NXP PKCS#11 Parsec integration testing.

[sahilnxp]

Hi,

I have just integrated the Parsec PKCS#11 Provider with NXP PKCS#11 Library and ran already available tests in the PARSEC only and all of them gets passed. From below dump it looks like there are only 15 tests done, and there is no cryptography tests like key generation/encryption/decryption tests. I am curious to know if currently only these tests are supported with PKCS#11 or we can do more testing with some other commands ?

Tested this on LS1046 board.

Thanks in advance. Sahil

root@localhost:~/parsec# git clone https://github.com/tpm2-software/tpm2-tss.git^C
root@localhost:~/parsec# RUST_LOG=info ./target/debug/parsec -c e2e_tests/provider_cfg/pkcs11/config.toml &
[2] 8400
[INFO  parsec] Parsec started. Configuring the service...
[INFO  parsec_service::utils::service_builder] Creating a PKCS 11 Provider.
[INFO  parsec_service::providers::pkcs11] Building a PKCS 11 provider with library '/usr/lib/libpkcs11.so'
[WARN  parsec_service::utils::service_builder] Direct authenticator has been set as the default one. It is only secure under specific requirements. Please make sure to read the Recommendations on a Secure Parsec Deployment at https://parallaxsecond.github.io/parsec-book/parsec_security/secure_deployment.html
[WARN  parsec_service::front::domain_socket] Removing the existing socket file at /tmp/parsec.sock.
[INFO  parsec] Parsec is ready.
root@localhost:~/parsec#

root@localhost:~/parsec# cargo test --features pkcs11-provider
    Finished test [unoptimized + debuginfo] target(s) in 0.21s
     Running unittests (target/debug/deps/parsec_service-75d8cd3006b96a11)

running 15 tests
test authenticators::unix_peer_credentials_authenticator::test::successful_authentication ... ok
test authenticators::unix_peer_credentials_authenticator::test::unsuccessful_authentication_no_metadata ... ok
test authenticators::unix_peer_credentials_authenticator::test::admin_check ... ok
test authenticators::unix_peer_credentials_authenticator::test::unsuccessful_authentication_wrong_declared_uid ... ok
test authenticators::unix_peer_credentials_authenticator::test::unsuccessful_authentication_wrong_metadata ... ok
test authenticators::unix_peer_credentials_authenticator::test::unsuccessful_authentication_garbage_data ... ok
test key_info_managers::on_disk_manager::test::big_names_emoticons ... ok
test key_info_managers::on_disk_manager::test::big_names_ascii ... ok
test key_info_managers::on_disk_manager::test::exists ... ok
test key_info_managers::on_disk_manager::test::insert_get_key_info ... ok
test key_info_managers::on_disk_manager::test::insert_overwrites ... ok
test providers::core::tests::test_ping ... ok
test key_info_managers::on_disk_manager::test::remove_unexisting_key ... ok
test key_info_managers::on_disk_manager::test::insert_remove_key ... ok
test key_info_managers::on_disk_manager::test::create_and_load ... ok

test result: ok. 15 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

     Running unittests (target/debug/deps/parsec-5665ce8f2f648cee)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

   Doc-tests parsec-service

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

root@localhost:~/parsec# 

[hug-dev]

Hey @sahilnxp 👋!

Good question! Actually what you ran are only the Parsec unit tests. There is indeed a large base of tests that we call the end-to-end tests that are available in the e2e_tests folder. Those are crypto and key management tests that are executed against a running Parsec version.

To execute them, have a Parsec service running and then execute:

cargo test --features pkcs11-provider --manifest-path ./e2e_tests/Cargo.toml normal_tests

Let us know if that does not work, or if you need any help! Hopefully they all pass 🙏

You can find more information about testing in the book. We have a list of all of our tests in the subpage.