1 This README is to keep a list facts and known workaround for the pkcs11 java tests

     2 perform as a result of bugs or features in NSS or other pkcs11 libraries.

     3 

     4 - NSS ECC None/Basic/Extended

     5 The tests detect the NSS library support for Elliptic Curves as to not

     6 report incorrect failures.  PKCS11 reports back CKR_DOMAIN_PARAMS_INVALID

     7 when the curve is not supported.

     8 

     9 - Default libsoftokn3.so

    10 By default PKCS11Test.java will look for libsoftokn3.so.  There are a number of

    11 tests, particularly in Secmod, that need libnss3.so.  The method useNSS() in

    12 PKCS11test.java is to change the search and version checking to libnss3.

    13 

    14 ECC Basic supports is secp256r1, secp384r1, and secp521r1.

    15 

    16 - A bug in NSS 3.12 (Mozilla bug 471665) causes AES key lengths to be

    17 read incorrectly. KeyStore/SecretKeysBasic.java tiggers this bug and

    18 knows to avoid it.

    19 

    20 - A number of EC tests fail because of a DER bug in NSS 3.11.  The best guess

    21 is Mozilla bug 480280.  Those tests that abort execution with a PASS result

    22 are:  TestECDH2, TestECDSA, TestECDSA2 and TestECGenSpec.