TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / 06f428a29f0d54eeeed6ea8ab593388d45f967cb / . / host / xtest / pkcs11_1000.c
blob: 6b3bf8226485f28acad9a390e8a68153a2ee9630 [file] [log] [blame]
Etienne Carriere9b7b70d2020-05-16 10:27:23 +0200[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]2/*
3 * Copyright (c) 2018, Linaro Limited
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]4 */
5
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]6#include <ck_debug.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]7#include <inttypes.h>
Vesa Jääskeläinenc95ee1e2021-03-06 12:20:12 +0200[diff] [blame]8#ifdef OPENSSL_FOUND
9#include <openssl/evp.h>
10#endif
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]11#include <pkcs11.h>
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]12#include <stdio.h>
13#include <stdlib.h>
14#include <string.h>
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]15#include <util.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]16
17#include "xtest_test.h"
18#include "xtest_helpers.h"
19
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]20#include <regression_4000_data.h>
21
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]22/*
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]23 * Some PKCS#11 object resources used in the tests
24 */
25static const CK_BYTE cktest_aes128_key[16];
26
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]27static const CK_BYTE cktest_aes128_iv[16];
28
29static const CK_AES_CTR_PARAMS cktest_aes_ctr_params = {
30 .ulCounterBits = 1,
31};
32
33static CK_MECHANISM cktest_aes_ecb_mechanism = {
34 CKM_AES_ECB,
35 NULL, 0,
36};
37static CK_MECHANISM cktest_aes_cbc_mechanism = {
38 CKM_AES_CBC,
39 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
40};
41static CK_MECHANISM cktest_aes_ctr_mechanism = {
42 CKM_AES_CTR,
43 (CK_BYTE_PTR)&cktest_aes_ctr_params, sizeof(cktest_aes_ctr_params),
44};
45static CK_MECHANISM cktest_aes_cts_mechanism = {
46 CKM_AES_CTS,
47 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
48};
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]49static CK_MECHANISM cktest_hmac_md5_mechanism = {
50 CKM_MD5_HMAC, NULL, 0,
51};
52static CK_MECHANISM cktest_hmac_sha1_mechanism = {
53 CKM_SHA_1_HMAC, NULL, 0,
54};
55static CK_MECHANISM cktest_hmac_sha224_mechanism = {
56 CKM_SHA224_HMAC, NULL, 0,
57};
58static CK_MECHANISM cktest_hmac_sha256_mechanism = {
59 CKM_SHA256_HMAC, NULL, 0,
60};
61static CK_MECHANISM cktest_hmac_sha384_mechanism = {
62 CKM_SHA384_HMAC, NULL, 0,
63};
64static CK_MECHANISM cktest_hmac_sha512_mechanism = {
65 CKM_SHA512_HMAC, NULL, 0,
66};
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]67static CK_MECHANISM cktest_gensecret_keygen_mechanism = {
68 CKM_GENERIC_SECRET_KEY_GEN, NULL, 0,
69};
70static CK_MECHANISM cktest_aes_keygen_mechanism = {
71 CKM_AES_KEY_GEN, NULL, 0,
72};
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]73
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]74/*
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]75 * Util to find a slot on which to open a session
76 */
77static CK_RV close_lib(void)
78{
79 return C_Finalize(0);
80}
81
82static CK_RV init_lib_and_find_token_slot(CK_SLOT_ID *slot)
83{
84 CK_RV rv = CKR_GENERAL_ERROR;
85 CK_SLOT_ID_PTR slots = NULL;
86 CK_ULONG count = 0;
87
88 rv = C_Initialize(0);
89 if (rv)
90 return rv;
91
92 rv = C_GetSlotList(CK_TRUE, NULL, &count);
93 if (rv != CKR_OK)
94 goto bail;
95
96 if (count < 1) {
97 rv = CKR_GENERAL_ERROR;
98 goto bail;
99 }
100
101 slots = malloc(count * sizeof(CK_SLOT_ID));
102 if (!slots) {
103 rv = CKR_HOST_MEMORY;
104 goto bail;
105 }
106
107 rv = C_GetSlotList(CK_TRUE, slots, &count);
108 if (rv)
109 goto bail;
110
111 /* Use the last slot */
112 *slot = slots[count - 1];
113
114bail:
115 free(slots);
116 if (rv)
117 close_lib();
118
119 return rv;
120}
121
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]122static void xtest_pkcs11_test_1000(ADBG_Case_t *c)
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]123{
124 CK_RV rv;
125
126 rv = C_Initialize(NULL);
127 if (!ADBG_EXPECT_CK_OK(c, rv))
128 return;
129
130 rv = C_Finalize(NULL);
131 if (!ADBG_EXPECT_CK_OK(c, rv))
132 return;
133
134 rv = C_Initialize(NULL);
135 if (!ADBG_EXPECT_CK_OK(c, rv))
136 return;
137
138 rv = C_Initialize(NULL);
139 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_ALREADY_INITIALIZED, rv);
140
141 rv = C_Finalize(NULL);
142 ADBG_EXPECT_CK_OK(c, rv);
Etienne Carriere21f4e3c2020-02-05 15:40:24 +0100[diff] [blame]143
144 rv = C_Finalize(NULL);
145 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_NOT_INITIALIZED, rv);
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]146}
147
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]148ADBG_CASE_DEFINE(pkcs11, 1000, xtest_pkcs11_test_1000,
149 "Initialize and close Cryptoki library");
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]150
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]151static void xtest_pkcs11_test_1001(ADBG_Case_t *c)
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]152{
153 CK_RV rv = CKR_GENERAL_ERROR;
154 CK_SLOT_ID_PTR slot_ids = NULL;
155 CK_ULONG slot_count = 0;
156 CK_ULONG present_slot_count = 0;
157 CK_INFO lib_info = { };
158 CK_SLOT_INFO slot_info = { };
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]159 CK_TOKEN_INFO token_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]160 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
161 size_t i = 0;
162 CK_SLOT_ID max_slot_id = 0;
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]163 CK_MECHANISM_TYPE_PTR mecha_types = NULL;
164 CK_ULONG mecha_count = 0;
165 CK_MECHANISM_INFO mecha_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]166
167 rv = C_Initialize(NULL);
168 if (!ADBG_EXPECT_CK_OK(c, rv))
169 return;
170
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]171 Do_ADBG_BeginSubCase(c, "Test C_GetFunctionList()");
172
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]173 rv = C_GetFunctionList(&ckfunc_list);
174 if (!ADBG_EXPECT_CK_OK(c, rv))
175 goto out;
176
177 if (!ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetInfo) ||
178 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotList) ||
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]179 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotInfo) ||
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]180 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetTokenInfo) ||
181 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismList) ||
182 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismInfo))
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]183 goto out;
184
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]185 Do_ADBG_EndSubCase(c, "Test C_GetFunctionList()");
186 Do_ADBG_BeginSubCase(c, "Test C_GetInfo()");
187
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]188 rv = C_GetInfo(&lib_info);
189 if (!ADBG_EXPECT_CK_OK(c, rv))
190 goto out;
191
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]192 Do_ADBG_EndSubCase(c, "Test C_GetInfo()");
193 Do_ADBG_BeginSubCase(c, "Test C_GetSlotList()");
194
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]195 rv = C_GetSlotList(0, NULL, &slot_count);
196 if (!ADBG_EXPECT_CK_OK(c, rv))
197 goto out;
198
199 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, !=, 0))
200 goto out;
201
Etienne Carrierede746332020-03-04 19:43:53 +0100[diff] [blame]202 if (slot_count > 1) {
203 /* Ensure case non-NULL-buffer and zero-count is tested */
204 CK_SLOT_ID id = 0;
205
206 slot_count = 0;
207 rv = C_GetSlotList(0, &id, &slot_count);
208 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
209 goto out;
210 }
211
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]212 rv = C_GetSlotList(1, NULL, &present_slot_count);
213 if (!ADBG_EXPECT_CK_OK(c, rv))
214 goto out;
215
216 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, ==,
217 present_slot_count))
218 goto out;
219
220 slot_ids = calloc(slot_count, sizeof(CK_SLOT_ID));
221 if (!ADBG_EXPECT_NOT_NULL(c, slot_ids))
222 goto out;
223
224 slot_count--;
225 rv = C_GetSlotList(1, slot_ids, &slot_count);
226 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
227 goto out;
228
229 rv = C_GetSlotList(1, slot_ids, &slot_count);
230 if (!ADBG_EXPECT_CK_OK(c, rv))
231 goto out;
232
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]233 Do_ADBG_EndSubCase(c, "Test C_GetSlotList()");
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]234 Do_ADBG_BeginSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]235
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]236 for (i = 0; i < slot_count; i++) {
237 CK_SLOT_ID slot = slot_ids[i];
238
239 rv = C_GetSlotInfo(slot, &slot_info);
240 if (!ADBG_EXPECT_CK_OK(c, rv))
241 goto out;
242
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]243 rv = C_GetTokenInfo(slot, &token_info);
244 if (!ADBG_EXPECT_CK_OK(c, rv))
245 goto out;
246
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]247 if (max_slot_id < slot)
248 max_slot_id = slot;
249 }
250
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]251 Do_ADBG_EndSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]252 Do_ADBG_BeginSubCase(c, "Test C_GetMechanism{List|Info}()");
253
254 for (i = 0; i < slot_count; i++) {
255 CK_SLOT_ID slot = slot_ids[i];
256 size_t j = 0;
257
258 mecha_count = 0;
259 rv = C_GetMechanismList(slot, NULL, &mecha_count);
260 if (!ADBG_EXPECT_CK_OK(c, rv))
261 goto out;
262
263 if (mecha_count == 0)
264 continue;
265
266 free(mecha_types);
267 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
268 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
269 goto out;
270
271 /* Test specific case: valid buffer reference with 0 count */
272 mecha_count = 0;
273 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
274 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
275 goto out;
276
277 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
278 if (!ADBG_EXPECT_CK_OK(c, rv))
279 goto out;
280
281 for (j = 0; j < mecha_count; j++) {
282 rv = C_GetMechanismInfo(slot, mecha_types[j],
283 &mecha_info);
284 if (!ADBG_EXPECT_CK_OK(c, rv))
285 goto out;
286 }
287 }
288
289 Do_ADBG_EndSubCase(c, "Test C_GetMechanism{List|Info}()");
Vesa Jääskeläinen60298cc2021-01-19 09:06:00 +0200[diff] [blame]290 Do_ADBG_BeginSubCase(c, "Test C_GetMechanismList() with larger result buffer");
291
292 for (i = 0; i < slot_count; i++) {
293 CK_SLOT_ID slot = slot_ids[i];
294 CK_ULONG real_mecha_count = 0;
295 CK_ULONG alloc_mecha_count = 0;
296 uint8_t *data_ptr = NULL;
297 size_t j = 0;
298
299 rv = C_GetMechanismList(slot, NULL, &real_mecha_count);
300 if (!ADBG_EXPECT_CK_OK(c, rv))
301 goto out;
302
303 if (real_mecha_count == 0)
304 continue;
305
306 /* Allocate more memory for mechanisms than required */
307 alloc_mecha_count = real_mecha_count + 16;
308 mecha_count = alloc_mecha_count;
309
310 free(mecha_types);
311 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
312 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
313 goto out;
314 memset(mecha_types, 0xCC,
315 alloc_mecha_count * sizeof(*mecha_types));
316
317 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
318 if (!ADBG_EXPECT_CK_OK(c, rv))
319 goto out;
320
321 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, mecha_count, ==,
322 real_mecha_count))
323 goto out;
324
325 data_ptr = (uint8_t *)mecha_types;
326 for (j = real_mecha_count * sizeof(*mecha_types);
327 j < alloc_mecha_count * sizeof(*mecha_types); j++)
328 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, data_ptr[j], ==,
329 0xCC))
330 break;
331 }
332
333 Do_ADBG_EndSubCase(c, "Test C_GetMechanismList() with larger result buffer");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]334 Do_ADBG_BeginSubCase(c, "Test C_Get*Info() with invalid reference");
335
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]336 rv = C_GetSlotInfo(max_slot_id + 1, &slot_info);
337 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
338 goto out;
339
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]340 rv = C_GetTokenInfo(max_slot_id + 1, &token_info);
341 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
342 goto out;
343
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]344 mecha_count = 1;
345 if (!mecha_types)
346 mecha_types = malloc(sizeof(*mecha_types));
347 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
348 goto out;
349
350 rv = C_GetMechanismList(max_slot_id + 1, mecha_types, &mecha_count);
351 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
352 goto out;
353
354 rv = C_GetMechanismInfo(max_slot_id + 1, CKM_AES_KEY_GEN, &mecha_info);
355 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
356 goto out;
357
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]358 rv = C_GetSlotInfo(ULONG_MAX, &slot_info);
359 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
360 goto out;
361
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]362 rv = C_GetTokenInfo(ULONG_MAX, &token_info);
363 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
364 goto out;
365
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]366 mecha_count = 1;
367 rv = C_GetMechanismList(ULONG_MAX, mecha_types, &mecha_count);
368 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
369 goto out;
370
371 rv = C_GetMechanismInfo(ULONG_MAX, CKM_AES_KEY_GEN, &mecha_info);
372 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
373 goto out;
374
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]375out:
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]376 Do_ADBG_EndSubCase(c, NULL);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]377 free(slot_ids);
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]378 free(mecha_types);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]379
380 rv = C_Finalize(NULL);
381 ADBG_EXPECT_CK_OK(c, rv);
382}
383
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]384ADBG_CASE_DEFINE(pkcs11, 1001, xtest_pkcs11_test_1001,
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]385 "PKCS11: List PKCS#11 slots and get information from");
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]386
387static void xtest_pkcs11_test_1002(ADBG_Case_t *c)
388{
389 CK_RV rv = CKR_GENERAL_ERROR;
390 CK_SLOT_ID slot = 0;
391 CK_SESSION_HANDLE session[3] = { 0 };
392 CK_FLAGS session_flags = 0;
393 CK_SESSION_INFO session_info = { };
394 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
395
396 rv = init_lib_and_find_token_slot(&slot);
397 if (!ADBG_EXPECT_CK_OK(c, rv))
398 return;
399
400 rv = C_GetFunctionList(&ckfunc_list);
401 if (!ADBG_EXPECT_CK_OK(c, rv) ||
402 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_OpenSession) ||
403 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseSession) ||
404 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseAllSessions) ||
405 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSessionInfo))
406 goto bail;
407
408 Do_ADBG_BeginSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
409
410 session_flags = CKF_RW_SESSION;
411
412 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
Vesa Jääskeläinenc1378d92020-12-31 12:53:10 +0200[diff] [blame]413 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_PARALLEL_NOT_SUPPORTED, rv))
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]414 goto bail;
415
416 session_flags = CKF_SERIAL_SESSION;
417
418 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
419 if (!ADBG_EXPECT_CK_OK(c, rv))
420 goto bail;
421
422 rv = C_GetSessionInfo(session[0], &session_info);
423 if (!ADBG_EXPECT_CK_OK(c, rv) ||
424 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
425 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
426 session_flags) ||
427 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
428 CKS_RO_PUBLIC_SESSION) ||
429 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
430 goto bail;
431
432 session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
433
434 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[1]);
435 if (!ADBG_EXPECT_CK_OK(c, rv))
436 goto bail;
437
438 rv = C_GetSessionInfo(session[1], &session_info);
439 if (!ADBG_EXPECT_CK_OK(c, rv) ||
440 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
441 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
442 session_flags) ||
443 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
444 CKS_RW_PUBLIC_SESSION) ||
445 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
446 goto bail;
447
448 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[2]);
449 if (!ADBG_EXPECT_CK_OK(c, rv))
450 goto bail;
451
452 rv = C_GetSessionInfo(session[2], &session_info);
453 if (!ADBG_EXPECT_CK_OK(c, rv) ||
454 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
455 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
456 session_flags) ||
457 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
458 CKS_RW_PUBLIC_SESSION) ||
459 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
460 goto bail;
461
462 Do_ADBG_EndSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
463 Do_ADBG_BeginSubCase(c, "Test C_CloseSession()");
464
465 /* Close 2 of them */
466 rv = C_CloseSession(session[0]);
467 if (!ADBG_EXPECT_CK_OK(c, rv))
468 goto bail;
469
470 rv = C_GetSessionInfo(session[0], &session_info);
471 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
472 goto bail;
473
474 rv = C_GetSessionInfo(session[1], &session_info);
475 if (!ADBG_EXPECT_CK_OK(c, rv))
476 goto bail;
477
478 rv = C_GetSessionInfo(session[2], &session_info);
479 if (!ADBG_EXPECT_CK_OK(c, rv))
480 goto bail;
481
482 /* Close all remaining sessions, later calls should failed on session */
483 rv = C_CloseAllSessions(slot);
484 if (!ADBG_EXPECT_CK_OK(c, rv))
485 goto bail;
486
487 rv = C_CloseSession(session[1]);
488 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
489 goto bail;
490
491 rv = C_CloseSession(session[2]);
492 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
493 goto bail;
494
495 rv = C_GetSessionInfo(session[1], &session_info);
496 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
497 goto bail;
498
499 rv = C_GetSessionInfo(session[2], &session_info);
500 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
501 goto bail;
502
503 /* Open a session, should be closed from library closure */
504 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
505 if (!ADBG_EXPECT_CK_OK(c, rv))
506 goto bail;
507
508bail:
509 Do_ADBG_EndSubCase(c, NULL);
510 rv = close_lib();
511 ADBG_EXPECT_CK_OK(c, rv);
512}
513
514ADBG_CASE_DEFINE(pkcs11, 1002, xtest_pkcs11_test_1002,
515 "PKCS11: Open and close PKCS#11 sessions");
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]516
517/*
518 * Helpers for tests where we must log into the token.
519 * These define the genuine PINs and label to be used with the test token.
520 */
521static CK_UTF8CHAR test_token_so_pin[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 , 9, 10, };
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]522static CK_UTF8CHAR test_token_user_pin[] = {
523 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
524};
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]525static CK_UTF8CHAR test_token_label[] = "PKCS11 TA test token";
526
527static CK_RV init_test_token(CK_SLOT_ID slot)
528{
529 return C_InitToken(slot, test_token_so_pin, sizeof(test_token_so_pin),
530 test_token_label);
531}
532
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]533/* Login as user, eventually reset user PIN if needed */
534static CK_RV init_user_test_token(CK_SLOT_ID slot)
535{
536 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
537 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
538 CK_RV rv = CKR_GENERAL_ERROR;
539
540 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
541 if (rv)
542 return rv;
543
544 rv = C_Login(session, CKU_USER, test_token_user_pin,
545 sizeof(test_token_user_pin));
546 if (rv == CKR_OK) {
547 C_Logout(session);
548 C_CloseSession(session);
549 return rv;
550 }
551
552 rv = C_Login(session, CKU_SO, test_token_so_pin,
553 sizeof(test_token_so_pin));
554 if (rv) {
555 C_CloseSession(session);
556
557 rv = init_test_token(slot);
558 if (rv)
559 return rv;
560
561 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
562 if (rv)
563 return rv;
564
565 rv = C_Login(session, CKU_SO, test_token_so_pin,
566 sizeof(test_token_so_pin));
567 if (rv) {
568 C_CloseSession(session);
569 return rv;
570 }
571 }
572
573 rv = C_InitPIN(session, test_token_user_pin,
574 sizeof(test_token_user_pin));
575
576 C_Logout(session);
577 C_CloseSession(session);
578
579 return rv;
580}
581
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]582static CK_RV test_already_initialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
583{
584 CK_RV rv = CKR_GENERAL_ERROR;
585 CK_TOKEN_INFO token_info = { };
586 /* Same content as test_token_so_pin[] but 1 more byte */
587 CK_UTF8CHAR pin1[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, };
588 /* Same content as test_token_so_pin[] but 1 different byte */
589 CK_UTF8CHAR pin2[] = { 0, 1, 2, 3, 4, 5, 6, 6, 8, 9, 10, };
590 CK_FLAGS flags = 0;
591
592 Do_ADBG_BeginSubCase(c, "C_InitToken() on initialized token");
593
594 rv = C_GetTokenInfo(slot, &token_info);
595 if (!ADBG_EXPECT_CK_OK(c, rv))
596 goto out;
597
598 rv = C_InitToken(slot, test_token_so_pin,
599 sizeof(test_token_so_pin) - 1, test_token_label);
600 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
601 goto out;
602
603 rv = C_InitToken(slot, pin1, sizeof(pin1), test_token_label);
604 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
605 goto out;
606
607 rv = C_InitToken(slot, pin2, sizeof(pin2), test_token_label);
608 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
609 goto out;
610
611 rv = C_GetTokenInfo(slot, &token_info);
612 if (!ADBG_EXPECT_CK_OK(c, rv))
613 goto out;
614
615 flags = token_info.flags;
616
617 /* Token should have set CKF_SO_PIN_COUNT_LOW to 1 */
618 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_SO_PIN_COUNT_LOW))) {
619 rv = CKR_GENERAL_ERROR;
620 goto out;
621 }
622
623 rv = init_test_token(slot);
624 if (!ADBG_EXPECT_CK_OK(c, rv))
625 goto out;
626
627 rv = C_GetTokenInfo(slot, &token_info);
628 if (!ADBG_EXPECT_CK_OK(c, rv))
629 goto out;
630
631 flags = token_info.flags;
632
633 /*
634 * Token should have reset CKF_SO_PIN_COUNT_LOW to 0.
635 * Other flags should show a sane initialized state.
636 */
637 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_SO_PIN_COUNT_LOW)) ||
638 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
639 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
640 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
641 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]642 goto out;
643 }
644
645 rv = init_user_test_token(slot);
646 if (!ADBG_EXPECT_CK_OK(c, rv))
647 goto out;
648
649 rv = C_GetTokenInfo(slot, &token_info);
650 if (!ADBG_EXPECT_CK_OK(c, rv))
651 goto out;
652
653 flags = token_info.flags;
654
655 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
656 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
657 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
658 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
659 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
660 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE))) {
661 rv = CKR_GENERAL_ERROR;
662 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]663 }
664
665out:
666 Do_ADBG_EndSubCase(c, "C_InitToken() on initialized token");
667
668 return rv;
669}
670
671static CK_RV test_uninitialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
672{
673 CK_RV rv = CKR_GENERAL_ERROR;
674 CK_TOKEN_INFO token_info = { };
675 CK_FLAGS flags = 0;
676
677 Do_ADBG_BeginSubCase(c, "C_InitToken() on uninitialized token");
678
679 rv = init_test_token(slot);
680 if (!ADBG_EXPECT_CK_OK(c, rv))
681 goto out;
682
683 rv = C_GetTokenInfo(slot, &token_info);
684 if (!ADBG_EXPECT_CK_OK(c, rv))
685 goto out;
686
687 flags = token_info.flags;
688
689 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
690 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
691 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
692 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]693 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]694 }
695
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]696 rv = init_user_test_token(slot);
697 if (!ADBG_EXPECT_CK_OK(c, rv))
698 goto out;
699
700 rv = C_GetTokenInfo(slot, &token_info);
701 if (!ADBG_EXPECT_CK_OK(c, rv))
702 goto out;
703
704 flags = token_info.flags;
705
706 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
707 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
708 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
709 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
710 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
711 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
712 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)))
713 rv = CKR_GENERAL_ERROR;
714
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]715out:
716 Do_ADBG_EndSubCase(c, "C_InitToken() on uninitialized token");
717
718 return rv;
719}
720
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]721static CK_RV test_login_logout(ADBG_Case_t *c, CK_SLOT_ID slot)
722{
723 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
724 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
725 CK_RV rv = CKR_GENERAL_ERROR;
726
727 Do_ADBG_BeginSubCase(c, "Test C_Login()/C_Logout()");
728
729 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
730 if (!ADBG_EXPECT_CK_OK(c, rv))
731 goto out;
732
733 /* Logout: should fail as we did not log in yet */
734 rv = C_Logout(session);
735 ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv);
736
737 /* Login/re-log/logout user */
738 rv = C_Login(session, CKU_USER, test_token_user_pin,
739 sizeof(test_token_user_pin));
740 if (!ADBG_EXPECT_CK_OK(c, rv))
741 goto out;
742
743 rv = C_Login(session, CKU_USER, test_token_user_pin,
744 sizeof(test_token_user_pin));
745 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
746
747 rv = C_Logout(session);
748 if (!ADBG_EXPECT_CK_OK(c, rv))
749 goto out;
750
751 /* Login/re-log/logout security officer */
752 rv = C_Login(session, CKU_SO, test_token_so_pin,
753 sizeof(test_token_so_pin));
754 if (!ADBG_EXPECT_CK_OK(c, rv))
755 goto out;
756
757 rv = C_Login(session, CKU_SO, test_token_so_pin,
758 sizeof(test_token_so_pin));
759 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
760
761 rv = C_Logout(session);
762 if (!ADBG_EXPECT_CK_OK(c, rv))
763 goto out;
764
765 /* Login user then SO and reverse */
766 rv = C_Login(session, CKU_SO, test_token_so_pin,
767 sizeof(test_token_so_pin));
768 ADBG_EXPECT_CK_OK(c, rv);
769
770 rv = C_Login(session, CKU_USER, test_token_user_pin,
771 sizeof(test_token_user_pin));
772 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
773
774 rv = C_Logout(session);
775 if (!ADBG_EXPECT_CK_OK(c, rv))
776 goto out;
777
778 rv = C_Login(session, CKU_USER, test_token_user_pin,
779 sizeof(test_token_user_pin));
780 ADBG_EXPECT_CK_OK(c, rv);
781
782 rv = C_Login(session, CKU_SO, test_token_so_pin,
783 sizeof(test_token_so_pin));
784 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
785
786 rv = C_Logout(session);
787 ADBG_EXPECT_CK_OK(c, rv);
788
789 /* Login context specifc, in an invalid case (need an operation) */
790 rv = C_Login(session, CKU_CONTEXT_SPECIFIC, test_token_user_pin,
791 sizeof(test_token_user_pin));
792 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
793
794 rv = C_CloseSession(session);
795 ADBG_EXPECT_CK_OK(c, rv);
796
797out:
798 Do_ADBG_EndSubCase(c, "Test C_Login()/C_Logout()");
799 return rv;
800}
801
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]802static CK_RV test_set_pin(ADBG_Case_t *c, CK_SLOT_ID slot,
803 CK_USER_TYPE user_type)
804{
805 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
806 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
807 CK_UTF8CHAR some_pin[] = { 7, 6, 5, 4, 3, 2, 1, 2, 3, 4, 5, 6, 7 };
808 CK_UTF8CHAR_PTR old_pin = NULL;
809 CK_USER_TYPE ut = user_type;
810 size_t old_pin_sz = 0;
811 CK_RV rv2 = CKR_OK;
812 CK_RV rv = CKR_OK;
813
814 Do_ADBG_BeginSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
815
816 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
817 if (!ADBG_EXPECT_CK_OK(c, rv))
818 goto out;
819
820 if (user_type == CKU_SO) {
821 old_pin = (CK_UTF8CHAR_PTR)test_token_so_pin;
822 old_pin_sz = sizeof(test_token_so_pin);
823 } else {
824 old_pin = (CK_UTF8CHAR_PTR)test_token_user_pin;
825 old_pin_sz = sizeof(test_token_user_pin);
826 ut = CKU_USER;
827 }
828
829 if (ut == user_type) {
830 rv = C_Login(session, ut, old_pin, old_pin_sz);
831 if (!ADBG_EXPECT_CK_OK(c, rv))
832 goto out_session;
833 }
834
835 rv = C_SetPIN(session, old_pin, old_pin_sz, some_pin, sizeof(some_pin));
836 if (!ADBG_EXPECT_CK_OK(c, rv)) {
837 if (ut == user_type)
838 goto out_logout;
839 else
840 goto out_session;
841 }
842
843 if (ut == user_type) {
844 rv = C_Logout(session);
845 if (!ADBG_EXPECT_CK_OK(c, rv))
846 goto out_session;
847 }
848
849 rv = C_Login(session, ut, some_pin, sizeof(some_pin));
850 if (!ADBG_EXPECT_CK_OK(c, rv))
851 goto out_session;
852
853 rv = C_SetPIN(session, some_pin, sizeof(some_pin), old_pin, old_pin_sz);
854 ADBG_EXPECT_CK_OK(c, rv);
855
856out_logout:
857 rv2 = C_Logout(session);
858 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
859 rv = rv2;
860out_session:
861 rv2 = C_CloseSession(session);
862 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
863 rv = rv2;
864out:
865 Do_ADBG_EndSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
866
867 return rv;
868}
869
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]870static void xtest_pkcs11_test_1003(ADBG_Case_t *c)
871{
872 CK_RV rv = CKR_GENERAL_ERROR;
873 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
874 CK_SLOT_ID slot = 0;
875 CK_TOKEN_INFO token_info = { };
876
877 rv = C_GetFunctionList(&ckfunc_list);
878 if (!ADBG_EXPECT_CK_OK(c, rv) ||
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]879 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitToken) ||
880 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitPIN) ||
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]881 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_SetPIN) ||
882 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Login) ||
883 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Logout))
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]884 goto out;
885
886 rv = init_lib_and_find_token_slot(&slot);
887 if (!ADBG_EXPECT_CK_OK(c, rv))
888 return;
889
890 rv = C_GetTokenInfo(slot, &token_info);
891 if (!ADBG_EXPECT_CK_OK(c, rv))
892 goto out;
893
894 /* Abort test if token is about to lock */
895 if (!ADBG_EXPECT_TRUE(c, !(token_info.flags & CKF_SO_PIN_FINAL_TRY)))
896 goto out;
897
898 if (!(token_info.flags & CKF_TOKEN_INITIALIZED)) {
899 rv = test_uninitialized_token(c, slot);
900 if (rv != CKR_OK)
901 goto out;
902 }
903
904 rv = test_already_initialized_token(c, slot);
905 if (rv != CKR_OK)
906 goto out;
907
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]908 rv = test_login_logout(c, slot);
909 if (rv != CKR_OK)
910 goto out;
911
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]912 rv = test_set_pin(c, slot, CKU_USER);
913 if (rv != CKR_OK)
914 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]915
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]916 rv = test_set_pin(c, slot, CKU_SO);
917 if (rv != CKR_OK)
918 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]919
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]920 /*
921 * CKU_CONTEXT_SPECIFIC is anything not CKU_USER or CKU_SO in order
922 * to skip the initial login.
923 */
924 test_set_pin(c, slot, CKU_CONTEXT_SPECIFIC);
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]925out:
926 rv = close_lib();
927 ADBG_EXPECT_CK_OK(c, rv);
928}
929
930ADBG_CASE_DEFINE(pkcs11, 1003, xtest_pkcs11_test_1003,
931 "PKCS11: Login to PKCS#11 token");
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]932
933static CK_ATTRIBUTE cktest_token_object[] = {
934 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
935 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
936 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
937 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
938 sizeof(CK_OBJECT_CLASS) },
939 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
940 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
941};
942
943static CK_ATTRIBUTE cktest_session_object[] = {
944 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
945 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
946 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
947 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
948 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
949 sizeof(CK_OBJECT_CLASS) },
950 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
951};
952
953/* Create session object and token object from a session */
954static void test_create_destroy_single_object(ADBG_Case_t *c, bool persistent)
955{
956 CK_RV rv = CKR_GENERAL_ERROR;
957 CK_SLOT_ID slot = 0;
958 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
959 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
960 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
961
962 rv = init_lib_and_find_token_slot(&slot);
963 if (!ADBG_EXPECT_CK_OK(c, rv))
964 return;
965
966 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
967 if (!ADBG_EXPECT_CK_OK(c, rv))
968 goto out;
969
970 if (persistent) {
971 rv = C_CreateObject(session, cktest_token_object,
972 ARRAY_SIZE(cktest_token_object),
973 &obj_hdl);
974 } else {
975 rv = C_CreateObject(session, cktest_session_object,
976 ARRAY_SIZE(cktest_session_object),
977 &obj_hdl);
978 }
979
980 if (!ADBG_EXPECT_CK_OK(c, rv))
981 goto out;
982
983 rv = C_DestroyObject(session, obj_hdl);
984 ADBG_EXPECT_CK_OK(c, rv);
985out:
986 rv = C_CloseSession(session);
987 ADBG_EXPECT_CK_OK(c, rv);
988
989 rv = close_lib();
990 ADBG_EXPECT_CK_OK(c, rv);
991}
992
993static void test_create_destroy_session_objects(ADBG_Case_t *c)
994{
995 CK_RV rv = CKR_GENERAL_ERROR;
996 CK_SLOT_ID slot = 0;
997 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
998 CK_OBJECT_HANDLE obj_hdl[512] = { 0 };
999 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
1000 size_t n = 0;
1001
1002 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
1003 obj_hdl[n] = CK_INVALID_HANDLE;
1004
1005 rv = init_lib_and_find_token_slot(&slot);
1006 if (!ADBG_EXPECT_CK_OK(c, rv))
1007 return;
1008
1009 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1010 if (!ADBG_EXPECT_CK_OK(c, rv))
1011 goto out;
1012
1013 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++) {
1014 rv = C_CreateObject(session, cktest_session_object,
1015 ARRAY_SIZE(cktest_session_object),
1016 obj_hdl + n);
1017
1018 if (rv == CKR_DEVICE_MEMORY || !ADBG_EXPECT_CK_OK(c, rv))
1019 break;
1020 }
1021
1022 Do_ADBG_Log(" created object count: %zu", n);
1023
1024 rv = C_CloseSession(session);
1025 ADBG_EXPECT_CK_OK(c, rv);
1026
1027 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1028 if (!ADBG_EXPECT_CK_OK(c, rv))
1029 goto out;
1030
1031 rv = C_CreateObject(session, cktest_session_object,
1032 ARRAY_SIZE(cktest_session_object),
1033 obj_hdl);
1034
1035 ADBG_EXPECT_CK_OK(c, rv);
1036
1037out:
1038 rv = C_CloseSession(session);
1039 ADBG_EXPECT_CK_OK(c, rv);
1040
1041 rv = close_lib();
1042 ADBG_EXPECT_CK_OK(c, rv);
1043}
1044
1045/* Create session object and token object from a session */
1046static void test_create_objects_in_session(ADBG_Case_t *c, bool readwrite)
1047{
1048 CK_RV rv = CKR_GENERAL_ERROR;
1049 CK_SLOT_ID slot = 0;
1050 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1051 CK_OBJECT_HANDLE token_obj_hld = CK_INVALID_HANDLE;
1052 CK_OBJECT_HANDLE session_obj_hld = CK_INVALID_HANDLE;
1053 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1054
1055 rv = init_lib_and_find_token_slot(&slot);
1056 if (!ADBG_EXPECT_CK_OK(c, rv))
1057 return;
1058
1059 if (readwrite)
1060 session_flags |= CKF_RW_SESSION;
1061
1062 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1063 if (!ADBG_EXPECT_CK_OK(c, rv))
1064 goto out;
1065
1066 rv = C_CreateObject(session, cktest_token_object,
1067 ARRAY_SIZE(cktest_token_object),
1068 &token_obj_hld);
1069
1070 if (readwrite) {
1071 if (!ADBG_EXPECT_CK_OK(c, rv))
1072 goto out;
1073 } else {
1074 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
1075 goto out;
1076 }
1077
1078 rv = C_CreateObject(session, cktest_session_object,
1079 ARRAY_SIZE(cktest_session_object),
1080 &session_obj_hld);
1081
1082 if (!ADBG_EXPECT_CK_OK(c, rv))
1083 goto out_tobj;
1084
1085 rv = C_DestroyObject(session, session_obj_hld);
1086 ADBG_EXPECT_CK_OK(c, rv);
1087
1088out_tobj:
1089 if (readwrite) {
1090 rv = C_DestroyObject(session, token_obj_hld);
1091 ADBG_EXPECT_CK_OK(c, rv);
1092 }
1093out:
1094 rv = C_CloseSession(session);
1095 ADBG_EXPECT_CK_OK(c, rv);
1096
1097 rv = close_lib();
1098 ADBG_EXPECT_CK_OK(c, rv);
1099}
1100
1101static void xtest_pkcs11_test_1004(ADBG_Case_t *c)
1102{
1103 Do_ADBG_BeginSubCase(c, "Create and destroy a volatile object");
1104 test_create_destroy_single_object(c, false /*!persistent*/);
1105 Do_ADBG_EndSubCase(c, "Create and destroy a volatile object");
1106
1107 Do_ADBG_BeginSubCase(c, "Create and destroy a persistent object");
1108 test_create_destroy_single_object(c, true /*persistent*/);
1109 Do_ADBG_EndSubCase(c, "Create and destroy a persistent object");
1110
1111 Do_ADBG_BeginSubCase(c, "Create and destroy many session objects");
1112 test_create_destroy_session_objects(c);
1113 Do_ADBG_EndSubCase(c, "Create and destroy many session objects");
1114
1115 Do_ADBG_BeginSubCase(c, "Create objects in a read-only session");
1116 test_create_objects_in_session(c, false /*!readwrite*/);
1117 Do_ADBG_EndSubCase(c, "Create objects in a read-only session");
1118
1119 Do_ADBG_BeginSubCase(c, "Create objects in a read/write session");
1120 test_create_objects_in_session(c, true /*readwrite*/);
1121 Do_ADBG_EndSubCase(c, "Create objects in a read/write session");
1122}
1123
1124ADBG_CASE_DEFINE(pkcs11, 1004, xtest_pkcs11_test_1004,
1125 "PKCS11: create/destroy PKCS#11 simple objects");
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]1126
1127
1128static const CK_MECHANISM_TYPE allowed_only_aes_ecb[] = {
1129 CKM_AES_ECB,
1130};
1131static const CK_MECHANISM_TYPE allowed_not_aes_ecb[] = {
1132 CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1133 CKM_AES_GCM, CKM_AES_CCM,
1134};
1135static const CK_MECHANISM_TYPE allowed_only_aes_cbcnopad[] = {
1136 CKM_AES_CBC,
1137};
1138static const CK_MECHANISM_TYPE allowed_not_aes_cbcnopad[] = {
1139 CKM_AES_ECB, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1140 CKM_AES_GCM, CKM_AES_CCM,
1141};
1142static const CK_MECHANISM_TYPE allowed_only_aes_ctr[] = {
1143 CKM_AES_CTR,
1144};
1145static const CK_MECHANISM_TYPE allowed_not_aes_ctr[] = {
1146 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTS,
1147 CKM_AES_GCM, CKM_AES_CCM,
1148};
1149static const CK_MECHANISM_TYPE allowed_only_aes_cts[] = {
1150 CKM_AES_CTS,
1151};
1152static const CK_MECHANISM_TYPE allowed_not_aes_cts[] = {
1153 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR,
1154 CKM_AES_GCM, CKM_AES_CCM,
1155};
1156
1157#define CKTEST_AES_KEY \
1158 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1159 sizeof(CK_OBJECT_CLASS) }, \
1160 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, \
1161 sizeof(CK_KEY_TYPE) }, \
1162 { CKA_VALUE, (void *)cktest_aes128_key, \
1163 sizeof(cktest_aes128_key) }
1164
1165#define CKTEST_AES_ALLOWED_KEY(_allowed) \
1166 { CKA_ALLOWED_MECHANISMS, (void *)_allowed, sizeof(_allowed), }
1167
1168#define CK_KEY_ALLOWED_AES_TEST(_label, _allowed) \
1169 static CK_ATTRIBUTE _label[] = { \
1170 CKTEST_AES_KEY, \
1171 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1172 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1173 CKTEST_AES_ALLOWED_KEY(_allowed), \
1174 }
1175
1176#define CK_KEY_ALLOWED_AES_ENC_TEST(_label, _allowed) \
1177 static CK_ATTRIBUTE _label[] = { \
1178 CKTEST_AES_KEY, \
1179 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1180 CKTEST_AES_ALLOWED_KEY(_allowed), \
1181 }
1182#define CK_KEY_ALLOWED_AES_DEC_TEST(_label, _allowed) \
1183 static CK_ATTRIBUTE _label[] = { \
1184 CKTEST_AES_KEY, \
1185 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1186 CKTEST_AES_ALLOWED_KEY(_allowed), \
1187 }
1188
1189CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ecb, allowed_only_aes_ecb);
1190CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ecb, allowed_not_aes_ecb);
1191CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cbcnopad, allowed_only_aes_cbcnopad);
1192CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cbcnopad, allowed_not_aes_cbcnopad);
1193CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cts, allowed_only_aes_cts);
1194CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cts, allowed_not_aes_cts);
1195CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ctr, allowed_only_aes_ctr);
1196CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ctr, allowed_not_aes_ctr);
1197
1198struct cktest_allowed_test {
1199 CK_ATTRIBUTE_PTR attr_key;
1200 CK_ULONG attr_count;
1201 CK_MECHANISM_PTR mechanism;
1202};
1203
1204#define CKTEST_KEY_MECHA(key, mecha) { \
1205 .attr_key = key, \
1206 .attr_count = ARRAY_SIZE(key), \
1207 .mechanism = mecha, \
1208 }
1209
1210static const struct cktest_allowed_test cktest_allowed_valid[] = {
1211 CKTEST_KEY_MECHA(cktest_aes_only_ecb, &cktest_aes_ecb_mechanism),
1212 CKTEST_KEY_MECHA(cktest_aes_only_cbcnopad, &cktest_aes_cbc_mechanism),
1213 CKTEST_KEY_MECHA(cktest_aes_only_cts, &cktest_aes_cts_mechanism),
1214 CKTEST_KEY_MECHA(cktest_aes_only_ctr, &cktest_aes_ctr_mechanism),
1215};
1216
1217static const struct cktest_allowed_test cktest_allowed_invalid[] = {
1218 CKTEST_KEY_MECHA(cktest_aes_not_ecb, &cktest_aes_ecb_mechanism),
1219 CKTEST_KEY_MECHA(cktest_aes_not_cbcnopad, &cktest_aes_cbc_mechanism),
1220 CKTEST_KEY_MECHA(cktest_aes_not_cts, &cktest_aes_cts_mechanism),
1221 CKTEST_KEY_MECHA(cktest_aes_not_ctr, &cktest_aes_ctr_mechanism),
1222};
1223
1224/* Create session object and token object from a session */
1225static CK_RV cipher_init_final(ADBG_Case_t *c, CK_SESSION_HANDLE session,
1226 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1227 CK_MECHANISM_PTR mechanism, uint32_t mode,
1228 CK_RV expected_rc)
1229{
1230 CK_RV rv2 = CKR_GENERAL_ERROR;
1231 CK_RV rv = CKR_GENERAL_ERROR;
1232 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1233
1234 switch (mode) {
1235 case TEE_MODE_ENCRYPT:
1236 case TEE_MODE_DECRYPT:
1237 break;
1238 default:
1239 ADBG_EXPECT_TRUE(c, false);
1240 }
1241
1242 rv = C_CreateObject(session, attr_key, attr_count, &object);
1243 if (!ADBG_EXPECT_CK_OK(c, rv))
1244 return rv;
1245
1246 if (mode == TEE_MODE_ENCRYPT)
1247 rv = C_EncryptInit(session, mechanism, object);
1248 if (mode == TEE_MODE_DECRYPT)
1249 rv = C_DecryptInit(session, mechanism, object);
1250
1251 if (!ADBG_EXPECT_CK_RESULT(c, expected_rc, rv)) {
1252 rv = CKR_GENERAL_ERROR;
1253 goto out;
1254 }
1255
1256 if (rv) {
1257 /*
1258 * If we're here it was the expected error code above and
1259 * we're supposed to return OK below.
1260 */
1261 rv = CKR_OK;
1262 } else {
1263 if (mode == TEE_MODE_ENCRYPT)
1264 rv = C_EncryptFinal(session, NULL, NULL);
1265 if (mode == TEE_MODE_DECRYPT)
1266 rv = C_DecryptFinal(session, NULL, NULL);
1267
1268 /* Only check that the operation is no more active */
1269 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
1270 rv = CKR_GENERAL_ERROR;
1271 }
1272
1273out:
1274 rv2 = C_DestroyObject(session, object);
1275 ADBG_EXPECT_CK_OK(c, rv2);
1276
1277 if (rv)
1278 return rv;
1279 else
1280 return rv2;
1281}
1282
1283CK_KEY_ALLOWED_AES_ENC_TEST(cktest_aes_enc_only_cts, allowed_only_aes_cts);
1284
1285CK_KEY_ALLOWED_AES_DEC_TEST(cktest_aes_dec_only_ctr, allowed_only_aes_ctr);
1286
1287static void xtest_pkcs11_test_1005(ADBG_Case_t *c)
1288{
1289 CK_RV rv = CKR_GENERAL_ERROR;
1290 CK_SLOT_ID slot = 0;
1291 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1292 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1293 size_t n = 0;
1294
1295 rv = init_lib_and_find_token_slot(&slot);
1296 if (!ADBG_EXPECT_CK_OK(c, rv))
1297 return;
1298
1299 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1300 if (!ADBG_EXPECT_CK_OK(c, rv))
1301 goto out;
1302
1303 for (n = 0; n < ARRAY_SIZE(cktest_allowed_valid); n++) {
1304
1305 Do_ADBG_BeginSubCase(c, "valid usage #%zu", n);
1306
1307 rv = cipher_init_final(c, session,
1308 cktest_allowed_valid[n].attr_key,
1309 cktest_allowed_valid[n].attr_count,
1310 cktest_allowed_valid[n].mechanism,
1311 TEE_MODE_ENCRYPT,
1312 CKR_OK);
1313
1314 ADBG_EXPECT_CK_OK(c, rv);
1315
1316 Do_ADBG_EndSubCase(c, NULL);
1317 if (rv)
1318 goto out;
1319
1320 }
1321
1322 for (n = 0; n < ARRAY_SIZE(cktest_allowed_invalid); n++) {
1323 Do_ADBG_BeginSubCase(c, "invalid usage #%zu", n);
1324
1325 rv = cipher_init_final(c, session,
1326 cktest_allowed_invalid[n].attr_key,
1327 cktest_allowed_invalid[n].attr_count,
1328 cktest_allowed_invalid[n].mechanism,
1329 TEE_MODE_ENCRYPT,
1330 CKR_KEY_FUNCTION_NOT_PERMITTED);
1331
1332 ADBG_EXPECT_CK_OK(c, rv);
1333
1334 Do_ADBG_EndSubCase(c, NULL);
1335 if (rv)
1336 goto out;
1337
1338 }
1339
1340out:
1341 rv = C_CloseSession(session);
1342 ADBG_EXPECT_CK_OK(c, rv);
1343
1344 rv = close_lib();
1345 ADBG_EXPECT_CK_OK(c, rv);
1346}
1347
1348
1349ADBG_CASE_DEFINE(pkcs11, 1005, xtest_pkcs11_test_1005,
1350 "PKCS11: Check ciphering with valid and invalid keys #1");
1351
1352static void xtest_pkcs11_test_1006(ADBG_Case_t *c)
1353{
1354 CK_RV rv = CKR_GENERAL_ERROR;
1355 CK_SLOT_ID slot = 0;
1356 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1357 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1358
1359 rv = init_lib_and_find_token_slot(&slot);
1360 if (!ADBG_EXPECT_CK_OK(c, rv))
1361 return;
1362
1363 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1364 if (!ADBG_EXPECT_CK_OK(c, rv))
1365 goto out;
1366
1367 /* Encrypt only AES CTS key */
1368 rv = cipher_init_final(c, session,
1369 cktest_aes_enc_only_cts,
1370 ARRAY_SIZE(cktest_aes_enc_only_cts),
1371 &cktest_aes_cts_mechanism,
1372 TEE_MODE_ENCRYPT,
1373 CKR_OK);
1374 if (!ADBG_EXPECT_CK_OK(c, rv))
1375 goto out;
1376
1377 rv = cipher_init_final(c, session,
1378 cktest_aes_enc_only_cts,
1379 ARRAY_SIZE(cktest_aes_enc_only_cts),
1380 &cktest_aes_cts_mechanism,
1381 TEE_MODE_DECRYPT,
1382 CKR_KEY_FUNCTION_NOT_PERMITTED);
1383 if (!ADBG_EXPECT_CK_OK(c, rv))
1384 goto out;
1385
1386 /* Decrypt only AES CTR key */
1387 rv = cipher_init_final(c, session,
1388 cktest_aes_dec_only_ctr,
1389 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1390 &cktest_aes_ctr_mechanism,
1391 TEE_MODE_ENCRYPT,
1392 CKR_KEY_FUNCTION_NOT_PERMITTED);
1393 if (!ADBG_EXPECT_CK_OK(c, rv))
1394 goto out;
1395
1396 rv = cipher_init_final(c, session,
1397 cktest_aes_dec_only_ctr,
1398 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1399 &cktest_aes_ctr_mechanism,
1400 TEE_MODE_ENCRYPT,
1401 CKR_KEY_FUNCTION_NOT_PERMITTED);
1402 if (!ADBG_EXPECT_CK_OK(c, rv))
1403 goto out;
1404
1405out:
1406 rv = C_CloseSession(session);
1407 ADBG_EXPECT_CK_OK(c, rv);
1408
1409 rv = close_lib();
1410 ADBG_EXPECT_CK_OK(c, rv);
1411}
1412ADBG_CASE_DEFINE(pkcs11, 1006, xtest_pkcs11_test_1006,
1413 "PKCS11: Check ciphering with valid and invalid keys #2");
1414
1415static CK_RV open_cipher_session(ADBG_Case_t *c,
1416 CK_SLOT_ID slot, CK_SESSION_HANDLE_PTR session,
1417 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1418 CK_MECHANISM_PTR mechanism, uint32_t mode)
1419{
1420 CK_RV rv = CKR_GENERAL_ERROR;
1421 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1422 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1423
1424 switch (mode) {
1425 case TEE_MODE_ENCRYPT:
1426 case TEE_MODE_DECRYPT:
1427 break;
1428 default:
1429 ADBG_EXPECT_TRUE(c, false);
1430 return CKR_GENERAL_ERROR;
1431 }
1432
1433 rv = C_OpenSession(slot, session_flags, NULL, 0, session);
1434 if (rv == CKR_DEVICE_MEMORY)
1435 return rv;
1436 if (!ADBG_EXPECT_CK_OK(c, rv))
1437 return rv;
1438
1439 rv = C_CreateObject(*session, attr_key, attr_count, &object);
1440 if (rv == CKR_DEVICE_MEMORY)
1441 return rv;
1442 if (!ADBG_EXPECT_CK_OK(c, rv))
1443 return rv;
1444
1445 if (mode == TEE_MODE_ENCRYPT)
1446 rv = C_EncryptInit(*session, mechanism, object);
1447 if (mode == TEE_MODE_DECRYPT)
1448 rv = C_DecryptInit(*session, mechanism, object);
1449
1450 if (rv == CKR_DEVICE_MEMORY)
1451 return rv;
1452 if (!ADBG_EXPECT_CK_OK(c, rv))
1453 return CKR_GENERAL_ERROR;
1454
1455 return rv;
1456}
1457
1458static void xtest_pkcs11_test_1007(ADBG_Case_t *c)
1459{
1460 CK_RV rv = CKR_GENERAL_ERROR;
1461 CK_SLOT_ID slot = 0;
1462 CK_SESSION_HANDLE sessions[128];
1463 size_t n = 0;
1464
1465 for (n = 0; n < ARRAY_SIZE(sessions); n++)
1466 sessions[n] = CK_INVALID_HANDLE;
1467
1468 rv = init_lib_and_find_token_slot(&slot);
1469 if (!ADBG_EXPECT_CK_OK(c, rv))
1470 return;
1471
1472 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1473
1474 rv = open_cipher_session(c, slot, &sessions[n],
1475 cktest_allowed_valid[0].attr_key,
1476 cktest_allowed_valid[0].attr_count,
1477 cktest_allowed_valid[0].mechanism,
1478 TEE_MODE_ENCRYPT);
1479
1480 /* Failure due to memory allocation is not a error case */
1481 if (rv == CKR_DEVICE_MEMORY)
1482 break;
1483
1484 if (!ADBG_EXPECT_CK_OK(c, rv))
1485 goto out;
1486 }
1487
1488 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, >, 0))
1489 goto out;
1490
1491 Do_ADBG_Log(" created sessions count: %zu", n);
1492
1493 /* Closing session with out bound and invalid IDs (or negative ID) */
1494 rv = C_CloseSession(sessions[n - 1] + 1024);
1495 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1496 rv = C_CloseSession(CK_INVALID_HANDLE);
1497 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1498 rv = C_CloseSession(~0);
1499 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1500
1501 /* Closing each session: all related resources shall be free */
1502 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1503 if (sessions[n] == CK_INVALID_HANDLE)
1504 continue;
1505
1506 rv = C_CloseSession(sessions[n]);
1507 ADBG_EXPECT_CK_OK(c, rv);
1508 sessions[n] = CK_INVALID_HANDLE;
1509 }
1510
1511 /* Open and close another session */
1512 rv = open_cipher_session(c, slot, &sessions[0],
1513 cktest_allowed_valid[0].attr_key,
1514 cktest_allowed_valid[0].attr_count,
1515 cktest_allowed_valid[0].mechanism,
1516 TEE_MODE_ENCRYPT);
1517
1518 if (!ADBG_EXPECT_CK_OK(c, rv))
1519 goto out;
1520
1521 rv = C_CloseSession(sessions[0]);
1522 ADBG_EXPECT_CK_OK(c, rv);
1523 sessions[0] = CK_INVALID_HANDLE;
1524
1525out:
1526 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1527 if (sessions[n] == CK_INVALID_HANDLE)
1528 continue;
1529
1530 rv = C_CloseSession(sessions[n]);
1531 ADBG_EXPECT_CK_OK(c, rv);
1532 }
1533
1534 rv = close_lib();
1535 ADBG_EXPECT_CK_OK(c, rv);
1536}
1537ADBG_CASE_DEFINE(pkcs11, 1007, xtest_pkcs11_test_1007,
1538 "PKCS11: Check operations release at session closure");
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1539
1540#define CK_MAC_KEY_HMAC(_type, _key_array) \
1541 { \
1542 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, \
1543 sizeof(CK_BBOOL) }, \
1544 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, \
1545 sizeof(CK_BBOOL) }, \
1546 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1547 sizeof(CK_OBJECT_CLASS) }, \
1548 { CKA_KEY_TYPE, &(CK_KEY_TYPE){_type}, \
1549 sizeof(CK_KEY_TYPE) }, \
1550 { CKA_VALUE, (void *)(_key_array), \
1551 sizeof(_key_array) } \
1552 }
1553
1554static CK_ATTRIBUTE cktest_hmac_md5_key[] =
1555 CK_MAC_KEY_HMAC(CKK_MD5_HMAC, mac_data_md5_key1);
1556
1557static CK_ATTRIBUTE cktest_hmac_sha1_key[] =
1558 CK_MAC_KEY_HMAC(CKK_SHA_1_HMAC, mac_data_sha1_key1);
1559
1560static CK_ATTRIBUTE cktest_hmac_sha224_key[] =
1561 CK_MAC_KEY_HMAC(CKK_SHA224_HMAC, mac_data_sha224_key1);
1562
1563static CK_ATTRIBUTE cktest_hmac_sha256_key1[] =
1564 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key1);
1565
1566static CK_ATTRIBUTE cktest_hmac_sha256_key2[] =
1567 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key2);
1568
1569static CK_ATTRIBUTE cktest_hmac_sha384_key[] =
1570 CK_MAC_KEY_HMAC(CKK_SHA384_HMAC, mac_data_sha384_key1);
1571
1572static CK_ATTRIBUTE cktest_hmac_sha512_key[] =
1573 CK_MAC_KEY_HMAC(CKK_SHA512_HMAC, mac_data_sha512_key1);
1574
1575struct mac_test {
1576 CK_ATTRIBUTE_PTR attr_key;
1577 CK_ULONG attr_count;
1578 CK_MECHANISM_PTR mechanism;
1579 size_t in_incr;
1580 const uint8_t *in;
1581 size_t in_len;
1582 const uint8_t *out;
1583 size_t out_len;
1584 bool multiple_incr;
1585};
1586
1587#define CKTEST_MAC_TEST(key, mecha, input_incr, input, output, incr) { \
1588 .attr_key = key, \
1589 .attr_count = ARRAY_SIZE(key), \
1590 .mechanism = mecha, \
1591 .in_incr = input_incr, \
1592 .in = input, \
1593 .in_len = ARRAY_SIZE(input), \
1594 .out = output, \
1595 .out_len = ARRAY_SIZE(output), \
1596 .multiple_incr = incr \
1597 }
1598
1599static const struct mac_test cktest_mac_cases[] = {
1600 CKTEST_MAC_TEST(cktest_hmac_md5_key, &cktest_hmac_md5_mechanism,
1601 4, mac_data_md5_in1, mac_data_md5_out1, false),
1602 CKTEST_MAC_TEST(cktest_hmac_sha1_key, &cktest_hmac_sha1_mechanism,
1603 5, mac_data_sha1_in1, mac_data_sha1_out1, false),
1604 CKTEST_MAC_TEST(cktest_hmac_sha224_key, &cktest_hmac_sha224_mechanism,
1605 8, mac_data_sha224_in1, mac_data_sha224_out1, false),
1606 CKTEST_MAC_TEST(cktest_hmac_sha256_key1, &cktest_hmac_sha256_mechanism,
1607 1, mac_data_sha256_in1, mac_data_sha256_out1, false),
1608 CKTEST_MAC_TEST(cktest_hmac_sha256_key2, &cktest_hmac_sha256_mechanism,
1609 7, mac_data_sha256_in2, mac_data_sha256_out2, false),
1610 CKTEST_MAC_TEST(cktest_hmac_sha384_key, &cktest_hmac_sha384_mechanism,
1611 11, mac_data_sha384_in1, mac_data_sha384_out1, false),
1612 CKTEST_MAC_TEST(cktest_hmac_sha512_key, &cktest_hmac_sha512_mechanism,
1613 13, mac_data_sha512_in1, mac_data_sha512_out1, false),
1614};
1615
1616static void xtest_pkcs11_test_1008(ADBG_Case_t *c)
1617{
1618 CK_RV rv = CKR_GENERAL_ERROR;
1619 CK_SLOT_ID slot = 0;
1620 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1621 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1622 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1623 uint8_t out[512] = { 0 };
1624 CK_ULONG out_size = 0;
1625 struct mac_test const *test = NULL;
1626 size_t n = 0;
1627
1628 rv = init_lib_and_find_token_slot(&slot);
1629 if (!ADBG_EXPECT_CK_OK(c, rv))
1630 return;
1631
1632 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1633 if (!ADBG_EXPECT_CK_OK(c, rv))
1634 goto err_close_lib;
1635
1636 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1637
1638 test = &cktest_mac_cases[n];
1639 Do_ADBG_BeginSubCase(c, "Sign case %zu algo (%s)", n,
1640 ckm2str(test->mechanism->mechanism));
1641
1642 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1643 &key_handle);
1644 if (!ADBG_EXPECT_CK_OK(c, rv))
1645 goto err;
1646
1647 /* Test signature in 1 step */
1648 if (test->in != NULL) {
1649 rv = C_SignInit(session, test->mechanism, key_handle);
1650 if (!ADBG_EXPECT_CK_OK(c, rv))
1651 goto err_destr_obj;
1652
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame]1653 /* Pass input buffer of size 0 */
1654 rv = C_SignUpdate(session,
1655 (void *)test->in, 0);
1656 if (!ADBG_EXPECT_CK_OK(c, rv))
1657 goto err_destr_obj;
1658
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1659 rv = C_SignUpdate(session,
1660 (void *)test->in, test->in_len);
1661 if (!ADBG_EXPECT_CK_OK(c, rv))
1662 goto err_destr_obj;
1663
1664 /* Test too short buffer case */
1665 out_size = 1;
1666 rv = C_SignFinal(session, out, &out_size);
1667 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1668 goto err_destr_obj;
1669
1670 /*
1671 * Test NULL buffer case with size as 0
1672 * to get the out_size
1673 */
1674 out_size = 0;
1675 rv = C_SignFinal(session, NULL, &out_size);
1676 if (!ADBG_EXPECT_CK_OK(c, rv))
1677 goto err_destr_obj;
1678
Vesa Jääskeläinenbbe78622021-06-27 16:03:13 +0300[diff] [blame]1679 /*
1680 * Test NULL buffer case with size as non-zero
1681 * to get the out_size
1682 */
1683 out_size = 42;
1684 rv = C_SignFinal(session, NULL, &out_size);
1685 if (!ADBG_EXPECT_CK_OK(c, rv))
1686 goto err_destr_obj;
1687
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1688 /* Get to full output */
1689 memset(out, 0, out_size);
1690 rv = C_SignFinal(session, out, &out_size);
1691 if (!ADBG_EXPECT_CK_OK(c, rv))
1692 goto err_destr_obj;
1693
1694 (void)ADBG_EXPECT_BUFFER(c, test->out,
1695 test->out_len,
1696 out, out_size);
1697 }
1698
1699 /* Test 2 step update signature */
1700 rv = C_SignInit(session, test->mechanism, key_handle);
1701 if (!ADBG_EXPECT_CK_OK(c, rv))
1702 goto err_destr_obj;
1703
1704 if (test->in != NULL) {
1705 rv = C_SignUpdate(session,
1706 (void *)test->in, test->in_incr);
1707 if (!ADBG_EXPECT_CK_OK(c, rv))
1708 goto err_destr_obj;
1709
1710 rv = C_SignUpdate(session,
1711 (void *)(test->in + test->in_incr),
1712 test->in_len - test->in_incr);
1713 if (!ADBG_EXPECT_CK_OK(c, rv))
1714 goto err_destr_obj;
1715 }
1716
1717 out_size = sizeof(out);
1718 memset(out, 0, sizeof(out));
1719
1720 rv = C_SignFinal(session, out, &out_size);
1721 if (!ADBG_EXPECT_CK_OK(c, rv))
1722 goto err_destr_obj;
1723
1724 (void)ADBG_EXPECT_BUFFER(c, test->out,
1725 test->out_len, out, out_size);
1726
1727 /* Test 3 signature in one shot */
1728 if (test->in != NULL) {
1729 rv = C_SignInit(session, test->mechanism, key_handle);
1730 if (!ADBG_EXPECT_CK_OK(c, rv))
1731 goto err_destr_obj;
1732
1733 /* Test too short buffer case */
1734 out_size = 1;
1735 rv = C_Sign(session,(void *)test->in, test->in_len,
1736 out, &out_size);
1737 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1738 goto err_destr_obj;
1739
1740 /*
1741 * Test NULL buffer case with size as 0
1742 * to get the out_size
1743 */
1744 out_size = 0;
1745 rv = C_Sign(session, (void *)test->in, test->in_len,
1746 NULL, &out_size);
1747 if (!ADBG_EXPECT_CK_OK(c, rv))
1748 goto err_destr_obj;
1749
Vesa Jääskeläinenbbe78622021-06-27 16:03:13 +0300[diff] [blame]1750 /*
1751 * Test NULL buffer case with size as non-zero
1752 * to get the out_size
1753 */
1754 out_size = 42;
1755 rv = C_Sign(session, (void *)test->in, test->in_len,
1756 NULL, &out_size);
1757 if (!ADBG_EXPECT_CK_OK(c, rv))
1758 goto err_destr_obj;
1759
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1760 /* Get to full output */
1761 memset(out, 0, out_size);
1762 rv = C_Sign(session,(void *)test->in, test->in_len,
1763 out, &out_size);
1764 if (!ADBG_EXPECT_CK_OK(c, rv))
1765 goto err_destr_obj;
1766
1767 (void)ADBG_EXPECT_BUFFER(c, test->out,
1768 test->out_len,
1769 out, out_size);
1770 }
1771
1772 rv = C_DestroyObject(session, key_handle);
1773 if (!ADBG_EXPECT_CK_OK(c, rv))
1774 goto err;
1775
1776 Do_ADBG_EndSubCase(c, NULL);
1777 }
1778 goto out;
1779
1780err_destr_obj:
1781 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1782err:
1783 Do_ADBG_EndSubCase(c, NULL);
1784out:
1785 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1786err_close_lib:
1787 ADBG_EXPECT_CK_OK(c, close_lib());
1788}
1789ADBG_CASE_DEFINE(pkcs11, 1008, xtest_pkcs11_test_1008,
1790 "PKCS11: Check Compliance of C_Sign - HMAC algorithms");
1791
1792static void xtest_pkcs11_test_1009(ADBG_Case_t *c)
1793{
1794 CK_RV rv = CKR_GENERAL_ERROR;
1795 CK_SLOT_ID slot = 0;
1796 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1797 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1798 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1799 struct mac_test const *test = NULL;
1800 size_t n = 0;
1801
1802 rv = init_lib_and_find_token_slot(&slot);
1803 if (!ADBG_EXPECT_CK_OK(c, rv))
1804 return;
1805
1806 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1807 if (!ADBG_EXPECT_CK_OK(c, rv))
1808 goto err_close_lib;
1809
1810 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1811
1812 test = &cktest_mac_cases[n];
1813 Do_ADBG_BeginSubCase(c, "Verify case %zu algo (%s)", n,
1814 ckm2str(test->mechanism->mechanism));
1815
1816 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1817 &key_handle);
1818 if (!ADBG_EXPECT_CK_OK(c, rv))
1819 goto err;
1820
1821 /* Test Verification in 1 step */
1822 if (test->in != NULL) {
1823 rv = C_VerifyInit(session, test->mechanism, key_handle);
1824 if (!ADBG_EXPECT_CK_OK(c, rv))
1825 goto err_destr_obj;
1826
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame]1827 /* Pass input buffer with size 0 - No affect */
1828 rv = C_VerifyUpdate(session, (void *)test->in, 0);
1829 if (!ADBG_EXPECT_CK_OK(c, rv))
1830 goto err_destr_obj;
1831
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1832 rv = C_VerifyUpdate(session, (void *)test->in,
1833 test->in_len);
1834 if (!ADBG_EXPECT_CK_OK(c, rv))
1835 goto err_destr_obj;
1836
1837 rv = C_VerifyFinal(session,
1838 (void *)test->out, test->out_len);
1839 if (!ADBG_EXPECT_CK_OK(c, rv))
1840 goto err_destr_obj;
1841
1842 }
1843
1844 /* Test 2 step update verification*/
1845 rv = C_VerifyInit(session, test->mechanism, key_handle);
1846 if (!ADBG_EXPECT_CK_OK(c, rv))
1847 goto err_destr_obj;
1848
1849 if (test->in != NULL) {
1850 rv = C_VerifyUpdate(session,
1851 (void *)test->in, test->in_incr);
1852 if (!ADBG_EXPECT_CK_OK(c, rv))
1853 goto err_destr_obj;
1854
1855 rv = C_VerifyUpdate(session,
1856 (void *)(test->in + test->in_incr),
1857 test->in_len - test->in_incr);
1858 if (!ADBG_EXPECT_CK_OK(c, rv))
1859 goto err_destr_obj;
1860 }
1861
1862 rv = C_VerifyFinal(session, (void *)test->out, test->out_len);
1863 if (!ADBG_EXPECT_CK_OK(c, rv))
1864 goto err_destr_obj;
1865
1866 /* Error as Operation has already completed */
1867 rv = C_Verify(session,
1868 (void *)test->in, test->in_len,
1869 (void *)test->out, test->out_len);
1870 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED,
1871 rv))
1872 goto err_destr_obj;
1873
1874 /* Test 3 verification in one shot */
1875 if (test->in != NULL) {
1876 rv = C_VerifyInit(session, test->mechanism, key_handle);
1877 if (!ADBG_EXPECT_CK_OK(c, rv))
1878 goto err_destr_obj;
1879
1880 rv = C_Verify(session,
1881 (void *)test->in, test->in_len,
1882 (void *)test->out, test->out_len);
1883 if (!ADBG_EXPECT_CK_OK(c, rv))
1884 goto err_destr_obj;
1885
1886 /* Try calling Verify again */
1887 rv = C_Verify(session,
1888 (void *)test->in, test->in_len,
1889 (void *)test->out, test->out_len);
1890 if (!ADBG_EXPECT_CK_RESULT(c,
1891 CKR_OPERATION_NOT_INITIALIZED,
1892 rv))
1893 goto err_destr_obj;
1894 }
1895
1896 /*
1897 * Test 4 verification
1898 * Error - Signature Length Range with C_VerifyFinal
1899 */
1900 if (test->in != NULL) {
1901 rv = C_VerifyInit(session, test->mechanism, key_handle);
1902 if (!ADBG_EXPECT_CK_OK(c, rv))
1903 goto err_destr_obj;
1904
1905 rv = C_VerifyUpdate(session, (void *)test->in,
1906 test->in_len);
1907 if (!ADBG_EXPECT_CK_OK(c, rv))
1908 goto err_destr_obj;
1909
1910 rv = C_VerifyFinal(session, (void *)test->out, 3);
1911 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1912 rv))
1913 goto err_destr_obj;
1914 }
1915
1916 /*
1917 * Test 5 verification
1918 * Error - Signature Length Range with C_Verify
1919 */
1920 if (test->in != NULL) {
1921 rv = C_VerifyInit(session, test->mechanism, key_handle);
1922 if (!ADBG_EXPECT_CK_OK(c, rv))
1923 goto err_destr_obj;
1924
1925 rv = C_Verify(session,
1926 (void *)test->in, test->in_len,
1927 (void *)test->out, 0);
1928 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1929 rv))
1930 goto err_destr_obj;
1931 }
1932
1933 /* Test 6 verification - Invalid Operation sequence */
1934 if (test->in != NULL) {
1935 rv = C_VerifyInit(session, test->mechanism, key_handle);
1936 if (!ADBG_EXPECT_CK_OK(c, rv))
1937 goto err_destr_obj;
1938
1939 rv = C_Verify(session,
1940 (void *)test->in, test->in_len,
1941 (void *)test->out, test->out_len);
1942 if (!ADBG_EXPECT_CK_OK(c, rv))
1943 goto err_destr_obj;
1944
1945 /* Init session has already terminated with C_Verify */
1946 rv = C_VerifyUpdate(session, (void *)test->in,
1947 test->in_len);
1948 if (!ADBG_EXPECT_CK_RESULT(c,
1949 CKR_OPERATION_NOT_INITIALIZED,
1950 rv))
1951 goto err_destr_obj;
1952 }
1953
1954 rv = C_DestroyObject(session, key_handle);
1955 if (!ADBG_EXPECT_CK_OK(c, rv))
1956 goto err;
1957
1958 Do_ADBG_EndSubCase(c, NULL);
1959 }
1960 goto out;
1961
1962err_destr_obj:
1963 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1964err:
1965 Do_ADBG_EndSubCase(c, NULL);
1966out:
1967 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1968err_close_lib:
1969 ADBG_EXPECT_CK_OK(c, close_lib());
1970}
1971ADBG_CASE_DEFINE(pkcs11, 1009, xtest_pkcs11_test_1009,
1972 "PKCS11: Check Compliance of C_Verify - HMAC Algorithms");
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]1973
1974/* Bad key type */
1975static CK_ATTRIBUTE cktest_generate_gensecret_object_error1[] = {
1976 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1977 sizeof(CK_OBJECT_CLASS) },
1978 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
1979 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
1980};
1981
1982/* Missing VALUE_LEN */
1983static CK_ATTRIBUTE cktest_generate_gensecret_object_error2[] = {
1984 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1985 sizeof(CK_OBJECT_CLASS) },
1986 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1987 sizeof(CK_KEY_TYPE) },
1988};
1989
1990/* Bad object class */
1991static CK_ATTRIBUTE cktest_generate_gensecret_object_error3[] = {
1992 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA}, sizeof(CK_OBJECT_CLASS) },
1993 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1994 sizeof(CK_KEY_TYPE) },
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]1995 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]1996};
1997
1998/* Invalid template with CKA_LOCAL */
1999static CK_ATTRIBUTE cktest_generate_gensecret_object_error4[] = {
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]2000 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]2001 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2002};
2003
2004/* Valid template to generate a generic secret */
2005static CK_ATTRIBUTE cktest_generate_gensecret_object_valid1[] = {
2006 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
2007 sizeof(CK_OBJECT_CLASS) },
2008 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
2009 sizeof(CK_KEY_TYPE) },
2010 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2011 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]2012 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]2013};
2014
2015/* Valid template to generate a generic secret with only VALUE_LEN */
2016static CK_ATTRIBUTE cktest_generate_gensecret_object_valid2[] = {
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]2017 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]2018 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2019};
2020
2021
2022/* Valid template to generate an all AES purpose key */
2023static CK_ATTRIBUTE cktest_generate_aes_object[] = {
2024 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
2025 sizeof(CK_OBJECT_CLASS) },
2026 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
2027 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2028 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2029 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
2030};
2031
2032static void xtest_pkcs11_test_1010(ADBG_Case_t *c)
2033{
2034 CK_RV rv = CKR_GENERAL_ERROR;
2035 CK_SLOT_ID slot = 0;
2036 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2037 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2038 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
2039 struct mac_test const *test = &cktest_mac_cases[0];
2040 uint8_t out[512] = { 0 };
2041 CK_ULONG out_len = 512;
2042
2043 rv = init_lib_and_find_token_slot(&slot);
2044 if (!ADBG_EXPECT_CK_OK(c, rv))
2045 return;
2046
2047 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2048 if (!ADBG_EXPECT_CK_OK(c, rv))
2049 goto close_lib;
2050
2051 /*
2052 * Generate Generic Secret key using invalid templates
2053 */
2054 Do_ADBG_BeginSubCase(c, "Generate Secret Key with Invalid Templates");
2055
2056 /* NULL Template with !null template length */
2057 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism, NULL,
2058 3, &key_handle);
2059 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
2060 goto err;
2061
2062 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2063 cktest_generate_gensecret_object_error1,
2064 ARRAY_SIZE(cktest_generate_gensecret_object_error1),
2065 &key_handle);
2066 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2067 goto err;
2068
2069 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2070 cktest_generate_gensecret_object_error2,
2071 ARRAY_SIZE(cktest_generate_gensecret_object_error2),
2072 &key_handle);
2073 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCOMPLETE, rv))
2074 goto err;
2075
2076 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2077 cktest_generate_gensecret_object_error3,
2078 ARRAY_SIZE(cktest_generate_gensecret_object_error3),
2079 &key_handle);
2080 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2081 goto err;
2082
2083 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2084 cktest_generate_gensecret_object_error4,
2085 ARRAY_SIZE(cktest_generate_gensecret_object_error4),
2086 &key_handle);
2087 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2088 goto err;
2089
2090 Do_ADBG_EndSubCase(c, NULL);
2091
2092 /*
2093 * Generate a Generic Secret object.
2094 * Try to encrypt with, it should fail...
2095 */
2096 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Encrypting");
2097
2098 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2099 cktest_generate_gensecret_object_valid1,
2100 ARRAY_SIZE(cktest_generate_gensecret_object_valid1),
2101 &key_handle);
2102 if (!ADBG_EXPECT_CK_OK(c, rv))
2103 goto err;
2104
2105 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2106 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_FUNCTION_NOT_PERMITTED, rv))
2107 goto err_destr_obj;
2108
2109 rv = C_DestroyObject(session, key_handle);
2110 if (!ADBG_EXPECT_CK_OK(c, rv))
2111 goto err;
2112
2113 Do_ADBG_EndSubCase(c, NULL);
2114
2115 /*
2116 * Generate a Generic Secret object.
2117 * Try to sign with it, it should pass...
2118 */
2119 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Signing");
2120 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2121 cktest_generate_gensecret_object_valid2,
2122 ARRAY_SIZE(cktest_generate_gensecret_object_valid2),
2123 &key_handle);
2124 if (!ADBG_EXPECT_CK_OK(c, rv))
2125 goto err;
2126
2127 rv = C_SignInit(session, test->mechanism, key_handle);
2128 if (!ADBG_EXPECT_CK_OK(c, rv))
2129 goto err_destr_obj;
2130
2131 rv = C_Sign(session, (void *)test->in, test->in_len,
2132 (void *)out, &out_len);
2133 if (!ADBG_EXPECT_CK_OK(c, rv))
2134 goto err_destr_obj;
2135
2136 rv = C_DestroyObject(session, key_handle);
2137 if (!ADBG_EXPECT_CK_OK(c, rv))
2138 goto err;
2139
2140 Do_ADBG_EndSubCase(c, NULL);
2141
2142 /*
2143 * Generate a 128 bit AES Secret Key.
2144 * Try to encrypt with, it should pass...
2145 */
2146 Do_ADBG_BeginSubCase(c, "Generate AES Key - Try Encrypting");
2147
2148 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
2149 cktest_generate_aes_object,
2150 ARRAY_SIZE(cktest_generate_aes_object),
2151 &key_handle);
2152 if (!ADBG_EXPECT_CK_OK(c, rv))
2153 goto err;
2154
2155 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2156 if (!ADBG_EXPECT_CK_OK(c, rv))
2157 goto err_destr_obj;
2158
2159 rv = C_EncryptFinal(session, NULL, NULL);
2160 /* Only check that the operation is no more active */
2161 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
2162 goto err;
2163
2164 rv = C_DestroyObject(session, key_handle);
2165 if (!ADBG_EXPECT_CK_OK(c, rv))
2166 goto err;
2167
2168 Do_ADBG_EndSubCase(c, NULL);
2169
2170 goto out;
2171
2172err_destr_obj:
2173 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
2174err:
2175 Do_ADBG_EndSubCase(c, NULL);
2176out:
2177 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2178close_lib:
2179 ADBG_EXPECT_CK_OK(c, close_lib());
2180}
2181ADBG_CASE_DEFINE(pkcs11, 1010, xtest_pkcs11_test_1010,
2182 "PKCS11: Key Generation");
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2183
2184static CK_RV create_data_object(CK_SESSION_HANDLE session,
2185 CK_OBJECT_HANDLE *obj_handle,
2186 CK_BBOOL token, CK_BBOOL private,
2187 const char *label)
2188{
2189 CK_OBJECT_CLASS class = CKO_DATA;
2190 CK_ATTRIBUTE object_template[] = {
2191 { CKA_CLASS, &class, sizeof(CK_OBJECT_CLASS) },
2192 { CKA_TOKEN, &token, sizeof(CK_BBOOL) },
2193 { CKA_PRIVATE, &private, sizeof(CK_BBOOL) },
2194 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2195 };
2196
2197 return C_CreateObject(session, object_template,
2198 ARRAY_SIZE(object_template), obj_handle);
2199}
2200
2201static CK_RV test_find_objects(ADBG_Case_t *c, CK_SESSION_HANDLE session,
2202 CK_ATTRIBUTE_PTR find_template,
2203 CK_ULONG attr_count,
2204 CK_OBJECT_HANDLE_PTR obj_found,
2205 CK_ULONG obj_count,
2206 CK_ULONG expected_cnt)
2207{
2208 CK_RV rv = CKR_GENERAL_ERROR;
2209 CK_ULONG hdl_count = 0;
2210
2211 rv = C_FindObjectsInit(session, find_template, attr_count);
2212 if (!ADBG_EXPECT_CK_OK(c, rv))
2213 return rv;
2214
2215 rv = C_FindObjects(session, obj_found, obj_count, &hdl_count);
2216 if (!ADBG_EXPECT_CK_OK(c, rv))
2217 return rv;
2218 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, expected_cnt))
2219 return CKR_GENERAL_ERROR;
2220
2221 rv = C_FindObjectsFinal(session);
2222 if (!ADBG_EXPECT_CK_OK(c, rv))
2223 return rv;
2224
2225 return rv;
2226}
2227
2228static void destroy_persistent_objects(ADBG_Case_t *c, CK_SLOT_ID slot)
2229{
2230 uint32_t rv = CKR_GENERAL_ERROR;
2231 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2232 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2233 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2234 CK_ULONG count = 1;
2235 CK_ATTRIBUTE cktest_find_all_token_objs[] = {
2236 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2237 };
2238
2239 rv = init_user_test_token(slot);
2240 if (!ADBG_EXPECT_CK_OK(c, rv))
2241 return;
2242
2243 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2244 if (!ADBG_EXPECT_CK_OK(c, rv))
2245 return;
2246
2247 /* Login to destroy private objects */
2248 rv = C_Login(session, CKU_USER, test_token_user_pin,
2249 sizeof(test_token_user_pin));
2250 if (!ADBG_EXPECT_CK_OK(c, rv))
2251 goto bail;
2252
2253 rv = C_FindObjectsInit(session, cktest_find_all_token_objs,
2254 ARRAY_SIZE(cktest_find_all_token_objs));
2255 if (!ADBG_EXPECT_CK_OK(c, rv))
2256 goto bail;
2257
2258 while (1) {
2259 rv = C_FindObjects(session, &obj_hdl, 1, &count);
2260 if (!ADBG_EXPECT_CK_OK(c, rv))
2261 goto bail;
2262 if (!count)
2263 break;
2264
2265 rv = C_DestroyObject(session, obj_hdl);
2266 ADBG_EXPECT_CK_OK(c, rv);
2267 }
2268
2269 rv = C_FindObjectsFinal(session);
2270 ADBG_EXPECT_CK_OK(c, rv);
2271
2272 rv = C_Logout(session);
2273 ADBG_EXPECT_CK_OK(c, rv);
2274
2275bail:
2276 rv = C_CloseSession(session);
2277 ADBG_EXPECT_CK_OK(c, rv);
2278}
2279
2280static void xtest_pkcs11_test_1011(ADBG_Case_t *c)
2281{
2282 CK_RV rv = CKR_GENERAL_ERROR;
2283 CK_SLOT_ID slot = 0;
2284 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2285 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2286 CK_OBJECT_HANDLE obj_hdl[10] = { };
2287 CK_OBJECT_HANDLE obj_found[10] = { };
2288 const char *label = "Common Label";
2289 CK_ULONG hdl_count = 0;
2290 size_t n = 0;
2291 uint32_t i = 0;
2292 uint32_t object_id = 0;
2293 bool logged_in = false;
2294 CK_ATTRIBUTE find_template[] = {
2295 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2296 };
2297 CK_ATTRIBUTE find_token_template[] = {
2298 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2299 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2300 };
2301 CK_ATTRIBUTE find_session_template[] = {
2302 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2303 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
2304 };
2305 CK_BBOOL bToken = CK_FALSE;
2306 CK_ATTRIBUTE get_attr_template[] = {
2307 { CKA_TOKEN, &bToken, sizeof(bToken) },
2308 };
2309
2310 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
2311 obj_hdl[n] = CK_INVALID_HANDLE;
2312 for (n = 0; n < ARRAY_SIZE(obj_found); n++)
2313 obj_found[n] = CK_INVALID_HANDLE;
2314
2315 rv = init_lib_and_find_token_slot(&slot);
2316 if (!ADBG_EXPECT_CK_OK(c, rv))
2317 return;
2318
2319 rv = init_test_token(slot);
2320 if (!ADBG_EXPECT_CK_OK(c, rv))
2321 return;
2322
2323 rv = init_user_test_token(slot);
2324 if (!ADBG_EXPECT_CK_OK(c, rv))
2325 return;
2326
2327 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2328 if (!ADBG_EXPECT_CK_OK(c, rv))
2329 goto close_lib;
2330
2331 /*
2332 * Sub test: Create Session Public/Private,
2333 * Token Public/Private objects and find them
2334 */
2335 Do_ADBG_BeginSubCase(c, "Find created Data objects when logged in");
2336
2337 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2338 rv = create_data_object(session, &obj_hdl[object_id++], CK_FALSE,
2339 CK_FALSE, label);
2340 if (!ADBG_EXPECT_CK_OK(c, rv))
2341 goto out;
2342
2343 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2344 rv = create_data_object(session, &obj_hdl[object_id++], CK_TRUE,
2345 CK_FALSE, label);
2346 if (!ADBG_EXPECT_CK_OK(c, rv))
2347 goto out;
2348
2349 /*
2350 * Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE
2351 * Expected error as User not logged in
2352 */
2353 rv = create_data_object(session, &obj_hdl[object_id], CK_TRUE,
2354 CK_TRUE, label);
2355 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2356 goto out;
2357
2358 /* Login to Test Token */
2359 rv = C_Login(session, CKU_USER, test_token_user_pin,
2360 sizeof(test_token_user_pin));
2361 if (!ADBG_EXPECT_CK_OK(c, rv))
2362 goto out;
2363
2364 logged_in = true;
2365
2366 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
2367 rv = create_data_object(session, &obj_hdl[object_id++], CK_TRUE,
2368 CK_TRUE, label);
2369 if (!ADBG_EXPECT_CK_OK(c, rv))
2370 goto out;
2371
2372 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2373 rv = create_data_object(session, &obj_hdl[object_id++], CK_FALSE,
2374 CK_TRUE, label);
2375 if (!ADBG_EXPECT_CK_OK(c, rv))
2376 goto out;
2377
2378 rv = test_find_objects(c, session, find_template,
2379 ARRAY_SIZE(find_template),
2380 obj_found, ARRAY_SIZE(obj_found), 4);
2381 if (!ADBG_EXPECT_CK_OK(c, rv))
2382 goto out;
2383
2384 /*
2385 * Check if object handles returned when creating objects with this
2386 * session are still valid
2387 */
2388 for (i = 0; i < object_id; i++) {
2389 rv = C_GetAttributeValue(session, obj_hdl[i], get_attr_template,
2390 ARRAY_SIZE(get_attr_template));
2391 if (!ADBG_EXPECT_CK_OK(c, rv))
2392 goto out;
2393 }
2394
2395 Do_ADBG_EndSubCase(c, NULL);
2396
2397 /*
2398 * Sub test: Pass NULL template with count as 0. All objects should
2399 * get returned
2400 */
2401 Do_ADBG_BeginSubCase(c, "Find all objects by passing NULL template");
2402
2403 rv = test_find_objects(c, session, NULL, 0, obj_found,
2404 ARRAY_SIZE(obj_found), 4);
2405 if (!ADBG_EXPECT_CK_OK(c, rv))
2406 goto out;
2407
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2408 Do_ADBG_EndSubCase(c, NULL);
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2409
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2410 /*
2411 * Sub test: finalize search without getting the handles found
2412 */
2413 Do_ADBG_BeginSubCase(c, "Initiate and finalize straight a search");
2414
2415 rv = C_FindObjectsInit(session, find_template,
2416 ARRAY_SIZE(find_template));
2417 if (!ADBG_EXPECT_CK_OK(c, rv))
2418 goto out;
2419
2420 rv = C_FindObjectsFinal(session);
2421 if (!ADBG_EXPECT_CK_OK(c, rv))
2422 goto out;
2423
2424 /*
2425 * Check if object handles returned when creating objects with this
2426 * session are still valid
2427 */
2428 for (i = 0; i < object_id; i++) {
2429 rv = C_GetAttributeValue(session, obj_hdl[i], get_attr_template,
2430 ARRAY_SIZE(get_attr_template));
2431 if (!ADBG_EXPECT_CK_OK(c, rv))
2432 goto out;
2433 }
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2434 Do_ADBG_EndSubCase(c, NULL);
2435
2436 /*
2437 * Sub test: Logout and find objects. We will find only public
2438 * objects (2)
2439 */
2440 Do_ADBG_BeginSubCase(c, "Find created Data objects when logged out");
2441
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2442 rv = C_Logout(session);
2443 ADBG_EXPECT_CK_OK(c, rv);
2444
2445 logged_in = false;
2446
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2447 rv = test_find_objects(c, session, find_template,
2448 ARRAY_SIZE(find_template),
2449 obj_found, ARRAY_SIZE(obj_found), 2);
2450 if (!ADBG_EXPECT_CK_OK(c, rv))
2451 goto out;
2452
2453 Do_ADBG_EndSubCase(c, NULL);
2454
2455 /*
2456 * Sub test
2457 */
2458 Do_ADBG_BeginSubCase(c, "Find objects 1 by 1 and match handles");
2459
2460 for (n = 0; n < ARRAY_SIZE(obj_found); n++)
2461 obj_found[n] = CK_INVALID_HANDLE;
2462
2463 rv = C_FindObjectsInit(session, find_template,
2464 ARRAY_SIZE(find_template));
2465 if (!ADBG_EXPECT_CK_OK(c, rv))
2466 goto out;
2467
2468 rv = C_FindObjects(session, obj_found, 1, &hdl_count);
2469 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2470 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 1) ||
2471 !ADBG_EXPECT_TRUE(c, (obj_found[0] == obj_hdl[0]) ||
2472 (obj_found[0] == obj_hdl[1])))
2473 goto out;
2474
2475 rv = C_FindObjects(session, &obj_found[1], 1, &hdl_count);
2476 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2477 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 1) ||
2478 !ADBG_EXPECT_TRUE(c, (obj_found[1] == obj_hdl[0]) ||
2479 (obj_found[1] == obj_hdl[1])) ||
2480 !ADBG_EXPECT_TRUE(c, (obj_found[1] != obj_found[0])))
2481 goto out;
2482
2483 rv = C_FindObjects(session, obj_found, 1, &hdl_count);
2484 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2485 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 0))
2486 goto out;
2487
2488 rv = C_FindObjectsFinal(session);
2489 if (!ADBG_EXPECT_CK_OK(c, rv))
2490 goto out;
2491
2492 Do_ADBG_EndSubCase(c, NULL);
2493
2494 /*
2495 * Sub test: Find objects with CKA_TOKEN=TRUE
2496 */
2497 Do_ADBG_BeginSubCase(c, "Find persistent objects");
2498
2499 rv = test_find_objects(c, session, find_token_template,
2500 ARRAY_SIZE(find_token_template),
2501 obj_found, ARRAY_SIZE(obj_found), 1);
2502 if (!ADBG_EXPECT_CK_OK(c, rv))
2503 goto out;
2504
2505 Do_ADBG_EndSubCase(c, NULL);
2506
2507 /*
2508 * Sub test: Find only session objects
2509 */
2510 Do_ADBG_BeginSubCase(c, "Find session objects");
2511
2512 rv = test_find_objects(c, session, find_session_template,
2513 ARRAY_SIZE(find_session_template),
2514 obj_found, ARRAY_SIZE(obj_found), 1);
2515 if (!ADBG_EXPECT_CK_OK(c, rv))
2516 goto out;
2517
2518 Do_ADBG_EndSubCase(c, NULL);
2519
2520 /*
2521 * Sub test:
2522 */
2523 Do_ADBG_BeginSubCase(c, "Login again and find Data objects");
2524
2525 /* Login to Test Token */
2526 rv = C_Login(session, CKU_USER, test_token_user_pin,
2527 sizeof(test_token_user_pin));
2528 if (!ADBG_EXPECT_CK_OK(c, rv))
2529 goto out;
2530
2531 logged_in = true;
2532
2533 rv = test_find_objects(c, session, find_template,
2534 ARRAY_SIZE(find_template),
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2535 obj_found, ARRAY_SIZE(obj_found), 3);
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2536 if (!ADBG_EXPECT_CK_OK(c, rv))
2537 goto out;
2538
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2539 rv = C_Logout(session);
2540 ADBG_EXPECT_CK_OK(c, rv);
2541
2542 logged_in = false;
2543
2544 Do_ADBG_EndSubCase(c, NULL);
2545
2546 /*
2547 * Sub test: Close session and open new session, find objects
2548 * without logging and after logging
2549 */
2550 Do_ADBG_BeginSubCase(c, "Find objects from brand new session");
2551
2552 rv = C_CloseSession(session);
2553 if (!ADBG_EXPECT_CK_OK(c, rv))
2554 goto destr_obj;
2555
2556 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2557 if (!ADBG_EXPECT_CK_OK(c, rv))
2558 goto destr_obj;
2559
2560 rv = test_find_objects(c, session, find_template,
2561 ARRAY_SIZE(find_template),
2562 obj_found, ARRAY_SIZE(obj_found), 1);
2563 if (!ADBG_EXPECT_CK_OK(c, rv))
2564 goto out;
2565
2566 /* Login to Test Token */
2567 rv = C_Login(session, CKU_USER, test_token_user_pin,
2568 sizeof(test_token_user_pin));
2569 if (!ADBG_EXPECT_CK_OK(c, rv))
2570 goto out;
2571
2572 logged_in = true;
2573
2574 rv = test_find_objects(c, session, find_template,
2575 ARRAY_SIZE(find_template),
2576 obj_found, ARRAY_SIZE(obj_found), 2);
2577 if (!ADBG_EXPECT_CK_OK(c, rv))
2578 goto out;
2579
2580 rv = C_Logout(session);
2581 ADBG_EXPECT_CK_OK(c, rv);
2582
2583 logged_in = false;
2584
2585 Do_ADBG_EndSubCase(c, NULL);
2586
2587 /*
2588 * Sub test: invalid call cases
2589 */
2590 Do_ADBG_BeginSubCase(c, "Invalid cases");
2591
2592 rv = C_FindObjectsFinal(session);
2593 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
2594
2595 rv = C_FindObjects(session,
2596 obj_found, ARRAY_SIZE(obj_found), &hdl_count);
2597 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
2598
2599 rv = C_FindObjectsInit(session, find_template,
2600 ARRAY_SIZE(find_template));
2601 if (!ADBG_EXPECT_CK_OK(c, rv))
2602 goto out;
2603
2604 rv = C_FindObjectsInit(session, find_template,
2605 ARRAY_SIZE(find_template));
2606 ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK);
2607
2608 rv = C_FindObjectsFinal(session);
2609 ADBG_EXPECT_CK_OK(c, rv);
2610
2611 rv = C_FindObjectsInit(session, find_template,
2612 ARRAY_SIZE(find_template));
2613 ADBG_EXPECT_CK_OK(c, rv);
2614
2615 /*
2616 * Intentionally do not finalize the active object search. It should be
2617 * released together with the session closure.
2618 */
2619 Do_ADBG_EndSubCase(c, NULL);
2620
2621out:
2622 if (logged_in)
2623 ADBG_EXPECT_CK_OK(c, C_Logout(session));
2624
2625 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2626
2627destr_obj:
2628 destroy_persistent_objects(c, slot);
2629close_lib:
2630 ADBG_EXPECT_CK_OK(c, close_lib());
2631}
2632ADBG_CASE_DEFINE(pkcs11, 1011, xtest_pkcs11_test_1011,
2633 "PKCS11: Test Find Objects");
Vesa Jääskeläinen33ada292021-01-13 23:17:55 +0200[diff] [blame]2634
2635static void xtest_pkcs11_test_1012(ADBG_Case_t *c)
2636{
2637 CK_RV rv = CKR_GENERAL_ERROR;
2638 CK_SLOT_ID slot = 0;
2639 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2640 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2641 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2642 CK_OBJECT_HANDLE key_hdl = CK_INVALID_HANDLE;
2643 size_t i = 0;
2644
2645 CK_OBJECT_CLASS obj_class = CKO_DATA;
2646 CK_BBOOL obj_token = CK_FALSE;
2647 CK_BBOOL obj_private = CK_FALSE;
2648 uint8_t obj_value[5] = { 1, 2, 3, 4, 5 };
2649 const char *obj_label = "Label";
2650
2651 CK_ATTRIBUTE object_template[] = {
2652 { CKA_CLASS, &obj_class, sizeof(obj_class) },
2653 { CKA_TOKEN, &obj_token, sizeof(obj_token) },
2654 { CKA_PRIVATE, &obj_private, sizeof(obj_private) },
2655 { CKA_VALUE, obj_value, sizeof(obj_value) },
2656 { CKA_LABEL, (CK_UTF8CHAR_PTR)obj_label, strlen(obj_label) },
2657 };
2658
2659 CK_OBJECT_CLASS secret_class = CKO_SECRET_KEY;
2660 CK_BBOOL secret_token = CK_FALSE;
2661 CK_BBOOL secret_private = CK_FALSE;
2662 CK_KEY_TYPE secret_key_type = CKK_GENERIC_SECRET;
2663 CK_ULONG secret_len = 32;
2664 CK_MECHANISM_TYPE secret_allowed_mecha[] = { CKM_SHA_1_HMAC,
2665 CKM_SHA224_HMAC,
2666 CKM_SHA256_HMAC };
2667
2668 CK_ATTRIBUTE secret_template[] = {
2669 { CKA_CLASS, &secret_class, sizeof(secret_class) },
2670 { CKA_TOKEN, &secret_token, sizeof(secret_token) },
2671 { CKA_PRIVATE, &secret_private, sizeof(secret_private) },
2672 { CKA_KEY_TYPE, &secret_key_type, sizeof(secret_key_type) },
2673 { CKA_VALUE_LEN, &secret_len, sizeof(secret_len) },
2674 { CKA_ALLOWED_MECHANISMS, secret_allowed_mecha,
2675 sizeof(secret_allowed_mecha) }
2676 };
2677
2678 CK_BBOOL g_token = CK_TRUE;
2679 CK_BBOOL g_private = CK_TRUE;
2680 CK_OBJECT_CLASS g_class = ~0;
2681 uint8_t g_value[128] = { 0 };
2682 CK_MECHANISM_TYPE g_mecha_list[10] = { 0 };
2683
2684 uint8_t *data_ptr = NULL;
2685
2686 CK_ATTRIBUTE get_attr_template_bc[] = {
2687 { CKA_TOKEN, &g_token, sizeof(g_token) },
2688 { CKA_CLASS, &g_class, sizeof(g_class) },
2689 };
2690
2691 CK_ATTRIBUTE get_attr_template_cb[] = {
2692 { CKA_CLASS, &g_class, sizeof(g_class) },
2693 { CKA_TOKEN, &g_token, sizeof(g_token) },
2694 };
2695
Vesa Jääskeläinen2f068b12021-06-27 17:46:53 +0300[diff] [blame]2696 CK_ATTRIBUTE get_attr_template_query_bc[] = {
2697 { CKA_TOKEN, NULL, 0 },
2698 { CKA_CLASS, NULL, 0 },
2699 };
2700
2701 CK_ATTRIBUTE get_attr_template_query_cb[] = {
2702 { CKA_CLASS, NULL, 0 },
2703 { CKA_TOKEN, NULL, 0 },
2704 };
2705
Vesa Jääskeläinen33ada292021-01-13 23:17:55 +0200[diff] [blame]2706 CK_ATTRIBUTE get_attr_template_ve[] = {
2707 { CKA_VALUE, &g_value, sizeof(obj_value) },
2708 };
2709
2710 CK_ATTRIBUTE get_attr_template_vl[] = {
2711 { CKA_VALUE, &g_value, sizeof(g_value) },
2712 };
2713
2714 CK_ATTRIBUTE get_attr_template_bvecb[] = {
2715 { CKA_TOKEN, &g_token, sizeof(g_token) },
2716 { CKA_VALUE, &g_value, sizeof(obj_value) },
2717 { CKA_CLASS, &g_class, sizeof(g_class) },
2718 { CKA_TOKEN, &g_private, sizeof(g_private) },
2719 };
2720
2721 CK_ATTRIBUTE get_attr_template_bvlcb[] = {
2722 { CKA_TOKEN, &g_token, sizeof(g_token) },
2723 { CKA_VALUE, &g_value, sizeof(g_value) },
2724 { CKA_CLASS, &g_class, sizeof(g_class) },
2725 { CKA_TOKEN, &g_private, sizeof(g_private) },
2726 };
2727
2728 CK_ATTRIBUTE get_attr_template_am[] = {
2729 { CKA_ALLOWED_MECHANISMS, &g_mecha_list, sizeof(g_mecha_list) },
2730 };
2731
2732 rv = init_lib_and_find_token_slot(&slot);
2733 if (!ADBG_EXPECT_CK_OK(c, rv))
2734 return;
2735
2736 rv = init_test_token(slot);
2737 if (!ADBG_EXPECT_CK_OK(c, rv))
2738 goto close_lib;
2739
2740 rv = init_user_test_token(slot);
2741 if (!ADBG_EXPECT_CK_OK(c, rv))
2742 goto close_lib;
2743
2744 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2745 if (!ADBG_EXPECT_CK_OK(c, rv))
2746 goto close_lib;
2747
2748 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2749 rv = C_CreateObject(session, object_template,
2750 ARRAY_SIZE(object_template), &obj_hdl);
2751 if (!ADBG_EXPECT_CK_OK(c, rv))
2752 goto out;
2753
2754 /*
2755 * Sub test: Test Boolean (1 byte) + object class (CK_ULONG)
2756 */
2757 Do_ADBG_BeginSubCase(c, "Get Attribute - boolean + class");
2758 g_token = CK_TRUE;
2759 g_class = ~0;
2760
2761 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bc,
2762 ARRAY_SIZE(get_attr_template_bc));
2763 if (!ADBG_EXPECT_CK_OK(c, rv))
2764 goto out;
2765
2766 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2767 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2768
2769 Do_ADBG_EndSubCase(c, NULL);
2770
2771 /*
2772 * Sub test: object class (CK_ULONG) + Test Boolean (1 byte)
2773 */
2774 Do_ADBG_BeginSubCase(c, "Get Attribute - class + boolean");
2775 g_token = CK_TRUE;
2776 g_class = ~0;
2777
2778 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_cb,
2779 ARRAY_SIZE(get_attr_template_cb));
2780 if (!ADBG_EXPECT_CK_OK(c, rv))
2781 goto out;
2782
2783 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2784 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2785
2786 Do_ADBG_EndSubCase(c, NULL);
2787
2788 /*
Vesa Jääskeläinen2f068b12021-06-27 17:46:53 +0300[diff] [blame]2789 * Sub test: Query size boolean (1 byte) + object class (CK_ULONG)
2790 */
2791 Do_ADBG_BeginSubCase(c, "Get Attribute - query size boolean + class");
2792 g_token = CK_TRUE;
2793 g_class = ~0;
2794
2795 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_query_bc,
2796 ARRAY_SIZE(get_attr_template_query_bc));
2797 if (!ADBG_EXPECT_CK_OK(c, rv))
2798 goto out;
2799
2800 ADBG_EXPECT_COMPARE_UNSIGNED(c,
2801 get_attr_template_query_bc[0].ulValueLen, ==, 1);
2802 ADBG_EXPECT_COMPARE_UNSIGNED(c,
2803 get_attr_template_query_bc[1].ulValueLen, ==, sizeof(CK_ULONG));
2804
2805 Do_ADBG_EndSubCase(c, NULL);
2806
2807 /*
2808 * Sub test: Query size object class (CK_ULONG) + boolean (1 byte)
2809 */
2810 Do_ADBG_BeginSubCase(c, "Get Attribute - query size class + boolean");
2811 g_token = CK_TRUE;
2812 g_class = ~0;
2813
2814 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_query_cb,
2815 ARRAY_SIZE(get_attr_template_query_cb));
2816 if (!ADBG_EXPECT_CK_OK(c, rv))
2817 goto out;
2818
2819 ADBG_EXPECT_COMPARE_UNSIGNED(c,
2820 get_attr_template_query_cb[0].ulValueLen, ==, sizeof(CK_ULONG));
2821 ADBG_EXPECT_COMPARE_UNSIGNED(c,
2822 get_attr_template_query_cb[1].ulValueLen, ==, 1);
2823
2824 Do_ADBG_EndSubCase(c, NULL);
2825
2826 /*
Vesa Jääskeläinen33ada292021-01-13 23:17:55 +0200[diff] [blame]2827 * Sub test: value with exact size
2828 */
2829 Do_ADBG_BeginSubCase(c, "Get Attribute - value with exact size buffer");
2830 memset(g_value, 0xCC, sizeof(g_value));
2831
2832 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_ve,
2833 ARRAY_SIZE(get_attr_template_ve));
2834 if (!ADBG_EXPECT_CK_OK(c, rv))
2835 goto out;
2836
2837 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_ve[0].ulValueLen, ==, sizeof(obj_value));
2838 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2839 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2840 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2841 break;
2842
2843 Do_ADBG_EndSubCase(c, NULL);
2844
2845 /*
2846 * Sub test: value with larger buffer
2847 */
2848 Do_ADBG_BeginSubCase(c, "Get Attribute - value with larger buffer");
2849 memset(g_value, 0xCC, sizeof(g_value));
2850
2851 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_vl,
2852 ARRAY_SIZE(get_attr_template_vl));
2853 if (!ADBG_EXPECT_CK_OK(c, rv))
2854 goto out;
2855
2856 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_vl[0].ulValueLen, ==, sizeof(obj_value));
2857 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2858 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2859 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2860 break;
2861
2862 Do_ADBG_EndSubCase(c, NULL);
2863
2864 /*
2865 * Sub test: bool + value with exact size + class + bool
2866 */
2867 Do_ADBG_BeginSubCase(c, "Get Attribute - bool + value with exact size + class + bool");
2868 memset(g_value, 0xCC, sizeof(g_value));
2869 g_token = CK_TRUE;
2870 g_private = CK_TRUE;
2871 g_class = ~0;
2872
2873 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bvecb,
2874 ARRAY_SIZE(get_attr_template_bvecb));
2875 if (!ADBG_EXPECT_CK_OK(c, rv))
2876 goto out;
2877
2878 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_bvecb[1].ulValueLen,
2879 ==, sizeof(obj_value));
2880 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2881 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2882 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2883 break;
2884
2885 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2886 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2887 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE);
2888
2889 Do_ADBG_EndSubCase(c, NULL);
2890
2891 /*
2892 * Sub test: bool + value with larger buffer + class + bool
2893 */
2894 Do_ADBG_BeginSubCase(c, "Get Attribute - bool + value with larger buffer + class + bool");
2895 memset(g_value, 0xCC, sizeof(g_value));
2896 g_token = CK_TRUE;
2897 g_private = CK_TRUE;
2898 g_class = ~0;
2899
2900 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bvlcb,
2901 ARRAY_SIZE(get_attr_template_bvlcb));
2902 if (!ADBG_EXPECT_CK_OK(c, rv))
2903 goto out;
2904
2905 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_bvlcb[1].ulValueLen,
2906 ==, sizeof(obj_value));
2907 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2908 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2909 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2910 break;
2911
2912 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2913 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2914 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE);
2915
2916 Do_ADBG_EndSubCase(c, NULL);
2917
2918 /*
2919 * Sub test: allowed mechanism list
2920 */
2921 Do_ADBG_BeginSubCase(c, "Get Attribute - allowed mechanism list");
2922 memset(g_mecha_list, 0xCC, sizeof(g_mecha_list));
2923
2924 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2925 secret_template, ARRAY_SIZE(secret_template),
2926 &key_hdl);
2927 if (!ADBG_EXPECT_CK_OK(c, rv))
2928 goto out;
2929
2930 rv = C_GetAttributeValue(session, key_hdl, get_attr_template_am,
2931 ARRAY_SIZE(get_attr_template_am));
2932 if (!ADBG_EXPECT_CK_OK(c, rv))
2933 goto out;
2934
2935 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_am[0].ulValueLen, ==,
2936 sizeof(secret_allowed_mecha));
2937
2938 for (i = 0; i < sizeof(secret_allowed_mecha) / sizeof(*secret_allowed_mecha); i++)
2939 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_mecha_list[i], ==, secret_allowed_mecha[i]))
2940 break;
2941
2942 data_ptr = (uint8_t *)g_mecha_list;
2943 for (i = sizeof(secret_allowed_mecha); i < sizeof(g_mecha_list); i++)
2944 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, data_ptr[i], ==, 0xCC))
2945 break;
2946
2947 Do_ADBG_EndSubCase(c, NULL);
2948
2949out:
2950 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2951
2952close_lib:
2953 ADBG_EXPECT_CK_OK(c, close_lib());
2954}
2955ADBG_CASE_DEFINE(pkcs11, 1012, xtest_pkcs11_test_1012,
2956 "PKCS11: Serializer tests");
Ruchika Guptafdabbfa2021-01-25 11:55:18 +0530[diff] [blame]2957
2958static void xtest_pkcs11_test_1013(ADBG_Case_t *c)
2959{
2960 CK_RV rv = CKR_GENERAL_ERROR;
2961 CK_SLOT_ID slot = 0;
2962 CK_SESSION_HANDLE rw_session = CK_INVALID_HANDLE;
2963 CK_SESSION_HANDLE ro_session = CK_INVALID_HANDLE;
2964 CK_FLAGS rw_session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2965 CK_FLAGS ro_session_flags = CKF_SERIAL_SESSION;
2966 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2967 const char *label = "Dummy Objects";
2968 bool ro_logged_in = false;
2969
2970 rv = init_lib_and_find_token_slot(&slot);
2971 if (!ADBG_EXPECT_CK_OK(c, rv))
2972 return;
2973
2974 rv = init_test_token(slot);
2975 if (!ADBG_EXPECT_CK_OK(c, rv))
2976 goto close_lib;
2977
2978 rv = init_user_test_token(slot);
2979 if (!ADBG_EXPECT_CK_OK(c, rv))
2980 goto close_lib;
2981
2982 /* Open a RW session */
2983 rv = C_OpenSession(slot, rw_session_flags, NULL, 0, &rw_session);
2984 if (!ADBG_EXPECT_CK_OK(c, rv))
2985 goto close_lib;
2986
2987 /* Open a RO session */
2988 rv = C_OpenSession(slot, ro_session_flags, NULL, 0, &ro_session);
2989 if (!ADBG_EXPECT_CK_OK(c, rv))
2990 goto close_lib;
2991
2992 /*
2993 * Sub test: Check object creation from a R/O Public session
2994 */
2995 Do_ADBG_BeginSubCase(c, "Create objects in R/O Public Session");
2996
2997 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2998 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
2999 CK_FALSE, label);
3000 if (!ADBG_EXPECT_CK_OK(c, rv))
3001 goto out;
3002
3003 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3004 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3005 CK_TRUE, label);
3006 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3007 goto out;
3008
3009 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3010 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3011 CK_FALSE, label);
3012 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3013 goto out;
3014
3015 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3016 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3017 CK_TRUE, label);
3018 /* For Token object creation, SESSION_READ_ONLY will take priority */
3019 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3020 goto out;
3021
3022 Do_ADBG_EndSubCase(c, NULL);
3023
3024 /*
3025 * Sub test: Check access for a R/W Public session
3026 */
3027 Do_ADBG_BeginSubCase(c, "Create objects in R/O Public Session");
3028
3029 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3030 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3031 CK_FALSE, label);
3032 if (!ADBG_EXPECT_CK_OK(c, rv))
3033 goto out;
3034
3035 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3036 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3037 CK_TRUE, label);
3038 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3039 goto out;
3040
3041 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3042 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3043 CK_FALSE, label);
3044 if (!ADBG_EXPECT_CK_OK(c, rv))
3045 goto out;
3046
3047 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3048 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3049 CK_TRUE, label);
3050 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3051 goto out;
3052
3053 Do_ADBG_EndSubCase(c, NULL);
3054
3055 /*
3056 * Sub test: Check access for a R/O User session
3057 */
3058 Do_ADBG_BeginSubCase(c, "Create objects in R/O User Session");
3059
3060 /* Login to Test Token */
3061 rv = C_Login(ro_session, CKU_USER, test_token_user_pin,
3062 sizeof(test_token_user_pin));
3063 if (!ADBG_EXPECT_CK_OK(c, rv))
3064 goto out;
3065
3066 ro_logged_in = true;
3067
3068 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3069 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3070 CK_FALSE, label);
3071 if (!ADBG_EXPECT_CK_OK(c, rv))
3072 goto out;
3073
3074 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3075 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3076 CK_TRUE, label);
3077 if (!ADBG_EXPECT_CK_OK(c, rv))
3078 goto out;
3079
3080 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3081 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3082 CK_FALSE, label);
3083 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3084 goto out;
3085
3086 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3087 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3088 CK_TRUE, label);
3089 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3090 goto out;
3091
3092 Do_ADBG_EndSubCase(c, NULL);
3093
3094 /*
3095 * Sub test: Check access for a R/W User session
3096 */
3097 Do_ADBG_BeginSubCase(c, "Create objects in R/W User Session");
3098
3099 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3100 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3101 CK_FALSE, label);
3102 if (!ADBG_EXPECT_CK_OK(c, rv))
3103 goto out;
3104
3105 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3106 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3107 CK_TRUE, label);
3108 if (!ADBG_EXPECT_CK_OK(c, rv))
3109 goto out;
3110
3111 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3112 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3113 CK_FALSE, label);
3114 if (!ADBG_EXPECT_CK_OK(c, rv))
3115 goto out;
3116
3117 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3118 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3119 CK_TRUE, label);
3120 if (!ADBG_EXPECT_CK_OK(c, rv))
3121 goto out;
3122
3123 /* Log out */
3124 ADBG_EXPECT_CK_OK(c, C_Logout(ro_session));
3125 ro_logged_in = false;
3126
3127 /* Close RO session */
3128 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3129 ro_session = CK_INVALID_HANDLE;
3130
3131 Do_ADBG_EndSubCase(c, NULL);
3132
3133 /*
3134 * Sub test: Check access for a R/W SO session
3135 */
3136 Do_ADBG_BeginSubCase(c, "Create objects in R/W SO Session");
3137
3138 /* Login as security officer in RW session */
3139 rv = C_Login(rw_session, CKU_SO, test_token_so_pin,
3140 sizeof(test_token_so_pin));
3141 if (!ADBG_EXPECT_CK_OK(c, rv))
3142 goto out;
3143
3144 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3145 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3146 CK_FALSE, label);
3147 if (!ADBG_EXPECT_CK_OK(c, rv))
3148 goto logout;
3149
3150 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3151 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3152 CK_TRUE, label);
3153 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3154 goto logout;
3155
3156 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3157 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3158 CK_FALSE, label);
3159 if (!ADBG_EXPECT_CK_OK(c, rv))
3160 goto logout;
3161
3162 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3163 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3164 CK_TRUE, label);
3165 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3166 goto logout;
3167
3168logout:
3169 ADBG_EXPECT_CK_OK(c, C_Logout(rw_session));
3170out:
3171 if (ro_logged_in)
3172 ADBG_EXPECT_CK_OK(c, C_Logout(ro_session));
3173
3174 if (ro_session != CK_INVALID_HANDLE)
3175 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3176
3177 ADBG_EXPECT_CK_OK(c, C_CloseSession(rw_session));
3178
3179 Do_ADBG_EndSubCase(c, NULL);
3180
3181 destroy_persistent_objects(c, slot);
3182close_lib:
3183 ADBG_EXPECT_CK_OK(c, close_lib());
3184
3185}
3186ADBG_CASE_DEFINE(pkcs11, 1013, xtest_pkcs11_test_1013,
3187 "PKCS11: Object creation upon session type");
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3188
3189static void xtest_pkcs11_test_1014(ADBG_Case_t *c)
3190{
3191 CK_RV rv = CKR_GENERAL_ERROR;
3192 CK_SLOT_ID slot = 0;
3193 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3194 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3195 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
3196 const char *id = "1";
3197 const char *label = "Dummy Objects";
3198 const char *new_label = "New Object lable";
3199 size_t n = 0;
3200 char *g_label[100] = { };
3201 char *g_id[100] = { };
3202 CK_MECHANISM_TYPE secret_allowed_mecha[] = { CKM_SHA_1_HMAC,
3203 CKM_SHA224_HMAC,
3204 CKM_SHA256_HMAC };
3205 CK_ATTRIBUTE secret_key_template[] = {
3206 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3207 sizeof(CK_OBJECT_CLASS) },
3208 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3209 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3210 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3211 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3212 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3213 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3214 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
3215 sizeof(CK_KEY_TYPE) },
3216 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3217 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3218 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3219 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3220 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3221 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3222 { CKA_ALLOWED_MECHANISMS, secret_allowed_mecha,
3223 sizeof(secret_allowed_mecha) },
3224 };
3225 CK_BBOOL g_derive = CK_FALSE;
3226 CK_BBOOL g_sign = CK_FALSE;
3227 CK_BBOOL g_verify = CK_FALSE;
3228 CK_BBOOL g_encrypt = CK_FALSE;
3229 CK_BBOOL g_decrypt = CK_FALSE;
3230 CK_BBOOL g_wrap = CK_FALSE;
3231 CK_BBOOL g_unwrap = CK_FALSE;
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3232 uint32_t g_len = 0;
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3233 CK_ATTRIBUTE get_template[] = {
3234 { CKA_LABEL, (CK_UTF8CHAR_PTR)g_label, sizeof(g_label) },
3235 { CKA_ID, (CK_BYTE_PTR)g_id, sizeof(g_id) },
3236 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
3237 { CKA_SIGN, &g_sign, sizeof(CK_BBOOL) },
3238 { CKA_VERIFY, &g_verify, sizeof(CK_BBOOL) },
3239 { CKA_ENCRYPT, &g_encrypt, sizeof(CK_BBOOL) },
3240 { CKA_DECRYPT, &g_decrypt, sizeof(CK_BBOOL) },
3241 { CKA_WRAP, &g_wrap, sizeof(CK_BBOOL) },
3242 { CKA_UNWRAP, &g_unwrap, sizeof(CK_BBOOL) },
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3243 { CKA_VALUE_LEN, &g_len, sizeof(CK_ULONG) },
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3244 };
3245 CK_ATTRIBUTE set_template[] = {
3246 { CKA_LABEL, (CK_UTF8CHAR_PTR)new_label, strlen(new_label) },
3247 { CKA_ID, (CK_BYTE_PTR)id, strlen(id) },
3248 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3249 { CKA_WRAP, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3250 { CKA_UNWRAP, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3251 { CKA_SIGN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3252 { CKA_VERIFY, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3253 { CKA_ENCRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3254 { CKA_DECRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3255 /* CKA_SENSITIVE -> CK_FALSE to CK_TRUE is allowed */
3256 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3257 /* CKA_EXTRACTABLE -> CK_TRUE to CK_FALSE is allowed */
3258 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3259 /* CKA_COPYABLE -> CK_TRUE to CK_FALSE is allowed */
3260 { CKA_COPYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3261 };
3262 CK_ATTRIBUTE set_inv_template1[] = {
3263 /* Attributes Not Modifiable */
3264 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA},
3265 sizeof(CK_OBJECT_CLASS) },
3266 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3267 { CKA_ALWAYS_SENSITIVE, &(CK_BBOOL){CK_FALSE},
3268 sizeof(CK_BBOOL) },
3269 { CKA_NEVER_EXTRACTABLE, &(CK_BBOOL){CK_FALSE},
3270 sizeof(CK_BBOOL) },
3271 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3272 { CKA_PRIVATE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3273 { CKA_MODIFIABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3274 { CKA_DESTROYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3275 /* Change not allowed from CK_TRUE -> CK_FALSE */
3276 { CKA_SENSITIVE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3277 /* Change not allowed from CK_FALSE -> CK_TRUE */
3278 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3279 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3280 };
3281 CK_ATTRIBUTE set_inv_template2[] = {
3282 { CKA_APPLICATION, (CK_UTF8CHAR_PTR)label, sizeof(label) },
3283 };
3284 CK_ATTRIBUTE set_trusted_template[] = {
3285 { CKA_TRUSTED, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3286 };
3287
3288 rv = init_lib_and_find_token_slot(&slot);
3289 if (!ADBG_EXPECT_CK_OK(c, rv))
3290 return;
3291
3292 rv = init_test_token(slot);
3293 if (!ADBG_EXPECT_CK_OK(c, rv))
3294 goto close_lib;
3295
3296 rv = init_user_test_token(slot);
3297 if (!ADBG_EXPECT_CK_OK(c, rv))
3298 goto close_lib;
3299
3300 /* Open a RW session */
3301 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3302 if (!ADBG_EXPECT_CK_OK(c, rv))
3303 goto close_lib;
3304
3305 /* Create a secret key object */
3306 rv = C_CreateObject(session, secret_key_template,
3307 ARRAY_SIZE(secret_key_template), &obj_hdl);
3308 if (!ADBG_EXPECT_CK_OK(c, rv))
3309 goto close_session;
3310
3311 Do_ADBG_BeginSubCase(c, "Set attributes on secret key object");
3312
3313 rv = C_GetAttributeValue(session, obj_hdl, get_template,
3314 ARRAY_SIZE(get_template));
3315 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3316 !ADBG_EXPECT_BUFFER(c, label, strlen(label), g_label,
3317 get_template[0].ulValueLen) ||
3318 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
3319 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_FALSE) ||
3320 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_FALSE) ||
3321 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_TRUE) ||
3322 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_TRUE) ||
3323 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_TRUE) ||
3324 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_TRUE) ||
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3325 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_len, ==, 16) ||
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3326 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_template[1].ulValueLen, ==, 0))
3327 goto out;
3328
3329 rv = C_SetAttributeValue(session, obj_hdl, set_template,
3330 ARRAY_SIZE(set_template));
3331 if (!ADBG_EXPECT_CK_OK(c, rv))
3332 goto out;
3333
3334 get_template[0].ulValueLen = sizeof(g_label);
3335 get_template[1].ulValueLen = sizeof(g_id);
3336 rv = C_GetAttributeValue(session, obj_hdl, get_template,
3337 ARRAY_SIZE(get_template));
3338 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3339 !ADBG_EXPECT_BUFFER(c, new_label, strlen(new_label), g_label,
3340 get_template[0].ulValueLen) ||
3341 !ADBG_EXPECT_BUFFER(c, id, strlen(id), g_id,
3342 get_template[1].ulValueLen) ||
3343 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_TRUE) ||
3344 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_TRUE) ||
3345 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_TRUE) ||
3346 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_FALSE) ||
3347 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_FALSE) ||
3348 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_FALSE) ||
3349 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_FALSE))
3350 goto out;
3351
3352 Do_ADBG_EndSubCase(c, NULL);
3353
3354 Do_ADBG_BeginSubCase(c, "Test Invalid template with R/O Attributes");
3355
3356 for (n = 0; n < ARRAY_SIZE(set_inv_template1); n++) {
3357 rv = C_SetAttributeValue(session, obj_hdl,
3358 &set_inv_template1[n], 1);
3359 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_READ_ONLY, rv))
3360 goto out;
3361 }
3362
3363 Do_ADBG_EndSubCase(c, NULL);
3364
3365 Do_ADBG_BeginSubCase(c, "Test Invalid template with Invalid Attribute");
3366
3367 rv = C_SetAttributeValue(session, obj_hdl, set_inv_template2,
3368 ARRAY_SIZE(set_inv_template2));
3369 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_TYPE_INVALID, rv))
3370 goto out;
3371
3372 Do_ADBG_EndSubCase(c, NULL);
3373
3374 Do_ADBG_BeginSubCase(c, "Set CKA_TRUSTED with and w/o SO Login");
3375
3376 rv = C_SetAttributeValue(session, obj_hdl, set_trusted_template,
3377 ARRAY_SIZE(set_trusted_template));
3378 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_READ_ONLY, rv))
3379 goto out;
3380
3381 /* Login as SO in RW session */
3382 rv = C_Login(session, CKU_SO, test_token_so_pin,
3383 sizeof(test_token_so_pin));
3384 if (!ADBG_EXPECT_CK_OK(c, rv))
3385 goto out;
3386
3387 rv = C_SetAttributeValue(session, obj_hdl, set_trusted_template,
3388 ARRAY_SIZE(set_trusted_template));
3389 ADBG_EXPECT_CK_OK(c, rv);
3390
3391 ADBG_EXPECT_CK_OK(c, C_Logout(session));
3392out:
3393 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, obj_hdl));
3394
3395 Do_ADBG_EndSubCase(c, NULL);
3396
3397close_session:
3398 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
3399
3400close_lib:
3401 ADBG_EXPECT_CK_OK(c, close_lib());
3402}
3403ADBG_CASE_DEFINE(pkcs11, 1014, xtest_pkcs11_test_1014,
3404 "PKCS11: Test C_SetAttributeValue()");
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3405
3406static void xtest_pkcs11_test_1015(ADBG_Case_t *c)
3407{
3408 CK_RV rv = CKR_GENERAL_ERROR;
3409 CK_SLOT_ID slot = 0;
3410 CK_SESSION_HANDLE rw_session = CK_INVALID_HANDLE;
3411 CK_SESSION_HANDLE ro_session = CK_INVALID_HANDLE;
3412 CK_FLAGS rw_session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3413 CK_FLAGS ro_session_flags = CKF_SERIAL_SESSION;
3414 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
3415 CK_OBJECT_HANDLE obj_hdl_ro = CK_INVALID_HANDLE;
3416 CK_OBJECT_HANDLE obj_hdl_cp = CK_INVALID_HANDLE;
3417 const char *label = "Dummy Objects";
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3418 CK_ATTRIBUTE secret_key_create_template[] = {
3419 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3420 sizeof(CK_OBJECT_CLASS) },
3421 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
3422 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3423 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3424 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3425 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3426 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3427 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3428 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
3429 };
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3430 CK_ATTRIBUTE secret_key_template[] = {
3431 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3432 sizeof(CK_OBJECT_CLASS) },
3433 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
3434 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3435 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3436 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3437 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3438 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3439 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3440 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3441 };
3442 CK_BBOOL g_token = CK_FALSE;
3443 CK_BBOOL g_private = CK_FALSE;
3444 CK_BBOOL g_modify = CK_FALSE;
3445 CK_BBOOL g_copy = CK_FALSE;
3446 CK_BBOOL g_destroy = CK_FALSE;
3447 CK_BBOOL g_extract = CK_FALSE;
3448 CK_BBOOL g_sensitive = CK_FALSE;
3449 CK_BBOOL g_nextract = CK_FALSE;
3450 CK_BBOOL g_asensitive = CK_FALSE;
3451 CK_BBOOL g_local = CK_FALSE;
Vesa Jääskeläinen06f428a2021-06-27 20:02:29 +0300[diff] [blame^]3452 CK_BYTE g_value[16] = { };
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3453 CK_ATTRIBUTE get_template[] = {
3454 { CKA_TOKEN, &g_token, sizeof(CK_BBOOL) },
3455 { CKA_PRIVATE, &g_private, sizeof(CK_BBOOL) },
3456 { CKA_MODIFIABLE, &g_modify, sizeof(CK_BBOOL) },
3457 { CKA_COPYABLE, &g_copy, sizeof(CK_BBOOL) },
3458 { CKA_DESTROYABLE, &g_destroy, sizeof(CK_BBOOL) },
3459 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
3460 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
3461 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
3462 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
3463 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
3464 };
Vesa Jääskeläinen06f428a2021-06-27 20:02:29 +0300[diff] [blame^]3465 CK_ATTRIBUTE get_value_template[] = {
3466 { CKA_VALUE, &g_value, sizeof(g_value) }
3467 };
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3468 CK_ATTRIBUTE copy_template[] = {
3469 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3470 { CKA_MODIFIABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3471 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3472 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3473 };
3474 CK_ATTRIBUTE copy_template_inv[] = {
3475 { CKA_APPLICATION, (CK_UTF8CHAR_PTR)label, sizeof(label) },
3476 };
3477 CK_ATTRIBUTE copy_template_priv[] = {
3478 { CKA_PRIVATE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3479 };
3480 CK_ATTRIBUTE set_template[] = {
3481 { CKA_COPYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3482 };
3483
3484 rv = init_lib_and_find_token_slot(&slot);
3485 if (!ADBG_EXPECT_CK_OK(c, rv))
3486 return;
3487
3488 rv = init_test_token(slot);
3489 if (!ADBG_EXPECT_CK_OK(c, rv))
3490 goto close_lib;
3491
3492 rv = init_user_test_token(slot);
3493 if (!ADBG_EXPECT_CK_OK(c, rv))
3494 goto close_lib;
3495
3496 /* Open a RW session */
3497 rv = C_OpenSession(slot, rw_session_flags, NULL, 0, &rw_session);
3498 if (!ADBG_EXPECT_CK_OK(c, rv))
3499 goto close_lib;
3500
3501 /* Open a RO session */
3502 rv = C_OpenSession(slot, ro_session_flags, NULL, 0, &ro_session);
3503 if (!ADBG_EXPECT_CK_OK(c, rv))
3504 goto close_session;
3505
3506 /* Generate a secret key object in rw session */
3507 rv = C_GenerateKey(rw_session, &cktest_aes_keygen_mechanism,
3508 secret_key_template,
3509 ARRAY_SIZE(secret_key_template), &obj_hdl);
3510 if (!ADBG_EXPECT_CK_OK(c, rv))
3511 goto close_session;
3512
3513 /* Check its attribute values */
3514 rv = C_GetAttributeValue(rw_session, obj_hdl, get_template,
3515 ARRAY_SIZE(get_template));
3516 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3517 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3518 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3519 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3520 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3521 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3522 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
3523 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3524 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3525 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3526 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3527 goto close_session;
3528
Vesa Jääskeläinen06f428a2021-06-27 20:02:29 +0300[diff] [blame^]3529 /* Check that we can get (secret) CKA_VALUE */
3530 get_value_template[0].ulValueLen = sizeof(g_value);
3531 rv = C_GetAttributeValue(rw_session, obj_hdl, get_value_template,
3532 ARRAY_SIZE(get_value_template));
3533 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3534 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_value_template[0].ulValueLen,
3535 ==, sizeof(g_value)))
3536 goto close_session;
3537
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3538 /* Create a secret key object in ro session*/
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3539 rv = C_CreateObject(ro_session, secret_key_create_template,
3540 ARRAY_SIZE(secret_key_create_template), &obj_hdl_ro);
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3541 if (!ADBG_EXPECT_CK_OK(c, rv))
3542 goto close_session;
3543
3544 /*
3545 * Duplicate the object generated in RW session using C_GenerateKey() to
3546 * another object. Pass Template as NULL and test the attributes of
3547 * new created object.
3548 */
3549 Do_ADBG_BeginSubCase(c, "Copy Local Obj with NULL Template");
3550 rv = C_CopyObject(rw_session, obj_hdl, NULL, 0, &obj_hdl_cp);
3551 if (!ADBG_EXPECT_CK_OK(c, rv))
3552 goto out;
3553
3554 /*
3555 * Check its attribute values, should match the original object.
3556 * CKA_LOCAL shall be TRUE even in copied object as original object
3557 * was generated using C_GenerateKey()
3558 */
3559 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_template,
3560 ARRAY_SIZE(get_template));
3561 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3562 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3563 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3564 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3565 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3566 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3567 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
3568 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3569 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3570 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3571 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3572 goto out;
3573
3574 rv = C_DestroyObject(rw_session, obj_hdl_cp);
3575 if (!ADBG_EXPECT_CK_OK(c, rv))
3576 goto out;
3577
3578 obj_hdl_cp = CK_INVALID_HANDLE;
3579
3580 Do_ADBG_EndSubCase(c, NULL);
3581
3582 /*
3583 * Duplicate the object generated in RO session using C_CreateObject()
3584 * to another object. Pass Template as NULL and test the attributes of
3585 * new created object.
3586 */
3587 Do_ADBG_BeginSubCase(c, "Copy a non-local object with NULL Template");
3588
3589 /* Copy ro session object */
3590 rv = C_CopyObject(ro_session, obj_hdl_ro, NULL, 0, &obj_hdl_cp);
3591 if (!ADBG_EXPECT_CK_OK(c, rv))
3592 goto out;
3593
3594 /*
3595 * Check its attribute values, should match the original object.
3596 * CKA_LOCAL shall be FALSE even in copied object as original object
3597 * was generated using C_CreateObject()
3598 */
3599 rv = C_GetAttributeValue(ro_session, obj_hdl_cp, get_template,
3600 ARRAY_SIZE(get_template));
3601 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3602 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3603 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3604 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3605 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3606 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3607 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
3608 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3609 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3610 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3611 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3612 goto out;
3613
3614 rv = C_DestroyObject(ro_session, obj_hdl_cp);
3615 if (!ADBG_EXPECT_CK_OK(c, rv))
3616 goto out;
3617
3618 obj_hdl_cp = CK_INVALID_HANDLE;
3619
3620 Do_ADBG_EndSubCase(c, NULL);
3621
3622 /*
3623 * Test copying object with a valid template and check if attributes
3624 * get modified as indicated in the template. Checks modification of
3625 * attributes like CKA_TOKEN, CKA_MODIFIABLE which were not modifiable
3626 * via C_SetAttributeValue(). Also modifies the CKA_SENSITIVE,
3627 * CKA_EXTRACTABLE and checks corresponding values of RO attributes
3628 * CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE.
3629 */
3630 Do_ADBG_BeginSubCase(c, "Copy Object with Valid Template");
3631
3632 /*
3633 * Copy Session Object as a Token object
3634 * Properties CKA_MODIFIABLE turned to FALSE
3635 * CKA_EXTRACTABLE changed from TRUE to FALSE
3636 * CKA_NEVER_EXTRACTABLE should be FALSE.
3637 * CKA_SENSITIVE set to TRUE
3638 * However CKA_ALWAYS_SENSITIVE should be FALSE
3639 */
3640 rv = C_CopyObject(rw_session, obj_hdl, copy_template,
3641 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3642 if (!ADBG_EXPECT_CK_OK(c, rv))
3643 goto out;
3644
3645 /* Check the changed attribute values */
3646 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_template,
3647 ARRAY_SIZE(get_template));
3648 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3649 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_TRUE) ||
3650 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_FALSE) ||
3651 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
3652 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3653 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
3654 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3655 goto out;
3656
Vesa Jääskeläinen06f428a2021-06-27 20:02:29 +0300[diff] [blame^]3657 /* Check that we cannot anymore get (secret) CKA_VALUE */
3658 get_value_template[0].ulValueLen = sizeof(g_value);
3659 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_value_template,
3660 ARRAY_SIZE(get_value_template));
3661 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_SENSITIVE, rv) ||
3662 !(get_value_template[0].ulValueLen == CK_UNAVAILABLE_INFORMATION))
3663 goto close_session;
3664
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3665 /*
3666 * The copied object has CKA_MODIFIABLE set to FALSE. Check if
3667 * call to C_SetAttributeValue() returns CKR_ACTION_PROHIBITED
3668 */
3669 rv = C_SetAttributeValue(rw_session, obj_hdl_cp, set_template,
3670 ARRAY_SIZE(set_template));
3671 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ACTION_PROHIBITED, rv))
3672 goto out;
3673
3674 rv = C_DestroyObject(rw_session, obj_hdl_cp);
3675 if (!ADBG_EXPECT_CK_OK(c, rv))
3676 goto out;
3677
3678 obj_hdl_cp = CK_INVALID_HANDLE;
3679
3680 Do_ADBG_EndSubCase(c, NULL);
3681
3682 /*
3683 * Test changing the CKA_PRIVATE to TRUE when copying object.
3684 * Fails when user is not logged in. Passes after user logs in
3685 */
3686 Do_ADBG_BeginSubCase(c, "Copy Object as a Private Object");
3687
3688 /* The first attempt will fail as user is not logged in */
3689 rv = C_CopyObject(rw_session, obj_hdl, copy_template_priv,
3690 ARRAY_SIZE(copy_template_priv), &obj_hdl_cp);
3691 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3692 goto out;
3693
3694 /* Login to Test Token and repeat*/
3695 rv = C_Login(rw_session, CKU_USER, test_token_user_pin,
3696 sizeof(test_token_user_pin));
3697 if (!ADBG_EXPECT_CK_OK(c, rv))
3698 goto out;
3699
3700 /* Try copying a public object to a private object - should pass */
3701 rv = C_CopyObject(rw_session, obj_hdl, copy_template_priv,
3702 ARRAY_SIZE(copy_template_priv), &obj_hdl_cp);
3703 if (!ADBG_EXPECT_CK_OK(c, rv)) {
3704 ADBG_EXPECT_CK_OK(c, C_Logout(rw_session));
3705 goto out;
3706 }
3707
3708 if (!ADBG_EXPECT_CK_OK(c, C_Logout(rw_session)))
3709 goto out;
3710
3711 Do_ADBG_EndSubCase(c, NULL);
3712
3713 Do_ADBG_BeginSubCase(c, "Copy Object with Invalid Template");
3714
3715 rv = C_CopyObject(rw_session, obj_hdl, copy_template_inv,
3716 ARRAY_SIZE(copy_template_inv), &obj_hdl_cp);
3717 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_TYPE_INVALID, rv))
3718 goto out;
3719
3720 Do_ADBG_EndSubCase(c, NULL);
3721
3722 Do_ADBG_BeginSubCase(c, "Copy Object with COPYABLE false");
3723
3724 rv = C_SetAttributeValue(rw_session, obj_hdl, set_template,
3725 ARRAY_SIZE(set_template));
3726 if (!ADBG_EXPECT_CK_OK(c, rv))
3727 goto out;
3728
3729 rv = C_CopyObject(rw_session, obj_hdl, copy_template,
3730 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3731 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ACTION_PROHIBITED, rv))
3732 goto out;
3733
3734 Do_ADBG_EndSubCase(c, NULL);
3735
3736 Do_ADBG_BeginSubCase(c, "Copy session object to token in RO session");
3737
3738 rv = C_CopyObject(ro_session, obj_hdl_ro, copy_template,
3739 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3740 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3741 goto out;
3742
3743out:
3744 Do_ADBG_EndSubCase(c, NULL);
3745
3746 /* Destroy any token objects which may have been created */
3747 destroy_persistent_objects(c, slot);
3748
3749close_session:
3750 /* Closing session will also destroy all session objects */
3751 if (ro_session != CK_INVALID_HANDLE)
3752 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3753
3754 ADBG_EXPECT_CK_OK(c, C_CloseSession(rw_session));
3755
3756close_lib:
3757 ADBG_EXPECT_CK_OK(c, close_lib());
3758}
3759ADBG_CASE_DEFINE(pkcs11, 1015, xtest_pkcs11_test_1015,
3760 "PKCS11: Test C_CopyObject()");
Vesa Jääskeläinenf8687fe2021-02-06 20:58:22 +0200[diff] [blame]3761
3762static void xtest_pkcs11_test_1016(ADBG_Case_t *c)
3763{
3764 CK_RV rv = CKR_GENERAL_ERROR;
3765 CK_SLOT_ID slot = 0;
3766 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3767 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3768 uint8_t buffer[64] = { 0 };
3769 size_t i = 0;
3770
3771 rv = init_lib_and_find_token_slot(&slot);
3772 if (!ADBG_EXPECT_CK_OK(c, rv))
3773 return;
3774
3775 rv = init_test_token(slot);
3776 if (!ADBG_EXPECT_CK_OK(c, rv))
3777 goto close_lib;
3778
3779 rv = init_user_test_token(slot);
3780 if (!ADBG_EXPECT_CK_OK(c, rv))
3781 goto close_lib;
3782
3783 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3784 if (!ADBG_EXPECT_CK_OK(c, rv))
3785 goto close_lib;
3786
3787 Do_ADBG_BeginSubCase(c, "Seed random bytes");
3788
3789 memset(buffer, 0xCC, sizeof(buffer));
3790
3791 rv = C_SeedRandom(session, buffer, sizeof(buffer));
3792 if (!ADBG_EXPECT_CK_OK(c, rv))
3793 goto out;
3794
3795 Do_ADBG_EndSubCase(c, NULL);
3796
3797 Do_ADBG_BeginSubCase(c, "Seed random bytes with zero length buffer");
3798
3799 rv = C_SeedRandom(session, buffer, 0);
3800 if (!ADBG_EXPECT_CK_OK(c, rv))
3801 goto out;
3802
3803 rv = C_SeedRandom(session, NULL, 0);
3804 if (!ADBG_EXPECT_CK_OK(c, rv))
3805 goto out;
3806
3807 Do_ADBG_EndSubCase(c, NULL);
3808
3809 Do_ADBG_BeginSubCase(c, "Generate random bytes");
3810
3811 memset(buffer, 0xCC, sizeof(buffer));
3812
3813 rv = C_GenerateRandom(session, buffer, 61);
3814 if (!ADBG_EXPECT_CK_OK(c, rv))
3815 goto out;
3816
3817 /* Verify that end of buffer is still 0xCC */
3818 for (i = 61; i < sizeof(buffer); i++)
3819 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, buffer[i], ==, 0xCC))
3820 break;
3821
3822 Do_ADBG_EndSubCase(c, NULL);
3823
3824 Do_ADBG_BeginSubCase(c, "Generate random bytes with zero length buffer");
3825
3826 memset(buffer, 0xCC, sizeof(buffer));
3827
3828 rv = C_GenerateRandom(session, buffer, 0);
3829 if (!ADBG_EXPECT_CK_OK(c, rv))
3830 goto out;
3831
3832 /* Verify that whole buffer is still 0xCC */
3833 for (i = 0; i < sizeof(buffer); i++)
3834 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, buffer[i], ==, 0xCC))
3835 break;
3836
3837 rv = C_GenerateRandom(session, NULL, 0);
3838 ADBG_EXPECT_CK_OK(c, rv);
3839
3840out:
3841 Do_ADBG_EndSubCase(c, NULL);
3842
3843 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
3844
3845close_lib:
3846 ADBG_EXPECT_CK_OK(c, close_lib());
3847}
3848ADBG_CASE_DEFINE(pkcs11, 1016, xtest_pkcs11_test_1016,
3849 "PKCS11: Random number generator tests");
Ruchika Gupta5f7717a2021-02-17 13:34:24 +0530[diff] [blame]3850
3851static CK_RV derive_sym_key(CK_SESSION_HANDLE session,
3852 CK_OBJECT_HANDLE parent_key,
3853 CK_MECHANISM_TYPE mechanism, size_t data_len,
3854 CK_OBJECT_HANDLE_PTR derv_key_hdl, size_t key_len,
3855 CK_OBJECT_CLASS key_class, CK_KEY_TYPE key_type,
3856 CK_BBOOL sensitive, CK_BBOOL extble)
3857{
3858 CK_RV rv = CKR_GENERAL_ERROR;
3859 uint8_t buffer[512] = { 0 };
3860 uint8_t iv[16] = { 0 };
3861 CK_MECHANISM mech_derive = { 0 };
3862 CK_KEY_DERIVATION_STRING_DATA key_derv_param = { 0 };
Victor Chonge3a876d2021-05-04 18:03:07 +0100[diff] [blame]3863 CK_AES_CBC_ENCRYPT_DATA_PARAMS aes_cbc_param = { };
Ruchika Gupta5f7717a2021-02-17 13:34:24 +0530[diff] [blame]3864 CK_ATTRIBUTE derived_key_template[] = {
3865 { CKA_CLASS, &key_class, sizeof(key_class) },
3866 { CKA_KEY_TYPE, &key_type, sizeof(key_type) },
3867 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3868 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3869 { CKA_SENSITIVE, &sensitive, sizeof(sensitive) },
3870 { CKA_EXTRACTABLE, &extble, sizeof(extble) },
3871 { CKA_VALUE_LEN, &key_len, sizeof(key_len) }
3872 };
3873
3874 if (data_len > sizeof(buffer))
3875 return rv;
3876
3877 switch (mechanism) {
3878 case CKM_AES_ECB_ENCRYPT_DATA:
3879 key_derv_param.pData = buffer;
3880 key_derv_param.ulLen = data_len;
3881 mech_derive.mechanism = mechanism;
3882 mech_derive.pParameter = &key_derv_param;
3883 mech_derive.ulParameterLen = sizeof(key_derv_param);
3884 break;
3885 case CKM_AES_CBC_ENCRYPT_DATA:
3886 memcpy(aes_cbc_param.iv, iv, 16);
3887 aes_cbc_param.pData = buffer;
3888 aes_cbc_param.length = data_len;
3889 mech_derive.mechanism = mechanism;
3890 mech_derive.pParameter = &aes_cbc_param;
3891 mech_derive.ulParameterLen = sizeof(aes_cbc_param);
3892 break;
3893 case CKM_AES_ECB:
3894 /* Not a derivation algorithm */
3895 mech_derive.mechanism = mechanism;
3896 mech_derive.pParameter = NULL;
3897 mech_derive.ulParameterLen = 0;
3898 break;
3899 default:
3900 return rv;
3901 }
3902
3903 /* Don't use VALUE_LEN parameter if key_len passed is 0 */
3904 if (key_len)
3905 rv = C_DeriveKey(session, &mech_derive, parent_key,
3906 derived_key_template,
3907 ARRAY_SIZE(derived_key_template),
3908 derv_key_hdl);
3909 else
3910 /* last attribute in template is the derived key size */
3911 rv = C_DeriveKey(session, &mech_derive, parent_key,
3912 derived_key_template,
3913 ARRAY_SIZE(derived_key_template) - 1,
3914 derv_key_hdl);
3915 return rv;
3916}
3917
3918static void xtest_pkcs11_test_1017(ADBG_Case_t *c)
3919{
3920 CK_RV rv = CKR_GENERAL_ERROR;
3921 CK_SLOT_ID slot = 0;
3922 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3923 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3924 CK_OBJECT_HANDLE derv_key_hdl = CK_INVALID_HANDLE;
3925 CK_OBJECT_HANDLE aes_key1 = CK_INVALID_HANDLE;
3926 CK_OBJECT_HANDLE aes_key2 = CK_INVALID_HANDLE;
3927 CK_OBJECT_HANDLE aes_key_enc = CK_INVALID_HANDLE;
3928 size_t data_len = 0;
3929 size_t key_len = 0;
3930 CK_BBOOL g_extract = CK_FALSE;
3931 CK_BBOOL g_sensitive = CK_FALSE;
3932 CK_BBOOL g_nextract = CK_FALSE;
3933 CK_BBOOL g_asensitive = CK_FALSE;
3934 CK_BBOOL g_local = CK_FALSE;
3935 CK_OBJECT_CLASS g_class = CKO_VENDOR_DEFINED;
3936 CK_KEY_TYPE g_key_type = CKK_VENDOR_DEFINED;
3937 uint8_t g_val[516] = { 0 };
3938 CK_ULONG secret_len = 0;
3939 CK_ATTRIBUTE get_template[] = {
3940 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
3941 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
3942 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
3943 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
3944 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
3945 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
3946 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
3947 { CKA_VALUE_LEN, &secret_len, sizeof(secret_len) },
3948 /*
3949 * CKA_VALUE should remain last attribute in template,
3950 * in this test case as we check the length returned
3951 * from last index of the get_template in this test.
3952 */
3953 { CKA_VALUE, g_val, sizeof(g_val) },
3954 };
3955 uint32_t idx = ARRAY_SIZE(get_template) - 1;
3956 CK_ATTRIBUTE parent_template1[] = {
3957 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3958 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3959 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3960 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3961 };
3962 CK_ATTRIBUTE parent_template2[] = {
3963 { CKA_SENSITIVE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3964 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3965 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3966 { CKA_ENCRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3967 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3968 };
3969 CK_ATTRIBUTE parent_template_wo_derive[] = {
3970 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3971 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3972 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3973 };
3974 CK_ATTRIBUTE parent_template_w_enc_der[] = {
3975 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3976 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3977 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3978 };
3979
3980 rv = init_lib_and_find_token_slot(&slot);
3981 if (!ADBG_EXPECT_CK_OK(c, rv))
3982 return;
3983
3984 rv = init_test_token(slot);
3985 if (!ADBG_EXPECT_CK_OK(c, rv))
3986 goto close_lib;
3987
3988 rv = init_user_test_token(slot);
3989 if (!ADBG_EXPECT_CK_OK(c, rv))
3990 goto close_lib;
3991
3992 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3993 if (!ADBG_EXPECT_CK_OK(c, rv))
3994 goto close_lib;
3995
3996 /*
3997 * Parent AES Key 1
3998 * SENSITIVE = TRUE, EXTRACTABLE = FALSE
3999 * ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4000 */
4001 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4002 parent_template1, ARRAY_SIZE(parent_template1),
4003 &aes_key1);
4004 if (!ADBG_EXPECT_CK_OK(c, rv))
4005 goto close_session;
4006
4007 /*
4008 * Parent AES Key 2
4009 * SENSITIVE = FALSE, EXTRACTABLE = TRUE
4010 * ALWAYS_SENSITIVE = FALSE, NEVER_EXTRACTABLE = FALSE
4011 */
4012 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4013 parent_template2, ARRAY_SIZE(parent_template2),
4014 &aes_key2);
4015 if (!ADBG_EXPECT_CK_OK(c, rv))
4016 goto close_session;
4017
4018 Do_ADBG_BeginSubCase(c, "Derive Generic secret - AES-ECB Mechanism");
4019
4020 /*
4021 * Use AES key 1 as Parent key
4022 * 1. VALUE_LEN attribute not given in derivation template. Length
4023 * of key should be same as that of data length.
4024 * 2. Derivation template has SENSITIVE = TRUE, EXTRACTABLE = FALSE
4025 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4026 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4027 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4028 * 3. LOCAL should be false
4029 */
4030 data_len = 512;
4031 key_len = 0;
4032 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4033 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4034 CKK_GENERIC_SECRET, CK_TRUE, CK_FALSE);
4035 if (!ADBG_EXPECT_CK_OK(c, rv))
4036 goto out;
4037
4038 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4039 ARRAY_SIZE(get_template) - 1);
4040 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4041 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, data_len) ||
4042 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4043 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==,
4044 CKK_GENERIC_SECRET) ||
4045 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4046 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
4047 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
4048 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_TRUE) ||
4049 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE))
4050 goto out;
4051
4052 rv = C_DestroyObject(session, derv_key_hdl);
4053 if (!ADBG_EXPECT_CK_OK(c, rv))
4054 goto out;
4055
4056 Do_ADBG_EndSubCase(c, NULL);
4057
4058 Do_ADBG_BeginSubCase(c, "Derive AES key using AES-EBC");
4059
4060 /*
4061 * Use AES key 2 as Parent key
4062 * 1. VALUE_LEN < DATA_LEN, Derived key should have VALUE_LEN key size
4063 * 2. Derivation template has SENSITIVE = TRUE, EXTRACTABLE = FALSE
4064 * Parent key has ALWAYS_SENSITIVE = FALSE, NEVER_EXTRACTABLE = FALSE
4065 * So derived key, ALWAYS_SENSITIVE will be FALSE and
4066 * NEVER_EXTRACTABLE will be FALSE
4067 * 3. LOCAL should be false
4068 */
4069 data_len = 32;
4070 key_len = 16;
4071 rv = derive_sym_key(session, aes_key2, CKM_AES_ECB_ENCRYPT_DATA,
4072 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4073 CKK_AES, CK_TRUE, CK_FALSE);
4074 if (!ADBG_EXPECT_CK_OK(c, rv))
4075 goto out;
4076
4077 /* This being a SENSITIVE object, we can't get the VALUE */
4078 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4079 ARRAY_SIZE(get_template) - 1);
4080 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4081 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4082 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4083 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
4084 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4085 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
4086 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
4087 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4088 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
4089 goto out;
4090
4091 rv = C_DestroyObject(session, derv_key_hdl);
4092 if (!ADBG_EXPECT_CK_OK(c, rv))
4093 goto out;
4094
4095 Do_ADBG_EndSubCase(c, NULL);
4096
4097 Do_ADBG_BeginSubCase(c, "Derive AES key using AES-CBC");
4098
4099 /*
4100 * Use AES key 1 as Parent key
4101 * 1. VALUE_LEN = DATA_LEN, Derived key should have VALUE_LEN key size
4102 * 2. Derivation template has SENSITIVE = FALSE, EXTRACTABLE = FALSE
4103 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4104 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4105 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4106 * 3. LOCAL should be false
4107 */
4108 data_len = 32;
4109 key_len = 32;
4110 rv = derive_sym_key(session, aes_key1, CKM_AES_CBC_ENCRYPT_DATA,
4111 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4112 CKK_AES, CK_FALSE, CK_FALSE);
4113 if (!ADBG_EXPECT_CK_OK(c, rv))
4114 goto out;
4115
4116 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4117 ARRAY_SIZE(get_template) - 1);
4118 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4119 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4120 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4121 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
4122 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4123 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
4124 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
4125 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4126 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE))
4127 goto out;
4128
4129 rv = C_DestroyObject(session, derv_key_hdl);
4130 if (!ADBG_EXPECT_CK_OK(c, rv))
4131 goto out;
4132
4133 Do_ADBG_EndSubCase(c, NULL);
4134
4135 Do_ADBG_BeginSubCase(c, "Derive Generic secret key using AES-CBC");
4136 /*
4137 * Use AES key 2 as Parent key
4138 * 1. VALUE_LEN < DATA_LEN, Derived key should have VALUE_LEN key size
4139 * 2. Derivation template has SENSITIVE = FALSE, EXTRACTABLE = TRUE
4140 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4141 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4142 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4143 * 3. LOCAL should be false
4144 */
4145 data_len = 512;
4146 key_len = 256;
4147 rv = derive_sym_key(session, aes_key2, CKM_AES_CBC_ENCRYPT_DATA,
4148 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4149 CKK_GENERIC_SECRET, CK_FALSE, CK_TRUE);
4150 if (!ADBG_EXPECT_CK_OK(c, rv))
4151 goto out;
4152
4153 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4154 ARRAY_SIZE(get_template));
4155 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4156 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_template[idx].ulValueLen, ==,
4157 key_len) ||
4158 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4159 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4160 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==,
4161 CKK_GENERIC_SECRET) ||
4162 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4163 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
4164 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
4165 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4166 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
4167 goto out;
4168
4169 rv = C_DestroyObject(session, derv_key_hdl);
4170 if (!ADBG_EXPECT_CK_OK(c, rv))
4171 goto out;
4172
4173 Do_ADBG_EndSubCase(c, NULL);
4174
4175 Do_ADBG_BeginSubCase(c, "Invalid parameters during derivation");
4176
4177 /* Length of data used for derivation < key length */
4178 data_len = 16;
4179 key_len = 32;
4180 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4181 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4182 CKK_AES, CK_FALSE, CK_TRUE);
4183 if (!ADBG_EXPECT_CK_RESULT(c, CKR_DATA_LEN_RANGE, rv))
4184 goto out;
4185
4186 /* Data is not multiple of 16 */
4187 data_len = 18;
4188 key_len = 32;
4189 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4190 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4191 CKK_AES, CK_FALSE, CK_TRUE);
4192 if (!ADBG_EXPECT_CK_RESULT(c, CKR_DATA_LEN_RANGE, rv))
4193 goto out;
4194
4195 /* Wrong Mechanism */
4196 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB,
4197 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4198 CKK_AES, CK_FALSE, CK_TRUE);
4199 if (!ADBG_EXPECT_CK_RESULT(c, CKR_MECHANISM_INVALID, rv))
4200 goto out;
4201
4202 Do_ADBG_EndSubCase(c, NULL);
4203
4204 Do_ADBG_BeginSubCase(c, "Failure if operation already active");
4205
4206 /* Generate an AES key which can perform Encryption */
4207 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4208 parent_template_w_enc_der,
4209 ARRAY_SIZE(parent_template_w_enc_der),
4210 &aes_key_enc);
4211 if (!ADBG_EXPECT_CK_OK(c, rv))
4212 goto out;
4213
4214 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, aes_key_enc);
4215 if (!ADBG_EXPECT_CK_OK(c, rv))
4216 goto out;
4217
4218 data_len = 32;
4219 key_len = 32;
4220 rv = derive_sym_key(session, aes_key2, CKM_AES_ECB_ENCRYPT_DATA,
4221 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4222 CKK_AES, CK_FALSE, CK_TRUE);
4223 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_ACTIVE, rv))
4224 goto out;
4225
4226 rv = C_EncryptFinal(session, NULL, NULL);
4227 /* Only check that the operation is no more active */
4228 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
4229 goto out;
4230
4231 Do_ADBG_EndSubCase(c, NULL);
4232
4233 Do_ADBG_BeginSubCase(c, "Failure if parent key CKA_ENCRYPT is TRUE");
4234
4235 data_len = 32;
4236 key_len = 32;
4237 rv = derive_sym_key(session, aes_key_enc, CKM_AES_ECB_ENCRYPT_DATA,
4238 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4239 CKK_AES, CK_FALSE, CK_TRUE);
4240 /*
4241 * Not strictly expecting FUNCTION_FAILED but expecting a failure
4242 * as we have added a restriction that keys with attribute CKA_ENCRYPT
4243 * set can't be used for derivation.
4244 */
4245 if (!ADBG_EXPECT_CK_RESULT(c, CKR_FUNCTION_FAILED, rv))
4246 goto out;
4247
4248 Do_ADBG_EndSubCase(c, NULL);
4249
4250 Do_ADBG_BeginSubCase(c, "Failure if parent key CKA_DERIVE is FALSE");
4251
4252 rv = C_DestroyObject(session, aes_key1);
4253 if (!ADBG_EXPECT_CK_OK(c, rv))
4254 goto out;
4255
4256 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4257 parent_template_wo_derive,
4258 ARRAY_SIZE(parent_template_wo_derive),
4259 &aes_key1);
4260 if (!ADBG_EXPECT_CK_OK(c, rv))
4261 goto out;
4262
4263 data_len = 32;
4264 key_len = 32;
4265 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4266 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4267 CKK_AES, CK_FALSE, CK_TRUE);
4268 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_TYPE_INCONSISTENT, rv))
4269 goto out;
4270
4271out:
4272 Do_ADBG_EndSubCase(c, NULL);
4273
4274close_session:
4275 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
4276
4277close_lib:
4278 ADBG_EXPECT_CK_OK(c, close_lib());
4279}
4280ADBG_CASE_DEFINE(pkcs11, 1017, xtest_pkcs11_test_1017,
4281 "PKCS11: AES Key Derivation tests");
Vesa Jääskeläinenc95ee1e2021-03-06 12:20:12 +0200[diff] [blame]4282
4283/* Digest test patterns */
4284static const char digest_test_pattern[] = "The quick brown fox jumps over the lazy dog";
4285static const char digest_test_pattern_empty[] = "";
4286
4287/* MD5 checksums for digest test patterns */
4288static const uint8_t digest_test_pattern_md5[] = {
4289 0x9e, 0x10, 0x7d, 0x9d, 0x37, 0x2b, 0xb6, 0x82, 0x6b, 0xd8, 0x1d, 0x35,
4290 0x42, 0xa4, 0x19, 0xd6
4291};
4292static const uint8_t digest_test_pattern_empty_md5[] = {
4293 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, 0xe9, 0x80, 0x09, 0x98,
4294 0xec, 0xf8, 0x42, 0x7e
4295};
4296
4297/* SHA-1 checksums for digest test patterns */
4298static const uint8_t digest_test_pattern_sha1[] = {
4299 0x2f, 0xd4, 0xe1, 0xc6, 0x7a, 0x2d, 0x28, 0xfc, 0xed, 0x84, 0x9e, 0xe1,
4300 0xbb, 0x76, 0xe7, 0x39, 0x1b, 0x93, 0xeb, 0x12
4301};
4302static const uint8_t digest_test_pattern_empty_sha1[] = {
4303 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55, 0xbf, 0xef,
4304 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09
4305};
4306
4307/* SHA-224 checksums for digest test patterns */
4308static const uint8_t digest_test_pattern_sha224[] = {
4309 0x73, 0x0e, 0x10, 0x9b, 0xd7, 0xa8, 0xa3, 0x2b, 0x1c, 0xb9, 0xd9, 0xa0,
4310 0x9a, 0xa2, 0x32, 0x5d, 0x24, 0x30, 0x58, 0x7d, 0xdb, 0xc0, 0xc3, 0x8b,
4311 0xad, 0x91, 0x15, 0x25
4312};
4313static const uint8_t digest_test_pattern_empty_sha224[] = {
4314 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47, 0x61, 0x02, 0xbb,
4315 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
4316 0xc5, 0xb3, 0xe4, 0x2f
4317};
4318
4319/* SHA-256 checksums for digest test patterns */
4320static const uint8_t digest_test_pattern_sha256[] = {
4321 0xd7, 0xa8, 0xfb, 0xb3, 0x07, 0xd7, 0x80, 0x94, 0x69, 0xca, 0x9a, 0xbc,
4322 0xb0, 0x08, 0x2e, 0x4f, 0x8d, 0x56, 0x51, 0xe4, 0x6d, 0x3c, 0xdb, 0x76,
4323 0x2d, 0x02, 0xd0, 0xbf, 0x37, 0xc9, 0xe5, 0x92
4324};
4325static const uint8_t digest_test_pattern_empty_sha256[] = {
4326 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
4327 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
4328 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
4329};
4330
4331/* SHA-384 checksums for digest test patterns */
4332static const uint8_t digest_test_pattern_sha384[] = {
4333 0xca, 0x73, 0x7f, 0x10, 0x14, 0xa4, 0x8f, 0x4c, 0x0b, 0x6d, 0xd4, 0x3c,
4334 0xb1, 0x77, 0xb0, 0xaf, 0xd9, 0xe5, 0x16, 0x93, 0x67, 0x54, 0x4c, 0x49,
4335 0x40, 0x11, 0xe3, 0x31, 0x7d, 0xbf, 0x9a, 0x50, 0x9c, 0xb1, 0xe5, 0xdc,
4336 0x1e, 0x85, 0xa9, 0x41, 0xbb, 0xee, 0x3d, 0x7f, 0x2a, 0xfb, 0xc9, 0xb1
4337};
4338static const uint8_t digest_test_pattern_empty_sha384[] = {
4339 0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e,
4340 0xb1, 0xb1, 0xe3, 0x6a, 0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43,
4341 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, 0x27, 0x4e, 0xde, 0xbf,
4342 0xe7, 0x6f, 0x65, 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b
4343};
4344
4345/* SHA-512 checksums for digest test patterns */
4346static const uint8_t digest_test_pattern_sha512[] = {
4347 0x07, 0xe5, 0x47, 0xd9, 0x58, 0x6f, 0x6a, 0x73, 0xf7, 0x3f, 0xba, 0xc0,
4348 0x43, 0x5e, 0xd7, 0x69, 0x51, 0x21, 0x8f, 0xb7, 0xd0, 0xc8, 0xd7, 0x88,
4349 0xa3, 0x09, 0xd7, 0x85, 0x43, 0x6b, 0xbb, 0x64, 0x2e, 0x93, 0xa2, 0x52,
4350 0xa9, 0x54, 0xf2, 0x39, 0x12, 0x54, 0x7d, 0x1e, 0x8a, 0x3b, 0x5e, 0xd6,
4351 0xe1, 0xbf, 0xd7, 0x09, 0x78, 0x21, 0x23, 0x3f, 0xa0, 0x53, 0x8f, 0x3d,
4352 0xb8, 0x54, 0xfe, 0xe6
4353};
4354static const uint8_t digest_test_pattern_empty_sha512[] = {
4355 0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, 0xf1, 0x54, 0x28, 0x50,
4356 0xd6, 0x6d, 0x80, 0x07, 0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
4357 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, 0x47, 0xd0, 0xd1, 0x3c,
4358 0x5d, 0x85, 0xf2, 0xb0, 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
4359 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, 0xa5, 0x38, 0x32, 0x7a,
4360 0xf9, 0x27, 0xda, 0x3e
4361};
4362
4363#define DIGEST_TEST(_test_name, _mecha, _data, _digest) \
4364 { \
4365 .test_name = _test_name, \
4366 .mecha = _mecha, \
4367 .data = _data, \
4368 .data_size = sizeof(_data) - 1, \
4369 .digest = _digest, \
4370 .digest_size = sizeof(_digest) \
4371 }
4372
4373/* Digest simple test suite */
4374static struct {
4375 const char *test_name;
4376 CK_MECHANISM_TYPE mecha;
4377 const void *data;
4378 CK_ULONG data_size;
4379 const uint8_t *digest;
4380 CK_ULONG digest_size;
4381} digest_test_patterns[] = {
4382 DIGEST_TEST("CKM_MD5/empty", CKM_MD5, digest_test_pattern_empty,
4383 digest_test_pattern_empty_md5),
4384 DIGEST_TEST("CKM_MD5/test pattern", CKM_MD5, digest_test_pattern,
4385 digest_test_pattern_md5),
4386 DIGEST_TEST("CKM_SHA_1/empty", CKM_SHA_1, digest_test_pattern_empty,
4387 digest_test_pattern_empty_sha1),
4388 DIGEST_TEST("CKM_SHA_1/test pattern", CKM_SHA_1, digest_test_pattern,
4389 digest_test_pattern_sha1),
4390 DIGEST_TEST("CKM_SHA224/empty", CKM_SHA224, digest_test_pattern_empty,
4391 digest_test_pattern_empty_sha224),
4392 DIGEST_TEST("CKM_SHA224/test pattern", CKM_SHA224, digest_test_pattern,
4393 digest_test_pattern_sha224),
4394 DIGEST_TEST("CKM_SHA256/empty", CKM_SHA256, digest_test_pattern_empty,
4395 digest_test_pattern_empty_sha256),
4396 DIGEST_TEST("CKM_SHA256/test pattern", CKM_SHA256, digest_test_pattern,
4397 digest_test_pattern_sha256),
4398 DIGEST_TEST("CKM_SHA384/empty", CKM_SHA384, digest_test_pattern_empty,
4399 digest_test_pattern_empty_sha384),
4400 DIGEST_TEST("CKM_SHA384/test pattern", CKM_SHA384, digest_test_pattern,
4401 digest_test_pattern_sha384),
4402 DIGEST_TEST("CKM_SHA512/empty", CKM_SHA512, digest_test_pattern_empty,
4403 digest_test_pattern_empty_sha512),
4404 DIGEST_TEST("CKM_SHA512/test pattern", CKM_SHA512, digest_test_pattern,
4405 digest_test_pattern_sha512),
4406};
4407
4408static CK_ATTRIBUTE digest_generate_aes_object[] = {
4409 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
4410 sizeof(CK_OBJECT_CLASS) },
4411 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_AES }, sizeof(CK_KEY_TYPE) },
4412 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4413 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4414 { CKA_SENSITIVE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4415 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
4416 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
4417};
4418
4419static CK_ATTRIBUTE digest_generate_gensecret_object[] = {
4420 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
4421 sizeof(CK_OBJECT_CLASS) },
4422 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_GENERIC_SECRET },
4423 sizeof(CK_KEY_TYPE) },
4424 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4425 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4426 { CKA_SENSITIVE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4427 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]4428 { CKA_VALUE_LEN, &(CK_ULONG){ 32 }, sizeof(CK_ULONG) },
Vesa Jääskeläinenc95ee1e2021-03-06 12:20:12 +0200[diff] [blame]4429};
4430
4431static CK_ATTRIBUTE digest_data_object[] = {
4432 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_DATA },
4433 sizeof(CK_OBJECT_CLASS) },
4434 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4435 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4436};
4437
4438static void xtest_pkcs11_test_1018(ADBG_Case_t *c)
4439{
4440 CK_RV rv = CKR_GENERAL_ERROR;
4441 CK_SLOT_ID slot = 0;
4442 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
4443 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
4444 bool logged_in = false;
4445 uint8_t data[128] = { 0 };
4446 CK_ULONG data_size = 0;
4447 uint8_t digest[64] = { 0 };
4448 CK_ULONG digest_size = 0;
4449 const uint8_t *expect_digest = NULL;
4450 CK_ULONG expect_digest_size = 0;
4451 CK_MECHANISM mechanism = { CKM_MD5, NULL, 0 };
4452 uint8_t secret_data[128] = { 0 };
4453 CK_ULONG secret_data_size __maybe_unused = 0;
4454 CK_ATTRIBUTE digest_get_secret_value[] = {
4455 { CKA_VALUE, &secret_data, sizeof(secret_data) },
4456 };
4457 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
4458#ifdef OPENSSL_FOUND
4459 EVP_MD_CTX *mdctx = NULL;
4460 unsigned char hash[EVP_MAX_MD_SIZE] = { 0 };
4461 unsigned int md_len = 0;
4462 int ret = 0;
4463#endif
4464 size_t i = 0;
4465
4466 rv = init_lib_and_find_token_slot(&slot);
4467 if (!ADBG_EXPECT_CK_OK(c, rv))
4468 return;
4469
4470 rv = init_test_token(slot);
4471 if (!ADBG_EXPECT_CK_OK(c, rv))
4472 goto close_lib;
4473
4474 rv = init_user_test_token(slot);
4475 if (!ADBG_EXPECT_CK_OK(c, rv))
4476 goto close_lib;
4477
4478 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
4479 if (!ADBG_EXPECT_CK_OK(c, rv))
4480 goto close_lib;
4481
4482 /* Test out simple successful cases with init+update+final*/
4483 for (i = 0; i < ARRAY_SIZE(digest_test_patterns); i++) {
4484 Do_ADBG_BeginSubCase(c, "Simple digest tests - update - %s",
4485 digest_test_patterns[i].test_name);
4486
4487 mechanism.mechanism = digest_test_patterns[i].mecha;
4488 memset(data, 0xCC, sizeof(data));
4489 memset(digest, 0xCC, sizeof(digest));
4490 digest_size = sizeof(digest);
4491
4492 memcpy(data, digest_test_patterns[i].data,
4493 digest_test_patterns[i].data_size);
4494 data_size = digest_test_patterns[i].data_size;
4495
4496 expect_digest = digest_test_patterns[i].digest;
4497 expect_digest_size = digest_test_patterns[i].digest_size;
4498
4499 rv = C_DigestInit(session, &mechanism);
4500 if (!ADBG_EXPECT_CK_OK(c, rv))
4501 goto out;
4502
4503 rv = C_DigestUpdate(session, data, data_size);
4504 if (!ADBG_EXPECT_CK_OK(c, rv))
4505 goto out;
4506
4507 rv = C_DigestFinal(session, digest, &digest_size);
4508 if (!ADBG_EXPECT_CK_OK(c, rv))
4509 goto out;
4510
4511 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4512 digest, digest_size))
4513 goto out;
4514
4515 /* Verify that end of buffer is still 0xCC */
4516 for (i = expect_digest_size; i < sizeof(digest); i++)
4517 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest[i], ==,
4518 0xCC))
4519 goto out;
4520
4521 Do_ADBG_EndSubCase(c, NULL);
4522 }
4523
4524 /* Test out simple successful cases */
4525 for (i = 0; i < ARRAY_SIZE(digest_test_patterns); i++) {
4526 Do_ADBG_BeginSubCase(c, "Simple digest tests - oneshot - %s",
4527 digest_test_patterns[i].test_name);
4528
4529 mechanism.mechanism = digest_test_patterns[i].mecha;
4530 memset(data, 0xCC, sizeof(data));
4531 memset(digest, 0xCC, sizeof(digest));
4532 digest_size = sizeof(digest);
4533
4534 memcpy(data, digest_test_patterns[i].data,
4535 digest_test_patterns[i].data_size);
4536 data_size = digest_test_patterns[i].data_size;
4537
4538 expect_digest = digest_test_patterns[i].digest;
4539 expect_digest_size = digest_test_patterns[i].digest_size;
4540
4541 rv = C_DigestInit(session, &mechanism);
4542 if (!ADBG_EXPECT_CK_OK(c, rv))
4543 goto out;
4544
4545 rv = C_Digest(session, data, data_size, digest, &digest_size);
4546 if (!ADBG_EXPECT_CK_OK(c, rv))
4547 goto out;
4548
4549 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4550 digest, digest_size))
4551 goto out;
4552
4553 /* Verify that end of buffer is still 0xCC */
4554 for (i = expect_digest_size; i < sizeof(digest); i++)
4555 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest[i], ==,
4556 0xCC))
4557 goto out;
4558
4559 Do_ADBG_EndSubCase(c, NULL);
4560 }
4561
4562 /* Test out key updates */
4563
4564 Do_ADBG_BeginSubCase(c, "Simple digest tests - AES key update - SHA-256");
4565
4566 /* Login to Test Token */
4567 rv = C_Login(session, CKU_USER, test_token_user_pin,
4568 sizeof(test_token_user_pin));
4569 if (!ADBG_EXPECT_CK_OK(c, rv))
4570 goto out;
4571
4572 logged_in = true;
4573
4574 /* Generate AES key */
4575 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4576 digest_generate_aes_object,
4577 ARRAY_SIZE(digest_generate_aes_object),
4578 &key_handle);
4579 if (!ADBG_EXPECT_CK_OK(c, rv))
4580 goto out;
4581
4582 memset(secret_data, 0xCC, sizeof(data));
4583 digest_get_secret_value[0].ulValueLen = sizeof(secret_data);
4584
4585 /* Get value of generated secret for verification purposes */
4586 rv = C_GetAttributeValue(session, key_handle, digest_get_secret_value,
4587 ARRAY_SIZE(digest_get_secret_value));
4588 if (!ADBG_EXPECT_CK_OK(c, rv))
4589 goto out;
4590
4591 secret_data_size = digest_get_secret_value[0].ulValueLen;
4592
4593 /* Calculate digest with PKCS11 */
4594 mechanism.mechanism = CKM_SHA256;
4595
4596 memset(data, 0xCC, sizeof(data));
4597 memset(digest, 0xCC, sizeof(digest));
4598 digest_size = sizeof(digest);
4599
4600 memcpy(data, digest_test_patterns[0].data,
4601 digest_test_patterns[0].data_size);
4602 data_size = digest_test_patterns[0].data_size;
4603
4604 rv = C_DigestInit(session, &mechanism);
4605 if (!ADBG_EXPECT_CK_OK(c, rv))
4606 goto out;
4607
4608 rv = C_DigestUpdate(session, data, data_size);
4609 if (!ADBG_EXPECT_CK_OK(c, rv))
4610 goto out;
4611
4612 rv = C_DigestKey(session, key_handle);
4613 if (!ADBG_EXPECT_CK_OK(c, rv))
4614 goto out;
4615
4616 rv = C_DigestFinal(session, digest, &digest_size);
4617 if (!ADBG_EXPECT_CK_OK(c, rv))
4618 goto out;
4619
4620 /* Verify digest with openssl */
4621#ifdef OPENSSL_FOUND
4622 mdctx = EVP_MD_CTX_create();
4623 if (!ADBG_EXPECT_NOT_NULL(c, mdctx))
4624 goto out;
4625 ret = EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
4626 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4627 goto out;
4628 ret = EVP_DigestUpdate(mdctx, data, data_size);
4629 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4630 goto out;
4631 ret = EVP_DigestUpdate(mdctx, secret_data, secret_data_size);
4632 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4633 goto out;
4634 ret = EVP_DigestFinal_ex(mdctx, hash, &md_len);
4635 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4636 goto out;
4637 EVP_MD_CTX_destroy(mdctx);
4638 mdctx = NULL;
4639
4640 if (!ADBG_EXPECT_BUFFER(c, hash, md_len, digest, digest_size))
4641 goto out;
4642#else
4643 Do_ADBG_Log("OpenSSL not available, skipping C_DigestKey verification");
4644#endif
4645
4646 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4647 key_handle = CK_INVALID_HANDLE;
4648
4649 Do_ADBG_EndSubCase(c, NULL);
4650
4651 Do_ADBG_BeginSubCase(c, "Simple digest tests - generic secret key update - SHA-256");
4652
4653 /* Generate generic secret key */
4654 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
4655 digest_generate_gensecret_object,
4656 ARRAY_SIZE(digest_generate_gensecret_object),
4657 &key_handle);
4658 if (!ADBG_EXPECT_CK_OK(c, rv))
4659 goto out;
4660
4661 memset(secret_data, 0xCC, sizeof(data));
4662 digest_get_secret_value[0].ulValueLen = sizeof(secret_data);
4663
4664 /* Get value of generated secret for verification purposes */
4665 rv = C_GetAttributeValue(session, key_handle, digest_get_secret_value,
4666 ARRAY_SIZE(digest_get_secret_value));
4667 if (!ADBG_EXPECT_CK_OK(c, rv))
4668 goto out;
4669
4670 secret_data_size = digest_get_secret_value[0].ulValueLen;
4671
4672 /* Calculate digest with PKCS11 */
4673 mechanism.mechanism = CKM_SHA256;
4674
4675 memset(data, 0xCC, sizeof(data));
4676 memset(digest, 0xCC, sizeof(digest));
4677 digest_size = sizeof(digest);
4678
4679 memcpy(data, digest_test_patterns[0].data,
4680 digest_test_patterns[0].data_size);
4681 data_size = digest_test_patterns[0].data_size;
4682
4683 rv = C_DigestInit(session, &mechanism);
4684 if (!ADBG_EXPECT_CK_OK(c, rv))
4685 goto out;
4686
4687 rv = C_DigestUpdate(session, data, data_size);
4688 if (!ADBG_EXPECT_CK_OK(c, rv))
4689 goto out;
4690
4691 rv = C_DigestKey(session, key_handle);
4692 if (!ADBG_EXPECT_CK_OK(c, rv))
4693 goto out;
4694
4695 rv = C_DigestFinal(session, digest, &digest_size);
4696 if (!ADBG_EXPECT_CK_OK(c, rv))
4697 goto out;
4698
4699 /* Verify digest with openssl */
4700#ifdef OPENSSL_FOUND
4701 mdctx = EVP_MD_CTX_create();
4702 if (!ADBG_EXPECT_NOT_NULL(c, mdctx))
4703 goto out;
4704 ret = EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
4705 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4706 goto out;
4707 ret = EVP_DigestUpdate(mdctx, data, data_size);
4708 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4709 goto out;
4710 ret = EVP_DigestUpdate(mdctx, secret_data, secret_data_size);
4711 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4712 goto out;
4713 ret = EVP_DigestFinal_ex(mdctx, hash, &md_len);
4714 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4715 goto out;
4716 EVP_MD_CTX_destroy(mdctx);
4717 mdctx = NULL;
4718
4719 if (!ADBG_EXPECT_BUFFER(c, hash, md_len, digest, digest_size))
4720 goto out;
4721#else
4722 Do_ADBG_Log("OpenSSL not available, skipping C_DigestKey verification");
4723#endif
4724
4725 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4726 key_handle = CK_INVALID_HANDLE;
4727
4728 Do_ADBG_EndSubCase(c, NULL);
4729
4730 Do_ADBG_BeginSubCase(c, "Query digest size - C_DigestFinal");
4731
4732 mechanism.mechanism = digest_test_patterns[0].mecha;
4733
4734 memset(data, 0xCC, sizeof(data));
4735 memset(digest, 0xCC, sizeof(digest));
4736 digest_size = 0;
4737
4738 memcpy(data, digest_test_patterns[0].data,
4739 digest_test_patterns[0].data_size);
4740 data_size = digest_test_patterns[0].data_size;
4741
4742 expect_digest = digest_test_patterns[0].digest;
4743 expect_digest_size = digest_test_patterns[0].digest_size;
4744
4745 rv = C_DigestInit(session, &mechanism);
4746 if (!ADBG_EXPECT_CK_OK(c, rv))
4747 goto out;
4748
4749 rv = C_DigestUpdate(session, data, data_size);
4750 if (!ADBG_EXPECT_CK_OK(c, rv))
4751 goto out;
4752
4753 rv = C_DigestFinal(session, NULL, &digest_size);
4754 if (!ADBG_EXPECT_CK_OK(c, rv))
4755 goto out;
4756
4757 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==,
4758 expect_digest_size))
4759 goto out;
4760
4761 rv = C_DigestFinal(session, digest, &digest_size);
4762 if (!ADBG_EXPECT_CK_OK(c, rv))
4763 goto out;
4764
4765 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4766 digest, digest_size))
4767 goto out;
4768
4769 Do_ADBG_EndSubCase(c, NULL);
4770
4771 Do_ADBG_BeginSubCase(c, "Query digest size - C_Digest");
4772
4773 mechanism.mechanism = digest_test_patterns[0].mecha;
4774
4775 memset(data, 0xCC, sizeof(data));
4776 memset(digest, 0xCC, sizeof(digest));
4777 digest_size = 0;
4778
4779 memcpy(data, digest_test_patterns[0].data,
4780 digest_test_patterns[0].data_size);
4781 data_size = digest_test_patterns[0].data_size;
4782
4783 expect_digest = digest_test_patterns[0].digest;
4784 expect_digest_size = digest_test_patterns[0].digest_size;
4785
4786 rv = C_DigestInit(session, &mechanism);
4787 if (!ADBG_EXPECT_CK_OK(c, rv))
4788 goto out;
4789
4790 rv = C_Digest(session, data, data_size, NULL, &digest_size);
4791 if (!ADBG_EXPECT_CK_OK(c, rv))
4792 goto out;
4793
4794 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==,
4795 expect_digest_size))
4796 goto out;
4797
4798 rv = C_Digest(session, data, data_size, digest, &digest_size);
4799 if (!ADBG_EXPECT_CK_OK(c, rv))
4800 goto out;
4801
4802 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4803 digest, digest_size))
4804 goto out;
4805
4806 Do_ADBG_EndSubCase(c, NULL);
4807
4808 Do_ADBG_BeginSubCase(c, "Query digest size - buffer too small");
4809
4810 mechanism.mechanism = CKM_SHA256;
4811
4812 memset(data, 0xCC, sizeof(data));
4813 memset(digest, 0xCC, sizeof(digest));
4814 digest_size = 0;
4815
4816 memcpy(data, digest_test_patterns[0].data,
4817 digest_test_patterns[0].data_size);
4818 data_size = digest_test_patterns[0].data_size;
4819
4820 rv = C_DigestInit(session, &mechanism);
4821 if (!ADBG_EXPECT_CK_OK(c, rv))
4822 goto out;
4823
4824 rv = C_DigestUpdate(session, data, data_size);
4825 if (!ADBG_EXPECT_CK_OK(c, rv))
4826 goto out;
4827
4828 rv = C_DigestFinal(session, digest, &digest_size);
4829 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
4830 goto out;
4831
4832 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==, 32))
4833 goto out;
4834
4835 rv = C_DigestFinal(session, digest, &digest_size);
4836 if (!ADBG_EXPECT_CK_OK(c, rv))
4837 goto out;
4838
4839 Do_ADBG_EndSubCase(c, NULL);
4840
4841 /* Test bad arguments & operation terminations */
4842
4843 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestUpdate");
4844
4845 mechanism.mechanism = CKM_SHA256;
4846
4847 memset(data, 0xCC, sizeof(data));
4848 memset(digest, 0xCC, sizeof(digest));
4849 digest_size = sizeof(digest);
4850
4851 memcpy(data, digest_test_patterns[0].data,
4852 digest_test_patterns[0].data_size);
4853 data_size = digest_test_patterns[0].data_size;
4854
4855 rv = C_DigestInit(session, &mechanism);
4856 if (!ADBG_EXPECT_CK_OK(c, rv))
4857 goto out;
4858
4859 rv = C_DigestUpdate(session, NULL, 10);
4860 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4861 goto out;
4862
4863 rv = C_DigestUpdate(session, data, data_size);
4864 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4865 goto out;
4866
4867 Do_ADBG_EndSubCase(c, NULL);
4868
4869 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with NULL digest");
4870
4871 mechanism.mechanism = CKM_SHA256;
4872
4873 memset(data, 0xCC, sizeof(data));
4874 memset(digest, 0xCC, sizeof(digest));
4875 digest_size = sizeof(digest);
4876
4877 memcpy(data, digest_test_patterns[0].data,
4878 digest_test_patterns[0].data_size);
4879 data_size = digest_test_patterns[0].data_size;
4880
4881 rv = C_DigestInit(session, &mechanism);
4882 if (!ADBG_EXPECT_CK_OK(c, rv))
4883 goto out;
4884
4885 rv = C_DigestUpdate(session, data, data_size);
4886 if (!ADBG_EXPECT_CK_OK(c, rv))
4887 goto out;
4888
4889 rv = C_DigestFinal(session, NULL, NULL);
4890 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4891 goto out;
4892
4893 rv = C_DigestFinal(session, digest, &digest_size);
4894 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4895 goto out;
4896
4897 Do_ADBG_EndSubCase(c, NULL);
4898
4899 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with digest but NULL size");
4900
4901 mechanism.mechanism = CKM_SHA256;
4902
4903 memset(data, 0xCC, sizeof(data));
4904 memset(digest, 0xCC, sizeof(digest));
4905 digest_size = sizeof(digest);
4906
4907 memcpy(data, digest_test_patterns[0].data,
4908 digest_test_patterns[0].data_size);
4909 data_size = digest_test_patterns[0].data_size;
4910
4911 rv = C_DigestInit(session, &mechanism);
4912 if (!ADBG_EXPECT_CK_OK(c, rv))
4913 goto out;
4914
4915 rv = C_DigestUpdate(session, data, data_size);
4916 if (!ADBG_EXPECT_CK_OK(c, rv))
4917 goto out;
4918
4919 rv = C_DigestFinal(session, digest, NULL);
4920 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4921 goto out;
4922
4923 rv = C_DigestFinal(session, digest, &digest_size);
4924 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4925 goto out;
4926
4927 Do_ADBG_EndSubCase(c, NULL);
4928
4929 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_Digest with NULL data but non-zero size");
4930
4931 mechanism.mechanism = CKM_SHA256;
4932
4933 memset(data, 0xCC, sizeof(data));
4934 memset(digest, 0xCC, sizeof(digest));
4935 digest_size = sizeof(digest);
4936
4937 memcpy(data, digest_test_patterns[0].data,
4938 digest_test_patterns[0].data_size);
4939 data_size = digest_test_patterns[0].data_size;
4940
4941 rv = C_DigestInit(session, &mechanism);
4942 if (!ADBG_EXPECT_CK_OK(c, rv))
4943 goto out;
4944
4945 rv = C_Digest(session, NULL, 10, digest, &digest_size);
4946 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4947 goto out;
4948
4949 rv = C_Digest(session, data, data_size, digest, &digest_size);
4950 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4951 goto out;
4952
4953 Do_ADBG_EndSubCase(c, NULL);
4954
4955 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_Digest with NULL digest");
4956
4957 mechanism.mechanism = CKM_SHA256;
4958
4959 memset(data, 0xCC, sizeof(data));
4960 memset(digest, 0xCC, sizeof(digest));
4961 digest_size = sizeof(digest);
4962
4963 memcpy(data, digest_test_patterns[0].data,
4964 digest_test_patterns[0].data_size);
4965 data_size = digest_test_patterns[0].data_size;
4966
4967 rv = C_DigestInit(session, &mechanism);
4968 if (!ADBG_EXPECT_CK_OK(c, rv))
4969 goto out;
4970
4971 rv = C_Digest(session, data, data_size, NULL, NULL);
4972 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4973 goto out;
4974
4975 rv = C_Digest(session, data, data_size, digest, &digest_size);
4976 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4977 goto out;
4978
4979 Do_ADBG_EndSubCase(c, NULL);
4980
4981 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with digest but NULL size");
4982
4983 mechanism.mechanism = CKM_SHA256;
4984
4985 memset(data, 0xCC, sizeof(data));
4986 memset(digest, 0xCC, sizeof(digest));
4987 digest_size = sizeof(digest);
4988
4989 memcpy(data, digest_test_patterns[0].data,
4990 digest_test_patterns[0].data_size);
4991 data_size = digest_test_patterns[0].data_size;
4992
4993 rv = C_DigestInit(session, &mechanism);
4994 if (!ADBG_EXPECT_CK_OK(c, rv))
4995 goto out;
4996
4997 rv = C_Digest(session, data, data_size, digest, NULL);
4998 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4999 goto out;
5000
5001 rv = C_Digest(session, data, data_size, digest, &digest_size);
5002 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
5003 goto out;
5004
5005 Do_ADBG_EndSubCase(c, NULL);
5006
5007 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestKey with invalid key handle");
5008
5009 rv = C_CreateObject(session, digest_data_object,
5010 ARRAY_SIZE(digest_data_object), &key_handle);
5011 if (!ADBG_EXPECT_CK_OK(c, rv))
5012 goto out;
5013
5014 mechanism.mechanism = CKM_SHA256;
5015
5016 memset(data, 0xCC, sizeof(data));
5017 memset(digest, 0xCC, sizeof(digest));
5018 digest_size = sizeof(digest);
5019
5020 memcpy(data, digest_test_patterns[0].data,
5021 digest_test_patterns[0].data_size);
5022 data_size = digest_test_patterns[0].data_size;
5023
5024 rv = C_DigestInit(session, &mechanism);
5025 if (!ADBG_EXPECT_CK_OK(c, rv))
5026 goto out;
5027
5028 rv = C_DigestKey(session, 9999);
5029 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_HANDLE_INVALID, rv))
5030 goto out;
5031
5032 rv = C_DigestKey(session, key_handle);
5033 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
5034 goto out;
5035
5036 Do_ADBG_EndSubCase(c, NULL);
5037
5038 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestKey with non-secret key type");
5039
5040 mechanism.mechanism = CKM_SHA256;
5041
5042 memset(data, 0xCC, sizeof(data));
5043 memset(digest, 0xCC, sizeof(digest));
5044 digest_size = sizeof(digest);
5045
5046 memcpy(data, digest_test_patterns[0].data,
5047 digest_test_patterns[0].data_size);
5048 data_size = digest_test_patterns[0].data_size;
5049
5050 rv = C_DigestInit(session, &mechanism);
5051 if (!ADBG_EXPECT_CK_OK(c, rv))
5052 goto out;
5053
5054 rv = C_DigestKey(session, key_handle);
5055 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_INDIGESTIBLE, rv))
5056 goto out;
5057
5058 rv = C_DigestKey(session, key_handle);
5059 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
5060 goto out;
5061
5062 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
5063 key_handle = CK_INVALID_HANDLE;
5064
5065out:
5066#ifdef OPENSSL_FOUND
5067 if (!ADBG_EXPECT_POINTER(c, NULL, mdctx)) {
5068 Do_ADBG_Log("Unexpected failure in openssl functions: %d",
5069 ret);
5070 EVP_MD_CTX_destroy(mdctx);
5071 }
5072#endif
5073
5074 Do_ADBG_EndSubCase(c, NULL);
5075
5076 if (logged_in)
5077 ADBG_EXPECT_CK_OK(c, C_Logout(session));
5078
5079 if (key_handle != CK_INVALID_HANDLE) {
5080 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
5081 key_handle = CK_INVALID_HANDLE;
5082 }
5083
5084 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
5085
5086close_lib:
5087 ADBG_EXPECT_CK_OK(c, close_lib());
5088}
5089ADBG_CASE_DEFINE(pkcs11, 1018, xtest_pkcs11_test_1018,
5090 "PKCS11: Digest tests");
Vesa Jääskeläinena4ab9572021-04-07 12:50:06 +0300[diff] [blame]5091
5092/**
5093 * 0:d=0 hl=2 l= 22 cons: SEQUENCE
5094 * 2:d=1 hl=2 l= 20 cons: SET
5095 * 4:d=2 hl=2 l= 18 cons: SEQUENCE
5096 * 6:d=3 hl=2 l= 3 prim: OBJECT :commonName
5097 * 11:d=3 hl=2 l= 11 prim: UTF8STRING :common name
5098 */
5099static uint8_t subject_common_name[] = {
5100 0x30, 0x16, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
5101 0x0b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x20, 0x6e, 0x61, 0x6d, 0x65
5102};
5103
5104/**
5105 * 0:d=0 hl=2 l= 8 prim: OBJECT :prime256v1
5106 */
5107static uint8_t ecdsa_nist_p256[] = {
5108 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03,
5109 0x01, 0x07
5110};
5111
5112/**
5113 * 0:d=0 hl=2 l= 5 prim: OBJECT :secp384r1
5114 */
5115static uint8_t ecdsa_nist_p384[] = {
5116 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22
5117};
5118
5119/**
5120 * 0:d=0 hl=2 l= 5 prim: OBJECT :secp521r1
5121 */
5122static uint8_t ecdsa_nist_p521[] = {
5123 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23
5124};
5125
5126#define EC_SIGN_TEST(_test_name, _mecha, _data) \
5127 { \
5128 .test_name = _test_name, \
5129 .mecha = _mecha, \
5130 .data = _data, \
5131 .data_size = sizeof(_data) - 1, \
5132 }
5133
5134/* List of elliptic curve signing multi stage digest mechas */
5135static struct {
5136 const char *test_name;
5137 CK_MECHANISM_TYPE mecha;
5138 const void *data;
5139 CK_ULONG data_size;
5140} ec_sign_tests[] = {
5141 EC_SIGN_TEST("CKM_ECDSA_SHA1", CKM_ECDSA_SHA1, digest_test_pattern),
5142 EC_SIGN_TEST("CKM_ECDSA_SHA224", CKM_ECDSA_SHA224, digest_test_pattern),
5143 EC_SIGN_TEST("CKM_ECDSA_SHA256", CKM_ECDSA_SHA256, digest_test_pattern),
5144 EC_SIGN_TEST("CKM_ECDSA_SHA384", CKM_ECDSA_SHA384, digest_test_pattern),
5145 EC_SIGN_TEST("CKM_ECDSA_SHA512", CKM_ECDSA_SHA512, digest_test_pattern),
5146};
5147
5148static int test_ec_operations(ADBG_Case_t *c, CK_SESSION_HANDLE session,
5149 const char *curve_name, uint8_t *curve,
5150 size_t curve_size)
5151{
5152 CK_RV rv = CKR_GENERAL_ERROR;
5153
5154 CK_OBJECT_HANDLE public_key = CK_INVALID_HANDLE;
5155 CK_OBJECT_HANDLE private_key = CK_INVALID_HANDLE;
5156
5157 CK_MECHANISM mechanism = {
5158 CKM_EC_KEY_PAIR_GEN, NULL, 0
5159 };
5160 CK_MECHANISM sign_mechanism = {
5161 CKM_ECDSA, NULL, 0
5162 };
5163 CK_BYTE id[] = { 123 };
5164
5165 CK_ATTRIBUTE public_key_template[] = {
5166 { CKA_ENCRYPT, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5167 { CKA_VERIFY, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5168 { CKA_WRAP, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5169 { CKA_EC_PARAMS, ecdsa_nist_p256, sizeof(ecdsa_nist_p256) }
5170 };
5171
5172 CK_ATTRIBUTE private_key_template[] = {
5173 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5174 { CKA_PRIVATE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5175 { CKA_SUBJECT, subject_common_name,
5176 sizeof(subject_common_name) },
5177 { CKA_ID, id, sizeof(id) },
5178 { CKA_SENSITIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5179 { CKA_DECRYPT, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5180 { CKA_SIGN, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5181 { CKA_UNWRAP, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) }
5182 };
5183
5184 CK_OBJECT_CLASS g_class = 0;
5185 CK_KEY_TYPE g_key_type = 0;
5186 CK_BYTE g_id[32] = { 0 };
5187 CK_DATE g_start_date = { 0 };
5188 CK_DATE g_end_date = { 0 };
5189 CK_BBOOL g_derive = CK_FALSE;
5190 CK_BBOOL g_local = CK_FALSE;
5191 CK_MECHANISM_TYPE g_keygen_mecha = 0;
5192 CK_BYTE g_subject[64] = { 0 };
5193 CK_BBOOL g_encrypt = CK_FALSE;
5194 CK_BBOOL g_verify = CK_FALSE;
5195 CK_BBOOL g_verify_recover = CK_FALSE;
5196 CK_BBOOL g_wrap = CK_FALSE;
5197 CK_BBOOL g_trusted = CK_FALSE;
5198 CK_BYTE g_public_key_info[1024] = { 0 };
5199 CK_BBOOL g_sensitive = CK_FALSE;
5200 CK_BBOOL g_decrypt = CK_FALSE;
5201 CK_BBOOL g_sign = CK_FALSE;
5202 CK_BBOOL g_sign_recover = CK_FALSE;
5203 CK_BBOOL g_unwrap = CK_FALSE;
5204 CK_BBOOL g_extract = CK_FALSE;
5205 CK_BBOOL g_asensitive = CK_FALSE;
5206 CK_BBOOL g_nextract = CK_FALSE;
5207 CK_BBOOL g_wrap_with_trusted = CK_FALSE;
5208 CK_BBOOL g_always_authenticate = CK_FALSE;
5209
5210 CK_ATTRIBUTE get_public_template[] = {
5211 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
5212 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
5213 { CKA_ID, g_id, sizeof(g_id) },
5214 { CKA_START_DATE, &g_start_date, sizeof(CK_DATE) },
5215 { CKA_END_DATE, &g_end_date, sizeof(CK_DATE) },
5216 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
5217 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
5218 { CKA_KEY_GEN_MECHANISM, &g_keygen_mecha, sizeof(CK_MECHANISM_TYPE) },
5219 { CKA_SUBJECT, g_subject, sizeof(g_subject) },
5220 { CKA_ENCRYPT, &g_encrypt, sizeof(CK_BBOOL) },
5221 { CKA_VERIFY, &g_verify, sizeof(CK_BBOOL) },
5222 { CKA_VERIFY_RECOVER, &g_verify_recover, sizeof(CK_BBOOL) },
5223 { CKA_WRAP, &g_wrap, sizeof(CK_BBOOL) },
5224 { CKA_TRUSTED, &g_trusted, sizeof(CK_BBOOL) },
5225 { CKA_PUBLIC_KEY_INFO, g_public_key_info, sizeof(g_public_key_info) },
5226 };
5227
5228 CK_ATTRIBUTE get_private_template[] = {
5229 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
5230 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
5231 { CKA_ID, g_id, sizeof(g_id) },
5232 { CKA_START_DATE, &g_start_date, sizeof(CK_DATE) },
5233 { CKA_END_DATE, &g_end_date, sizeof(CK_DATE) },
5234 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
5235 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
5236 { CKA_KEY_GEN_MECHANISM, &g_keygen_mecha, sizeof(CK_MECHANISM_TYPE) },
5237 { CKA_SUBJECT, g_subject, sizeof(g_subject) },
5238 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
5239 { CKA_DECRYPT, &g_decrypt, sizeof(CK_BBOOL) },
5240 { CKA_SIGN, &g_sign, sizeof(CK_BBOOL) },
5241 { CKA_SIGN_RECOVER, &g_sign_recover, sizeof(CK_BBOOL) },
5242 { CKA_UNWRAP, &g_unwrap, sizeof(CK_BBOOL) },
5243 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
5244 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
5245 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
5246 { CKA_WRAP_WITH_TRUSTED, &g_wrap_with_trusted, sizeof(CK_BBOOL) },
5247 { CKA_ALWAYS_AUTHENTICATE, &g_always_authenticate, sizeof(CK_BBOOL) },
5248 { CKA_PUBLIC_KEY_INFO, g_public_key_info, sizeof(g_public_key_info) },
5249 };
5250
5251 uint8_t signature[512] = { 0 };
5252 CK_ULONG signature_len = 0;
5253
5254 size_t i = 0;
5255
5256 Do_ADBG_BeginSubCase(c, "%s: Generate key pair",
5257 curve_name);
5258
5259 public_key_template[3].pValue = curve;
5260 public_key_template[3].ulValueLen = curve_size;
5261
5262 rv = C_GenerateKeyPair(session, &mechanism, public_key_template,
5263 ARRAY_SIZE(public_key_template),
5264 private_key_template,
5265 ARRAY_SIZE(private_key_template),
5266 &public_key, &private_key);
5267 if (!ADBG_EXPECT_CK_OK(c, rv))
5268 goto err;
5269
5270 /* reset get public key template */
5271 memset(g_id, 0, sizeof(g_id));
5272 memset(g_subject, 0, sizeof(g_subject));
5273 memset(g_public_key_info, 0, sizeof(g_public_key_info));
5274 get_public_template[2].ulValueLen = sizeof(g_id);
5275 get_public_template[8].ulValueLen = sizeof(g_subject);
5276 get_public_template[14].ulValueLen = sizeof(g_public_key_info);
5277
5278 rv = C_GetAttributeValue(session, public_key, get_public_template,
5279 ARRAY_SIZE(get_public_template));
5280 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5281 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_PUBLIC_KEY) ||
5282 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_EC) ||
5283 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
5284 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
5285 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_keygen_mecha, ==,
5286 CKM_EC_KEY_PAIR_GEN) ||
5287 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_FALSE) ||
5288 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_TRUE) ||
5289 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify_recover, ==, CK_FALSE) ||
5290 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_FALSE) ||
5291 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_trusted, ==, CK_FALSE))
5292 goto err_destr_obj;
5293
5294 /* reset get private key template */
5295 memset(g_id, 0, sizeof(g_id));
5296 memset(g_subject, 0, sizeof(g_subject));
5297 memset(g_public_key_info, 0, sizeof(g_public_key_info));
5298 get_private_template[2].ulValueLen = sizeof(g_id);
5299 get_private_template[8].ulValueLen = sizeof(g_subject);
5300 get_private_template[19].ulValueLen = sizeof(g_public_key_info);
5301
5302 rv = C_GetAttributeValue(session, private_key, get_private_template,
5303 ARRAY_SIZE(get_private_template));
5304 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5305 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_PRIVATE_KEY) ||
5306 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_EC) ||
5307 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
5308 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
5309 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_keygen_mecha, ==,
5310 CKM_EC_KEY_PAIR_GEN) ||
5311 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
5312 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_FALSE) ||
5313 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_TRUE) ||
5314 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign_recover, ==, CK_FALSE) ||
5315 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_FALSE) ||
5316 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
5317 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_TRUE) ||
5318 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE) ||
5319 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap_with_trusted, ==, CK_FALSE) ||
5320 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_always_authenticate, ==, CK_FALSE))
5321 goto err_destr_obj;
5322
5323 Do_ADBG_EndSubCase(c, NULL);
5324
5325 Do_ADBG_BeginSubCase(c,
5326 "%s: Sign & verify tests - oneshot - CKM_ECDSA",
5327 curve_name);
5328
5329 sign_mechanism.mechanism = CKM_ECDSA;
5330 memset(signature, 0, sizeof(signature));
5331 signature_len = sizeof(signature);
5332
5333 rv = C_SignInit(session, &sign_mechanism, private_key);
5334 if (!ADBG_EXPECT_CK_OK(c, rv))
5335 goto err_destr_obj;
5336
5337 rv = C_Sign(session, (void *)digest_test_pattern_sha256,
5338 sizeof(digest_test_pattern_sha256), (void *)signature,
5339 &signature_len);
5340 if (!ADBG_EXPECT_CK_OK(c, rv))
5341 goto err_destr_obj;
5342
5343 rv = C_VerifyInit(session, &sign_mechanism, public_key);
5344 if (!ADBG_EXPECT_CK_OK(c, rv))
5345 goto err_destr_obj;
5346
5347 rv = C_Verify(session, (void *)digest_test_pattern_sha256,
5348 sizeof(digest_test_pattern_sha256), (void *)signature,
5349 signature_len);
5350 if (!ADBG_EXPECT_CK_OK(c, rv))
5351 goto err_destr_obj;
5352
5353 Do_ADBG_EndSubCase(c, NULL);
5354
5355 for (i = 0; i < ARRAY_SIZE(ec_sign_tests); i++) {
5356 Do_ADBG_BeginSubCase(c, "%s: Sign & verify - oneshot - %s",
5357 curve_name, ec_sign_tests[i].test_name);
5358
5359 sign_mechanism.mechanism = ec_sign_tests[i].mecha;
5360 memset(signature, 0, sizeof(signature));
5361 signature_len = sizeof(signature);
5362
5363 rv = C_SignInit(session, &sign_mechanism, private_key);
5364 if (!ADBG_EXPECT_CK_OK(c, rv))
5365 goto err_destr_obj;
5366
5367 rv = C_Sign(session, (void *)ec_sign_tests[i].data,
5368 ec_sign_tests[i].data_size,
5369 (void *)signature, &signature_len);
5370 if (!ADBG_EXPECT_CK_OK(c, rv))
5371 goto err_destr_obj;
5372
5373 rv = C_VerifyInit(session, &sign_mechanism, public_key);
5374 if (!ADBG_EXPECT_CK_OK(c, rv))
5375 goto err_destr_obj;
5376
5377 rv = C_Verify(session, (void *)ec_sign_tests[i].data,
5378 ec_sign_tests[i].data_size,
5379 (void *)signature, signature_len);
5380 if (!ADBG_EXPECT_CK_OK(c, rv))
5381 goto err_destr_obj;
5382
5383 Do_ADBG_EndSubCase(c, NULL);
5384 }
5385
5386 Do_ADBG_BeginSubCase(c, "%s: Destroy keys", curve_name);
5387
5388 rv = C_DestroyObject(session, private_key);
5389 if (!ADBG_EXPECT_CK_OK(c, rv))
5390 goto err_destr_obj;
5391
5392 rv = C_DestroyObject(session, public_key);
5393 if (!ADBG_EXPECT_CK_OK(c, rv))
5394 goto err;
5395
5396 Do_ADBG_EndSubCase(c, NULL);
5397
5398 return 1;
5399
5400err_destr_obj:
5401 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, private_key));
5402 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, public_key));
5403err:
5404 Do_ADBG_EndSubCase(c, NULL);
5405
5406 return 0;
5407}
5408
5409static void xtest_pkcs11_test_1019(ADBG_Case_t *c)
5410{
5411 CK_RV rv = CKR_GENERAL_ERROR;
5412 CK_SLOT_ID slot = 0;
5413 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
5414 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
5415 int ret = 0;
5416
5417 rv = init_lib_and_find_token_slot(&slot);
5418 if (!ADBG_EXPECT_CK_OK(c, rv))
5419 return;
5420
5421 rv = init_test_token(slot);
5422 if (!ADBG_EXPECT_CK_OK(c, rv))
5423 goto close_lib;
5424
5425 rv = init_user_test_token(slot);
5426 if (!ADBG_EXPECT_CK_OK(c, rv))
5427 goto close_lib;
5428
5429 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
5430 if (!ADBG_EXPECT_CK_OK(c, rv))
5431 goto close_lib;
5432
5433 /* Login to Test Token */
5434 rv = C_Login(session, CKU_USER, test_token_user_pin,
5435 sizeof(test_token_user_pin));
5436 if (!ADBG_EXPECT_CK_OK(c, rv))
5437 goto out;
5438
5439 ret = test_ec_operations(c, session, "P-256", ecdsa_nist_p256,
5440 sizeof(ecdsa_nist_p256));
5441 if (!ret)
5442 goto out;
5443 ret = test_ec_operations(c, session, "P-384", ecdsa_nist_p384,
5444 sizeof(ecdsa_nist_p384));
5445 if (!ret)
5446 goto out;
5447
5448 if (level > 0) {
5449 ret = test_ec_operations(c, session, "P-521", ecdsa_nist_p521,
5450 sizeof(ecdsa_nist_p521));
5451 if (!ret)
5452 goto out;
5453 }
5454out:
5455 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
5456close_lib:
5457 ADBG_EXPECT_CK_OK(c, close_lib());
5458}
5459ADBG_CASE_DEFINE(pkcs11, 1019, xtest_pkcs11_test_1019,
5460 "PKCS11: Elliptic Curve key generation and signing");