Warning: Do not run this test suite against a PKCS#11 token that contains real data; some of the tests may erase or permanently lock the token.

This repository holds a test suite for, and is therefore derived from, the RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki).

To build the test program on Linux, just run make. To run the tests against common Linux PKCS#11 implementations:

• Run make test_chaps to test against a Chaps installation.
• Run make test_opencryptoki to test against an OpenCryptoKi installation.

This is NOT an official Google product.

The test program requires the following command-line parameters to be set:

• -m libname: Provide the name of the PKCS#11 library to test.
• -l libpath: Provide the path holding the PKCS#11 library.

There are also several optional command-line parameters:

• -s slotid: Provide the slot ID that will be used for the tests
• -v: Generate verbose output.
• -u pwd: Provide the user PIN/password.
• -o pwd: Provide the security officer PIN/password.
• -I: Perform token initialization tests. This will wipe the contents of the PKCS#11 token

The test program uses Google Test, and the Google Test command line options are also available. In particular, --gtest_filter=<filter> can be used to run a subset of the tests.