[glib-networking/wip/tingping/tls-1.2-test] tests: Fix PKCS11 test with TLS 1.2

[Patrick Griffis <pgriffis src gnome org>]

commit aea3d85fd96507c0286b24647c26b8c8225e0255
Author: Patrick Griffis <tingping tingping se>
Date:   Wed Nov 20 14:02:49 2019 -0800

    tests: Fix PKCS11 test with TLS 1.2

 tls/tests/mock-pkcs11.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)
---
diff --git a/tls/tests/mock-pkcs11.c b/tls/tests/mock-pkcs11.c
index 7b617fe..706986e 100644
--- a/tls/tests/mock-pkcs11.c
+++ b/tls/tests/mock-pkcs11.c
@@ -183,6 +183,7 @@ static char *mock_search_template_label;
 static CK_ULONG mock_search_iterator = 0;
 static gboolean mock_logged_in_state = FALSE;
 static size_t mock_login_attempts = 0;
+static CK_ULONG mock_sign_algo = 0;
 
 static CK_FUNCTION_LIST pkcs11_mock_functions = 
 {
@@ -1976,8 +1977,9 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_P
         if (NULL == pMechanism)
                 return CKR_ARGUMENTS_BAD;
 
+        mock_sign_algo = pMechanism->mechanism;
 
-        // TODO: Hardcoded
+        // TODO: Hardcoded list
         if (CKM_RSA_PKCS_PSS == pMechanism->mechanism)
         {
                 CK_RSA_PKCS_PSS_PARAMS *params;
@@ -1992,6 +1994,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_P
                 // if (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hKey)
                 //         return CKR_KEY_TYPE_INCONSISTENT;
         }
+        else if (CKM_RSA_PKCS == pMechanism->mechanism)
+        {
+                // FIXME: Also assert SHA256?
+        }
         else
         {
                 g_assert_not_reached ();
@@ -2038,9 +2044,16 @@ CK_DEFINE_FUNCTION(CK_RV, C_Sign)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
 
         // TODO: Handle user not logged in
 
-        // TODO: Hardcoded algo
-        status = gnutls_privkey_sign_hash2 (mock_objects[pkcs11_mock_sign_key].key, 
GNUTLS_SIGN_RSA_PSS_SHA256,
-                                            GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, &data, &signature);
+        // TODO: Hardcoded algo list
+        if (mock_sign_algo == CKM_RSA_PKCS_PSS)
+                status = gnutls_privkey_sign_hash2 (mock_objects[pkcs11_mock_sign_key].key, 
GNUTLS_SIGN_RSA_PSS_SHA256,
+                                                    GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, &data, &signature);
+        else if (mock_sign_algo == CKM_RSA_PKCS)
+                status = gnutls_privkey_sign_hash2 (mock_objects[pkcs11_mock_sign_key].key, 
GNUTLS_SIGN_RSA_SHA256,
+                                                    GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, &data, &signature);
+        else
+                g_assert_not_reached ();
+
         // g_assert (status == GNUTLS_E_SUCCESS);
         if (status != GNUTLS_E_SUCCESS)
                 return CKR_FUNCTION_FAILED; // TODO: Best return code?