CKM: Adjust tests to TZ backend capabilities

No support for EC import in TZ.
No support for other hashes beside SHA1 in DS (TZ).
Adjust the tests temporarily.

Change-Id: I3604264af27cf5f5eda4758811b5d2fcf92943b3

diff --git a/src/ckm/unprivileged/capi-testcases.cpp b/src/ckm/unprivileged/capi-testcases.cpp
index d8049f2f9a7621fc8babfb65a73f7019e42c4966..f8e080386d2b84b0bf9e6654cc2340b9238f6eed 100644 (file)
--- a/src/ckm/unprivileged/capi-testcases.cpp
+++ b/src/ckm/unprivileged/capi-testcases.cpp
@@ -1333,6 +1333,8 @@ RUNNER_TEST(T3083b_CAPI__rsa_key_create_verify_hash_and_padding)
                                        &signature)),
                        CKMCReadableError(temp));
 
+// TZ backend does not support "no hash" and ignores padding option (public key is in TZ)
+#ifndef TZ_BACKEND
        // verify: no padding + no hash
        RUNNER_ASSERT_MSG(
                        CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
@@ -1354,6 +1356,7 @@ RUNNER_TEST(T3083b_CAPI__rsa_key_create_verify_hash_and_padding)
                                        CKMC_HASH_NONE,
                                        CKMC_PKCS1_PADDING)),
                        CKMCReadableError(temp));
+#endif
 
        // verify: no padding + hash
        RUNNER_ASSERT_MSG(
@@ -1379,6 +1382,8 @@ RUNNER_TEST(T3083b_CAPI__rsa_key_create_verify_hash_and_padding)
                                        &signature)),
                        CKMCReadableError(temp));
 
+// TZ backend does not support "no hash" option (public key is in TZ)
+#ifndef TZ_BACKEND
        // verify: padding + no hash
        RUNNER_ASSERT_MSG(
                        CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
@@ -1400,6 +1405,7 @@ RUNNER_TEST(T3083b_CAPI__rsa_key_create_verify_hash_and_padding)
                                        CKMC_HASH_NONE,
                                        CKMC_NONE_PADDING)),
                        CKMCReadableError(temp));
+#endif
 
        // verify: no padding + hash
        RUNNER_ASSERT_MSG(
@@ -1458,8 +1464,14 @@ RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
        prikey.password = key_passwd;
 
        ckmc_policy_s pripolicy;
+
        pripolicy.password = pri_passwd;
+
+#ifdef TZ_BACKEND // TZ backend does not support EC key import
+       pripolicy.extractable = 1;
+#else
        pripolicy.extractable = 0;
+#endif
 
        RUNNER_ASSERT_MSG(
                        CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
@@ -1649,7 +1661,7 @@ RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative)
        CKM::Alias pri_alias = "dsa-prv1";
        char *pri_passwd = NULL;
        char *pub_passwd = NULL;
-       ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+       ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA1;
        ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
        ckmc_raw_buffer_s *signature = NULL;
 
@@ -1664,6 +1676,7 @@ RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative)
        pubpolicy.extractable = 0;
 
        ckmc_policy_s pripolicy;
+
        pripolicy.password = pri_passwd;
        pripolicy.extractable = 1;
 
@@ -1855,7 +1868,11 @@ RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature)
 
        ckmc_policy_s pripolicy;
        pripolicy.password = pri_passwd;
+#ifdef TZ_BACKEND // TZ backend does not support EC key import
+       pripolicy.extractable = 1;
+#else
        pripolicy.extractable = 0;
+#endif
 
 
        RUNNER_ASSERT_MSG(