only use single mechanism per marker, as the fixture only checks the first parameter

mathiasertl · mathiasertl · commit 194eb61760fc · 2024-12-15T00:11:29.000+01:00
diff --git a/tests/test_des.py b/tests/test_des.py
@@ -20,7 +20,8 @@ def test_generate_des3_key(session: pkcs11.Session):
     assert isinstance(key, pkcs11.SecretKey)
 
 
-@pytest.mark.requires(Mechanism.DES2_KEY_GEN, Mechanism.DES3_CBC_PAD)
+@pytest.mark.requires(Mechanism.DES2_KEY_GEN)
+@pytest.mark.requires(Mechanism.DES3_CBC_PAD)
 def test_encrypt_des2(session: pkcs11.Session):
     key = session.generate_key(KeyType.DES2)
 
@@ -31,7 +32,8 @@ def test_encrypt_des2(session: pkcs11.Session):
     assert plaintext == b"PLAIN TEXT_"
 
 
-@pytest.mark.requires(Mechanism.DES3_KEY_GEN, Mechanism.DES3_CBC_PAD)
+@pytest.mark.requires(Mechanism.DES3_KEY_GEN)
+@pytest.mark.requires(Mechanism.DES3_CBC_PAD)
 def test_encrypt_des3(session: pkcs11.Session):
     key = session.generate_key(KeyType.DES3)
 
diff --git a/tests/test_dh.py b/tests/test_dh.py
@@ -15,7 +15,8 @@
 )
 
 
-@pytest.mark.requires(Mechanism.DH_PKCS_KEY_PAIR_GEN, Mechanism.DH_PKCS_DERIVE)
+@pytest.mark.requires(Mechanism.DH_PKCS_KEY_PAIR_GEN)
+@pytest.mark.requires(Mechanism.DH_PKCS_DERIVE)
 @pytest.mark.xfail_opencryptoki  # AttributeValueInvalid when generating keypair
 def test_derive_key(session: pkcs11.Session) -> None:
     # Alice and Bob each create a Diffie-Hellman keypair from the
@@ -371,7 +372,8 @@ def test_load_params(session: pkcs11.Session) -> None:
     assert params[Attribute.PRIME][:4] == b"\xad\x10\x7e\x1e"
 
 
-@pytest.mark.requires(Mechanism.DH_PKCS_PARAMETER_GEN, Mechanism.DH_PKCS_KEY_PAIR_GEN)
+@pytest.mark.requires(Mechanism.DH_PKCS_PARAMETER_GEN)
+@pytest.mark.requires(Mechanism.DH_PKCS_KEY_PAIR_GEN)
 def test_generate_params(session: pkcs11.Session) -> None:
     params = session.generate_domain_parameters(KeyType.DH, 512)
     assert isinstance(params, DomainParameters)
diff --git a/tests/test_digest.py b/tests/test_digest.py
@@ -32,7 +32,8 @@ def test_digest_generator(session: pkcs11.Session) -> None:
     assert digest == m.digest()
 
 
-@pytest.mark.requires(Mechanism.AES_KEY_GEN, Mechanism.SHA256)
+@pytest.mark.requires(Mechanism.AES_KEY_GEN)
+@pytest.mark.requires(Mechanism.SHA256)
 @pytest.mark.skipif(IS_NFAST, reason="nFast can't digest keys")
 def test_digest_key(session: pkcs11.Session) -> None:
     key = session.generate_key(
@@ -44,7 +45,8 @@ def test_digest_key(session: pkcs11.Session) -> None:
     assert digest == hashlib.sha256(key[Attribute.VALUE]).digest()
 
 
-@pytest.mark.requires(Mechanism.AES_KEY_GEN, Mechanism.SHA256)
+@pytest.mark.requires(Mechanism.AES_KEY_GEN)
+@pytest.mark.requires(Mechanism.SHA256)
 @pytest.mark.skipif(IS_NFAST, reason="nFast can't digest keys")
 def test_digest_key_data(session: pkcs11.Session) -> None:
     key = session.generate_key(
diff --git a/tests/test_dsa.py b/tests/test_dsa.py
@@ -30,7 +30,8 @@ def test_generate_params(session: pkcs11.Session) -> None:
     encode_dsa_domain_parameters(parameters)
 
 
-@pytest.mark.requires(Mechanism.DSA_KEY_PAIR_GEN, Mechanism.DSA_SHA1)
+@pytest.mark.requires(Mechanism.DSA_KEY_PAIR_GEN)
+@pytest.mark.requires(Mechanism.DSA_SHA1)
 def test_generate_keypair_and_sign(session: pkcs11.Session):
     dhparams = session.create_domain_parameters(
         KeyType.DSA, decode_dsa_domain_parameters(DHPARAMS), local=True
@@ -47,7 +48,8 @@ def test_generate_keypair_and_sign(session: pkcs11.Session):
 
 
 @pytest.mark.xfail_nfast
-@pytest.mark.requires(Mechanism.DSA_PARAMETER_GEN, Mechanism.DSA_KEY_PAIR_GEN)
+@pytest.mark.requires(Mechanism.DSA_PARAMETER_GEN)
+@pytest.mark.requires(Mechanism.DSA_KEY_PAIR_GEN)
 def test_generate_keypair_directly(session: pkcs11.Session):
     public, private = session.generate_keypair(KeyType.DSA, 1024)
     assert len(public[Attribute.VALUE]) == 1024 // 8
diff --git a/tests/test_ecc.py b/tests/test_ecc.py
@@ -17,7 +17,8 @@
 )
 
 
-@pytest.mark.requires(Mechanism.EC_KEY_PAIR_GEN, Mechanism.ECDSA)
+@pytest.mark.requires(Mechanism.EC_KEY_PAIR_GEN)
+@pytest.mark.requires(Mechanism.ECDSA)
 def test_sign_ecdsa(session: pkcs11.Session) -> None:
     parameters = session.create_domain_parameters(
         KeyType.EC,
@@ -33,7 +34,8 @@ def test_sign_ecdsa(session: pkcs11.Session) -> None:
     assert pub.verify(data, ecdsa, mechanism=mechanism)
 
 
-@pytest.mark.requires(Mechanism.EC_KEY_PAIR_GEN, Mechanism.ECDH1_DERIVE)
+@pytest.mark.requires(Mechanism.EC_KEY_PAIR_GEN)
+@pytest.mark.requires(Mechanism.ECDH1_DERIVE)
 def test_derive_key(session: pkcs11.Session) -> None:
     # DER encoded EC params from OpenSSL
     # openssl ecparam -out ec_param.der -name prime192v1
@@ -151,7 +153,8 @@ def test_import_key_pair(session: pkcs11.Session) -> None:
     assert pub.verify(b"Example", signature, mechanism=Mechanism.ECDSA)
 
 
-@pytest.mark.requires(Mechanism.EC_EDWARDS_KEY_PAIR_GEN, Mechanism.EDDSA)
+@pytest.mark.requires(Mechanism.EC_EDWARDS_KEY_PAIR_GEN)
+@pytest.mark.requires(Mechanism.EDDSA)
 def test_sign_eddsa(session: pkcs11.Session) -> None:
     parameters = session.create_domain_parameters(
         KeyType.EC_EDWARDS,
diff --git a/tests/test_iterators.py b/tests/test_iterators.py
@@ -7,7 +7,8 @@
 import pkcs11
 
 
-@pytest.mark.requires(pkcs11.Mechanism.AES_KEY_GEN, pkcs11.Mechanism.AES_CBC_PAD)
+@pytest.mark.requires(pkcs11.Mechanism.AES_KEY_GEN)
+@pytest.mark.requires(pkcs11.Mechanism.AES_CBC_PAD)
 def test_partial_decrypt(session: pkcs11.Session) -> None:
     session.generate_key(pkcs11.KeyType.AES, 128, label="LOOK ME UP")
 
@@ -25,7 +26,8 @@ def test_partial_decrypt(session: pkcs11.Session) -> None:
         next(iter2)
 
 
-@pytest.mark.requires(pkcs11.Mechanism.AES_KEY_GEN, pkcs11.Mechanism.AES_CBC_PAD)
+@pytest.mark.requires(pkcs11.Mechanism.AES_KEY_GEN)
+@pytest.mark.requires(pkcs11.Mechanism.AES_CBC_PAD)
 # Ideally deleting iterator #1 would terminate the operation, but it
 # currently does not.
 @pytest.mark.xfail
diff --git a/tests/test_sessions.py b/tests/test_sessions.py
@@ -60,7 +60,8 @@ def test_generate_key(token: pkcs11.Token, pin: str) -> None:
         assert key.label == "MY KEY"
 
 
-@pytest.mark.requires(pkcs11.Mechanism.RSA_PKCS_KEY_PAIR_GEN, pkcs11.Mechanism.RSA_PKCS)
+@pytest.mark.requires(pkcs11.Mechanism.RSA_PKCS_KEY_PAIR_GEN)
+@pytest.mark.requires(pkcs11.Mechanism.RSA_PKCS)
 def test_generate_keypair(token: pkcs11.Token, pin: str) -> None:
     with token.open(user_pin=pin) as session:
         pub, priv = session.generate_keypair(pkcs11.KeyType.RSA, 1024)
diff --git a/tests/test_x509.py b/tests/test_x509.py
@@ -241,7 +241,8 @@ def test_self_sign_certificate(tmpdir: Path, session: pkcs11.Session) -> None:
 
 
 @pytest.mark.skipif(OPENSSL is None, reason="openssl command not found.")
-@pytest.mark.requires(Mechanism.RSA_PKCS_KEY_PAIR_GEN, Mechanism.SHA1_RSA_PKCS)
+@pytest.mark.requires(Mechanism.RSA_PKCS_KEY_PAIR_GEN)
+@pytest.mark.requires(Mechanism.SHA1_RSA_PKCS)
 def test_sign_csr(session: pkcs11.Session) -> None:
     # Warning: proof of concept code only!
     pub, priv = session.generate_keypair(KeyType.RSA, 1024)
