pkcs11: remove NUL byte from SO PIN and use ASCII characters #658
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
|
I shall probably provide a small C program to change the SO PIN to the new one on a test board that has already run |
|
Force-pushed to reword the commit message after @etienne-lms comments. No code change. |
jforissier
changed the title
etienne-lms
reviewed
Mar 24, 2023
|
|
PKCS#11 PINs are UTF-8 character strings. The default SO PIN used in the test suite contains a NUL, which causes issues with for example pkcs11-tool which interprets the NUL byte as the end of the string, thus making the slot impossible to use from the command line. Therefore, and for better compatibility with command-line tools after xtest has been run, use simpler (ASCII) values for both the SO and user PINs. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
jforissier
force-pushed
the
pkcs11-pins
branch
3 times, most recently
from
eba2f67
to
b1b3e05
Compare
|
I am updating this PR with two more commits:
(and sorry for the multiple pushes) |
etienne-lms
approved these changes
Apr 3, 2023
xtest pkcs11_1003 shows the following warning: o pkcs11_1003.3 Test C_Login()/C_Logout() with PIN based authentication Do_ADBG_EndSubCase: Active SubCase "Test C_Login()/C_Logout() with PIN based authentication" doesn't match supplied title "Test C_Login()/C_Logout() with PIN based authorization" Fix the second label. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
If the system under test is using the now deprecated binary SO PIN
('0x00', '0x01', '0x02' etc), change it to the new one automatically.
This is a compatibility patch to avoid failing any test on older
systems.
Tested on QEMUv8 by running "xtest -t pkcs11" once with optee_test at
commit c0a6172 ("regression 1013: lower number of loops when pager
is constrained"), in other words: before the SO PIN was changed, then a
second time with a build issued from this commit.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[Edited]
PKCS#11 PINs are UTF-8 character strings. The default SO PIN used in the
test suite contains a NUL, which causes issues with for example
pkcs11-tool which interprets the NUL byte as the end of the string, thus
making the slot impossible to use from the command line.
Therefore, and for better compatibility with command-line tools after
xtest has been run, use simpler (ASCII) values for both the SO and user
PINs.
Signed-off-by: Jerome Forissier jerome.forissier@linaro.org