_CONF: /tmp/softhsm2.conf - run: ./ci.sh - shell: bash diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 98dee93d..e832bacf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,6 +21,14 @@ jobs: - name: Check formatting run: cargo fmt --all -- --check + lints: + name: Check lints + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Check formatting + run: cargo clippy --all-targets -- -D clippy::all -D clippy::cargo + docs: name: Check documentation runs-on: ubuntu-latest @@ -29,17 +37,78 @@ jobs: - name: Check documentation run: RUSTDOCFLAGS="-Dwarnings" cargo doc --document-private-items --no-deps - build: - name: Execute CI script + check: + name: Check for errors + runs-on: ubuntu-latest + continue-on-error: true + strategy: + matrix: + target: + - x86_64-unknown-linux-gnu + - armv7-unknown-linux-gnueabi + - armv7-unknown-linux-gnueabihf + - arm-unknown-linux-gnueabi + - aarch64-unknown-linux-gnu + - i686-unknown-linux-gnu + - loongarch64-unknown-linux-gnu + - powerpc64-unknown-linux-gnu + - powerpc64le-unknown-linux-gnu + - x86_64-pc-windows-msvc + - x86_64-apple-darwin + - aarch64-apple-darwin + - x86_64-unknown-freebsd + - riscv64gc-unknown-linux-gnu + toolchain: + - stable + - "1.66.0" # MSRV + steps: + - uses: actions/checkout@v4 + - name: Setup Rust toolchain + uses: actions-rs/toolchain@v1 + with: + toolchain: ${{ matrix.toolchain }} + - name: Install Rust target + run: rustup target add ${{ matrix.target }} + - name: Check source + run: cargo check --target ${{ matrix.target }} --workspace --all-targets + - name: Check all features source + run: cargo check --target ${{ matrix.target }} --all-features --workspace --all-targets + + tests-softhsm: + name: Run tests against SoftHSM runs-on: ubuntu-latest + continue-on-error: true + strategy: + matrix: + target: + - x86_64-unknown-linux-gnu + toolchain: + - stable + - "1.66.0" # MSRV steps: - uses: actions/checkout@v4 - name: Setup Rust toolchain uses: actions-rs/toolchain@v1 with: - toolchain: stable - - name: "Installs SoftHSM and execute tests" - uses: ./.github/actions/ci_script + toolchain: ${{ matrix.toolchain }} + - name: Install SoftHSM + run: | + sudo apt-get update -y -qq && + sudo apt-get install -y -qq libsofthsm2 && + mkdir /tmp/tokens + echo "directories.tokendir = /tmp/tokens" > /tmp/softhsm2.conf + - name: Install Rust target + run: rustup target add ${{ matrix.target }} + - name: Check + run: cargo check --target ${{ matrix.target }} --workspace --all-targets + - name: Test script + env: + TEST_PKCS11_MODULE: /usr/lib/softhsm/libsofthsm2.so + SOFTHSM2_CONF: /tmp/softhsm2.conf + TARGET: ${{ matrix.target }} + RUST_BACKTRACE: 1 + RUSTFLAGS: "-D warnings" + run: ./ci.sh tests-kryoptic: name: Run tests against Kryoptic @@ -58,27 +127,14 @@ jobs: RUST_BACKTRACE=1 cargo build --all-features && RUST_BACKTRACE=1 cargo test - - build-msrv: - name: MSRV - Execute CI script - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Setup Rust toolchain on MSRV - uses: actions-rs/toolchain@v1 - with: - toolchain: 1.66.0 - - name: "Installs SoftHSM and execute tests" - uses: ./.github/actions/ci_script - links: name: Check links runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Link Checker - uses: peter-evans/link-checker@v1 - with: - args: -v -r *.md - - name: Fail if there were link errors - run: exit ${{ steps.lc.outputs.exit_code }} + - uses: actions/checkout@v4 + - name: Link Checker + uses: peter-evans/link-checker@v1 + with: + args: -v -r *.md + - name: Fail if there were link errors + run: exit ${{ steps.lc.outputs.exit_code }} diff --git a/ci.sh b/ci.sh index 93bfde39..029cd813 100755 --- a/ci.sh +++ b/ci.sh @@ -5,36 +5,10 @@ # Continuous Integration test script -set -euf -o pipefail +set -euxf -o pipefail pushd cryptoki-sys -RUST_BACKTRACE=1 cargo build --features generate-bindings +cargo build --features generate-bindings popd -# check formatting before going through all the builds -if cargo fmt --version; then - cargo fmt --all -- --check -fi -if cargo clippy --version; then - cargo clippy --all-targets -- -D clippy::all -D clippy::cargo -fi - -RUST_BACKTRACE=1 cargo build - -RUST_BACKTRACE=1 cargo build --all-features - -RUST_BACKTRACE=1 cargo build --target arm-unknown-linux-gnueabi -RUST_BACKTRACE=1 cargo build --target armv7-unknown-linux-gnueabi -RUST_BACKTRACE=1 cargo build --target armv7-unknown-linux-gnueabihf -RUST_BACKTRACE=1 cargo build --target aarch64-unknown-linux-gnu -RUST_BACKTRACE=1 cargo build --target i686-unknown-linux-gnu -RUST_BACKTRACE=1 cargo build --target loongarch64-unknown-linux-gnu -RUST_BACKTRACE=1 cargo build --target powerpc64-unknown-linux-gnu -RUST_BACKTRACE=1 cargo build --target powerpc64le-unknown-linux-gnu -RUST_BACKTRACE=1 cargo build --target riscv64gc-unknown-linux-gnu -RUST_BACKTRACE=1 cargo build --target x86_64-pc-windows-msvc -RUST_BACKTRACE=1 cargo build --target x86_64-apple-darwin -RUST_BACKTRACE=1 cargo build --target aarch64-apple-darwin -RUST_BACKTRACE=1 cargo build --target x86_64-unknown-freebsd - -RUST_BACKTRACE=1 cargo test +cargo test --target "$TARGET" diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs index 6f54db3b..ef301856 100644 --- a/cryptoki/tests/basic.rs +++ b/cryptoki/tests/basic.rs @@ -455,7 +455,7 @@ fn encrypt_decrypt_multipart() -> TestResult { let template = vec![ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -566,7 +566,7 @@ fn encrypt_decrypt_multipart_already_initialized() -> TestResult { let template = vec![ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -775,7 +775,7 @@ fn session_find_objects() -> testresult::TestResult { Attribute::Token(true), Attribute::Encrypt(true), Attribute::Label(format!("key_{}", i).as_bytes().to_vec()), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into().unwrap()), Attribute::Id("12345678".as_bytes().to_vec()), // reusing the same CKA_ID ]; @@ -825,7 +825,7 @@ fn session_objecthandle_iterator() -> testresult::TestResult { let key_template = vec![ Attribute::Token(true), Attribute::Encrypt(true), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Label(format!("key_{}", i).as_bytes().to_vec()), Attribute::Id("12345678".as_bytes().to_vec()), // reusing the same CKA_ID ]; @@ -915,7 +915,7 @@ fn wrap_and_unwrap_key() { let key_to_be_wrapped_template = vec![ Attribute::Token(true), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into().unwrap()), // the key needs to be extractable to be suitable for being wrapped Attribute::Extractable(true), Attribute::Encrypt(true), @@ -1197,7 +1197,7 @@ fn get_attribute_info_test() -> TestResult { session.generate_key_pair(&mechanism, &pub_key_template, &priv_key_template)?; let pub_attribs = vec![AttributeType::PublicExponent, AttributeType::Modulus]; - let mut priv_attribs = [ + let priv_attribs = [ AttributeType::PublicExponent, AttributeType::Modulus, AttributeType::PrivateExponent, @@ -1369,7 +1369,7 @@ fn aes_key_attributes_test() -> TestResult { Attribute::Class(ObjectClass::SECRET_KEY), Attribute::Token(true), Attribute::Sensitive(true), - Attribute::ValueLen(16.into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::KeyType(KeyType::AES), Attribute::Label(b"testAES".to_vec()), Attribute::Private(true), @@ -1465,7 +1465,7 @@ fn session_copy_object() -> TestResult { Attribute::Private(true), Attribute::Sensitive(true), Attribute::Extractable(false), - Attribute::ValueLen(16.into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Label("original".as_bytes().to_vec()), ]; @@ -1678,7 +1678,7 @@ fn sha256_digest_multipart_with_key() -> TestResult { let key_template = vec![ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), // Key must be non-sensitive and extractable to get its bytes and digest them directly, for comparison Attribute::Sensitive(false), Attribute::Extractable(true), @@ -1771,6 +1771,7 @@ fn sha256_digest_multipart_already_initialized() -> TestResult { Ok(()) } +#[cfg(target_pointer_width = "64")] #[test] #[serial] fn gcm_param_graceful_failure() -> TestResult { @@ -2119,7 +2120,7 @@ fn ekdf_aes_cbc_encrypt_data() -> TestResult { Attribute::Token(true), Attribute::Sensitive(true), Attribute::Private(true), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; @@ -2179,7 +2180,7 @@ fn kbkdf_counter_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2190,7 +2191,7 @@ fn kbkdf_counter_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -2234,7 +2235,7 @@ fn kbkdf_counter_mode() -> TestResult { let wanted_attributes = [ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2272,7 +2273,7 @@ fn kbkdf_feedback_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2283,7 +2284,7 @@ fn kbkdf_feedback_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -2350,7 +2351,7 @@ fn kbkdf_feedback_mode() -> TestResult { let wanted_attributes = [ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2389,7 +2390,7 @@ fn kbkdf_double_pipeline_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2400,7 +2401,7 @@ fn kbkdf_double_pipeline_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -2440,7 +2441,7 @@ fn kbkdf_double_pipeline_mode() -> TestResult { let wanted_attributes = [ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2478,7 +2479,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2490,7 +2491,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ], @@ -2499,7 +2500,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Sign(true), Attribute::Verify(true), ], @@ -2570,7 +2571,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2580,7 +2581,7 @@ fn kbkdf_additional_keys_counter_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(false), Attribute::Decrypt(false), Attribute::Sign(true), @@ -2634,7 +2635,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2646,7 +2647,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ], @@ -2655,7 +2656,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Sign(true), Attribute::Verify(true), ], @@ -2759,7 +2760,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2769,7 +2770,7 @@ fn kbkdf_additional_keys_feedback_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(false), Attribute::Decrypt(false), Attribute::Sign(true), @@ -2819,7 +2820,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2831,7 +2832,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ], @@ -2840,7 +2841,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Sign(true), Attribute::Verify(true), ], @@ -2907,7 +2908,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), Attribute::Sign(false), @@ -2917,7 +2918,7 @@ fn kbkdf_additional_keys_double_pipeline_mode() -> TestResult { vec![ Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES128_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES128_BLOCK_SIZE.try_into()?), Attribute::Encrypt(false), Attribute::Decrypt(false), Attribute::Sign(true), @@ -2971,7 +2972,7 @@ fn kbkdf_invalid_data_params_counter_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -2982,7 +2983,7 @@ fn kbkdf_invalid_data_params_counter_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -3120,7 +3121,7 @@ fn kbkdf_invalid_data_params_feedback_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -3131,7 +3132,7 @@ fn kbkdf_invalid_data_params_feedback_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -3243,7 +3244,7 @@ fn kbkdf_invalid_data_params_double_pipeline_mode() -> TestResult { let base_template = [ Attribute::Token(true), Attribute::Private(false), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Derive(true), ]; let base_key = session.generate_key(&Mechanism::AesKeyGen, &base_template)?; @@ -3254,7 +3255,7 @@ fn kbkdf_invalid_data_params_double_pipeline_mode() -> TestResult { Attribute::Private(false), Attribute::Class(ObjectClass::SECRET_KEY), Attribute::KeyType(KeyType::AES), - Attribute::ValueLen((AES256_BLOCK_SIZE as u64).into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), Attribute::Decrypt(true), ]; @@ -3707,7 +3708,7 @@ fn unique_id() -> TestResult { let generate_template = vec![ Attribute::Token(true), - Attribute::ValueLen(32.into()), + Attribute::ValueLen(AES256_BLOCK_SIZE.try_into()?), Attribute::Encrypt(true), ];