TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / 1f60ed4fe21189baf0e00612993a436c723cfdea / . / host / xtest / pkcs11_1000.c
blob: a7d7a31fbc7f86e70a54c7c294bc6af9edfade0b [file] [log] [blame]
Etienne Carriere9b7b70d2020-05-16 10:27:23 +0200[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]2/*
3 * Copyright (c) 2018, Linaro Limited
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]4 */
5
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]6#include <ck_debug.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]7#include <inttypes.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]8#include <pkcs11.h>
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]9#include <stdio.h>
10#include <stdlib.h>
11#include <string.h>
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]12#include <util.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]13
14#include "xtest_test.h"
15#include "xtest_helpers.h"
16
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]17#include <regression_4000_data.h>
18
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]19/*
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]20 * Some PKCS#11 object resources used in the tests
21 */
22static const CK_BYTE cktest_aes128_key[16];
23
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]24static const CK_BYTE cktest_aes128_iv[16];
25
26static const CK_AES_CTR_PARAMS cktest_aes_ctr_params = {
27 .ulCounterBits = 1,
28};
29
30static CK_MECHANISM cktest_aes_ecb_mechanism = {
31 CKM_AES_ECB,
32 NULL, 0,
33};
34static CK_MECHANISM cktest_aes_cbc_mechanism = {
35 CKM_AES_CBC,
36 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
37};
38static CK_MECHANISM cktest_aes_ctr_mechanism = {
39 CKM_AES_CTR,
40 (CK_BYTE_PTR)&cktest_aes_ctr_params, sizeof(cktest_aes_ctr_params),
41};
42static CK_MECHANISM cktest_aes_cts_mechanism = {
43 CKM_AES_CTS,
44 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
45};
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]46static CK_MECHANISM cktest_hmac_md5_mechanism = {
47 CKM_MD5_HMAC, NULL, 0,
48};
49static CK_MECHANISM cktest_hmac_sha1_mechanism = {
50 CKM_SHA_1_HMAC, NULL, 0,
51};
52static CK_MECHANISM cktest_hmac_sha224_mechanism = {
53 CKM_SHA224_HMAC, NULL, 0,
54};
55static CK_MECHANISM cktest_hmac_sha256_mechanism = {
56 CKM_SHA256_HMAC, NULL, 0,
57};
58static CK_MECHANISM cktest_hmac_sha384_mechanism = {
59 CKM_SHA384_HMAC, NULL, 0,
60};
61static CK_MECHANISM cktest_hmac_sha512_mechanism = {
62 CKM_SHA512_HMAC, NULL, 0,
63};
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]64static CK_MECHANISM cktest_gensecret_keygen_mechanism = {
65 CKM_GENERIC_SECRET_KEY_GEN, NULL, 0,
66};
67static CK_MECHANISM cktest_aes_keygen_mechanism = {
68 CKM_AES_KEY_GEN, NULL, 0,
69};
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]70
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]71/*
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]72 * Util to find a slot on which to open a session
73 */
74static CK_RV close_lib(void)
75{
76 return C_Finalize(0);
77}
78
79static CK_RV init_lib_and_find_token_slot(CK_SLOT_ID *slot)
80{
81 CK_RV rv = CKR_GENERAL_ERROR;
82 CK_SLOT_ID_PTR slots = NULL;
83 CK_ULONG count = 0;
84
85 rv = C_Initialize(0);
86 if (rv)
87 return rv;
88
89 rv = C_GetSlotList(CK_TRUE, NULL, &count);
90 if (rv != CKR_OK)
91 goto bail;
92
93 if (count < 1) {
94 rv = CKR_GENERAL_ERROR;
95 goto bail;
96 }
97
98 slots = malloc(count * sizeof(CK_SLOT_ID));
99 if (!slots) {
100 rv = CKR_HOST_MEMORY;
101 goto bail;
102 }
103
104 rv = C_GetSlotList(CK_TRUE, slots, &count);
105 if (rv)
106 goto bail;
107
108 /* Use the last slot */
109 *slot = slots[count - 1];
110
111bail:
112 free(slots);
113 if (rv)
114 close_lib();
115
116 return rv;
117}
118
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]119static void xtest_pkcs11_test_1000(ADBG_Case_t *c)
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]120{
121 CK_RV rv;
122
123 rv = C_Initialize(NULL);
124 if (!ADBG_EXPECT_CK_OK(c, rv))
125 return;
126
127 rv = C_Finalize(NULL);
128 if (!ADBG_EXPECT_CK_OK(c, rv))
129 return;
130
131 rv = C_Initialize(NULL);
132 if (!ADBG_EXPECT_CK_OK(c, rv))
133 return;
134
135 rv = C_Initialize(NULL);
136 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_ALREADY_INITIALIZED, rv);
137
138 rv = C_Finalize(NULL);
139 ADBG_EXPECT_CK_OK(c, rv);
Etienne Carriere21f4e3c2020-02-05 15:40:24 +0100[diff] [blame]140
141 rv = C_Finalize(NULL);
142 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_NOT_INITIALIZED, rv);
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]143}
144
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]145ADBG_CASE_DEFINE(pkcs11, 1000, xtest_pkcs11_test_1000,
146 "Initialize and close Cryptoki library");
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]147
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]148static void xtest_pkcs11_test_1001(ADBG_Case_t *c)
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]149{
150 CK_RV rv = CKR_GENERAL_ERROR;
151 CK_SLOT_ID_PTR slot_ids = NULL;
152 CK_ULONG slot_count = 0;
153 CK_ULONG present_slot_count = 0;
154 CK_INFO lib_info = { };
155 CK_SLOT_INFO slot_info = { };
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]156 CK_TOKEN_INFO token_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]157 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
158 size_t i = 0;
159 CK_SLOT_ID max_slot_id = 0;
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]160 CK_MECHANISM_TYPE_PTR mecha_types = NULL;
161 CK_ULONG mecha_count = 0;
162 CK_MECHANISM_INFO mecha_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]163
164 rv = C_Initialize(NULL);
165 if (!ADBG_EXPECT_CK_OK(c, rv))
166 return;
167
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]168 Do_ADBG_BeginSubCase(c, "Test C_GetFunctionList()");
169
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]170 rv = C_GetFunctionList(&ckfunc_list);
171 if (!ADBG_EXPECT_CK_OK(c, rv))
172 goto out;
173
174 if (!ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetInfo) ||
175 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotList) ||
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]176 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotInfo) ||
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]177 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetTokenInfo) ||
178 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismList) ||
179 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismInfo))
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]180 goto out;
181
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]182 Do_ADBG_EndSubCase(c, "Test C_GetFunctionList()");
183 Do_ADBG_BeginSubCase(c, "Test C_GetInfo()");
184
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]185 rv = C_GetInfo(&lib_info);
186 if (!ADBG_EXPECT_CK_OK(c, rv))
187 goto out;
188
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]189 Do_ADBG_EndSubCase(c, "Test C_GetInfo()");
190 Do_ADBG_BeginSubCase(c, "Test C_GetSlotList()");
191
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]192 rv = C_GetSlotList(0, NULL, &slot_count);
193 if (!ADBG_EXPECT_CK_OK(c, rv))
194 goto out;
195
196 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, !=, 0))
197 goto out;
198
Etienne Carrierede746332020-03-04 19:43:53 +0100[diff] [blame]199 if (slot_count > 1) {
200 /* Ensure case non-NULL-buffer and zero-count is tested */
201 CK_SLOT_ID id = 0;
202
203 slot_count = 0;
204 rv = C_GetSlotList(0, &id, &slot_count);
205 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
206 goto out;
207 }
208
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]209 rv = C_GetSlotList(1, NULL, &present_slot_count);
210 if (!ADBG_EXPECT_CK_OK(c, rv))
211 goto out;
212
213 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, ==,
214 present_slot_count))
215 goto out;
216
217 slot_ids = calloc(slot_count, sizeof(CK_SLOT_ID));
218 if (!ADBG_EXPECT_NOT_NULL(c, slot_ids))
219 goto out;
220
221 slot_count--;
222 rv = C_GetSlotList(1, slot_ids, &slot_count);
223 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
224 goto out;
225
226 rv = C_GetSlotList(1, slot_ids, &slot_count);
227 if (!ADBG_EXPECT_CK_OK(c, rv))
228 goto out;
229
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]230 Do_ADBG_EndSubCase(c, "Test C_GetSlotList()");
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]231 Do_ADBG_BeginSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]232
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]233 for (i = 0; i < slot_count; i++) {
234 CK_SLOT_ID slot = slot_ids[i];
235
236 rv = C_GetSlotInfo(slot, &slot_info);
237 if (!ADBG_EXPECT_CK_OK(c, rv))
238 goto out;
239
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]240 rv = C_GetTokenInfo(slot, &token_info);
241 if (!ADBG_EXPECT_CK_OK(c, rv))
242 goto out;
243
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]244 if (max_slot_id < slot)
245 max_slot_id = slot;
246 }
247
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]248 Do_ADBG_EndSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]249 Do_ADBG_BeginSubCase(c, "Test C_GetMechanism{List|Info}()");
250
251 for (i = 0; i < slot_count; i++) {
252 CK_SLOT_ID slot = slot_ids[i];
253 size_t j = 0;
254
255 mecha_count = 0;
256 rv = C_GetMechanismList(slot, NULL, &mecha_count);
257 if (!ADBG_EXPECT_CK_OK(c, rv))
258 goto out;
259
260 if (mecha_count == 0)
261 continue;
262
263 free(mecha_types);
264 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
265 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
266 goto out;
267
268 /* Test specific case: valid buffer reference with 0 count */
269 mecha_count = 0;
270 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
271 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
272 goto out;
273
274 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
275 if (!ADBG_EXPECT_CK_OK(c, rv))
276 goto out;
277
278 for (j = 0; j < mecha_count; j++) {
279 rv = C_GetMechanismInfo(slot, mecha_types[j],
280 &mecha_info);
281 if (!ADBG_EXPECT_CK_OK(c, rv))
282 goto out;
283 }
284 }
285
286 Do_ADBG_EndSubCase(c, "Test C_GetMechanism{List|Info}()");
Vesa Jääskeläinen60298cc2021-01-19 09:06:00 +0200[diff] [blame]287 Do_ADBG_BeginSubCase(c, "Test C_GetMechanismList() with larger result buffer");
288
289 for (i = 0; i < slot_count; i++) {
290 CK_SLOT_ID slot = slot_ids[i];
291 CK_ULONG real_mecha_count = 0;
292 CK_ULONG alloc_mecha_count = 0;
293 uint8_t *data_ptr = NULL;
294 size_t j = 0;
295
296 rv = C_GetMechanismList(slot, NULL, &real_mecha_count);
297 if (!ADBG_EXPECT_CK_OK(c, rv))
298 goto out;
299
300 if (real_mecha_count == 0)
301 continue;
302
303 /* Allocate more memory for mechanisms than required */
304 alloc_mecha_count = real_mecha_count + 16;
305 mecha_count = alloc_mecha_count;
306
307 free(mecha_types);
308 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
309 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
310 goto out;
311 memset(mecha_types, 0xCC,
312 alloc_mecha_count * sizeof(*mecha_types));
313
314 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
315 if (!ADBG_EXPECT_CK_OK(c, rv))
316 goto out;
317
318 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, mecha_count, ==,
319 real_mecha_count))
320 goto out;
321
322 data_ptr = (uint8_t *)mecha_types;
323 for (j = real_mecha_count * sizeof(*mecha_types);
324 j < alloc_mecha_count * sizeof(*mecha_types); j++)
325 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, data_ptr[j], ==,
326 0xCC))
327 break;
328 }
329
330 Do_ADBG_EndSubCase(c, "Test C_GetMechanismList() with larger result buffer");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]331 Do_ADBG_BeginSubCase(c, "Test C_Get*Info() with invalid reference");
332
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]333 rv = C_GetSlotInfo(max_slot_id + 1, &slot_info);
334 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
335 goto out;
336
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]337 rv = C_GetTokenInfo(max_slot_id + 1, &token_info);
338 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
339 goto out;
340
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]341 mecha_count = 1;
342 if (!mecha_types)
343 mecha_types = malloc(sizeof(*mecha_types));
344 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
345 goto out;
346
347 rv = C_GetMechanismList(max_slot_id + 1, mecha_types, &mecha_count);
348 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
349 goto out;
350
351 rv = C_GetMechanismInfo(max_slot_id + 1, CKM_AES_KEY_GEN, &mecha_info);
352 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
353 goto out;
354
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]355 rv = C_GetSlotInfo(ULONG_MAX, &slot_info);
356 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
357 goto out;
358
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]359 rv = C_GetTokenInfo(ULONG_MAX, &token_info);
360 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
361 goto out;
362
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]363 mecha_count = 1;
364 rv = C_GetMechanismList(ULONG_MAX, mecha_types, &mecha_count);
365 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
366 goto out;
367
368 rv = C_GetMechanismInfo(ULONG_MAX, CKM_AES_KEY_GEN, &mecha_info);
369 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
370 goto out;
371
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]372out:
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]373 Do_ADBG_EndSubCase(c, NULL);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]374 free(slot_ids);
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]375 free(mecha_types);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]376
377 rv = C_Finalize(NULL);
378 ADBG_EXPECT_CK_OK(c, rv);
379}
380
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]381ADBG_CASE_DEFINE(pkcs11, 1001, xtest_pkcs11_test_1001,
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]382 "PKCS11: List PKCS#11 slots and get information from");
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]383
384static void xtest_pkcs11_test_1002(ADBG_Case_t *c)
385{
386 CK_RV rv = CKR_GENERAL_ERROR;
387 CK_SLOT_ID slot = 0;
388 CK_SESSION_HANDLE session[3] = { 0 };
389 CK_FLAGS session_flags = 0;
390 CK_SESSION_INFO session_info = { };
391 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
392
393 rv = init_lib_and_find_token_slot(&slot);
394 if (!ADBG_EXPECT_CK_OK(c, rv))
395 return;
396
397 rv = C_GetFunctionList(&ckfunc_list);
398 if (!ADBG_EXPECT_CK_OK(c, rv) ||
399 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_OpenSession) ||
400 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseSession) ||
401 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseAllSessions) ||
402 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSessionInfo))
403 goto bail;
404
405 Do_ADBG_BeginSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
406
407 session_flags = CKF_RW_SESSION;
408
409 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
Vesa Jääskeläinenc1378d92020-12-31 12:53:10 +0200[diff] [blame]410 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_PARALLEL_NOT_SUPPORTED, rv))
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]411 goto bail;
412
413 session_flags = CKF_SERIAL_SESSION;
414
415 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
416 if (!ADBG_EXPECT_CK_OK(c, rv))
417 goto bail;
418
419 rv = C_GetSessionInfo(session[0], &session_info);
420 if (!ADBG_EXPECT_CK_OK(c, rv) ||
421 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
422 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
423 session_flags) ||
424 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
425 CKS_RO_PUBLIC_SESSION) ||
426 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
427 goto bail;
428
429 session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
430
431 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[1]);
432 if (!ADBG_EXPECT_CK_OK(c, rv))
433 goto bail;
434
435 rv = C_GetSessionInfo(session[1], &session_info);
436 if (!ADBG_EXPECT_CK_OK(c, rv) ||
437 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
438 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
439 session_flags) ||
440 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
441 CKS_RW_PUBLIC_SESSION) ||
442 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
443 goto bail;
444
445 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[2]);
446 if (!ADBG_EXPECT_CK_OK(c, rv))
447 goto bail;
448
449 rv = C_GetSessionInfo(session[2], &session_info);
450 if (!ADBG_EXPECT_CK_OK(c, rv) ||
451 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
452 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
453 session_flags) ||
454 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
455 CKS_RW_PUBLIC_SESSION) ||
456 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
457 goto bail;
458
459 Do_ADBG_EndSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
460 Do_ADBG_BeginSubCase(c, "Test C_CloseSession()");
461
462 /* Close 2 of them */
463 rv = C_CloseSession(session[0]);
464 if (!ADBG_EXPECT_CK_OK(c, rv))
465 goto bail;
466
467 rv = C_GetSessionInfo(session[0], &session_info);
468 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
469 goto bail;
470
471 rv = C_GetSessionInfo(session[1], &session_info);
472 if (!ADBG_EXPECT_CK_OK(c, rv))
473 goto bail;
474
475 rv = C_GetSessionInfo(session[2], &session_info);
476 if (!ADBG_EXPECT_CK_OK(c, rv))
477 goto bail;
478
479 /* Close all remaining sessions, later calls should failed on session */
480 rv = C_CloseAllSessions(slot);
481 if (!ADBG_EXPECT_CK_OK(c, rv))
482 goto bail;
483
484 rv = C_CloseSession(session[1]);
485 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
486 goto bail;
487
488 rv = C_CloseSession(session[2]);
489 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
490 goto bail;
491
492 rv = C_GetSessionInfo(session[1], &session_info);
493 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
494 goto bail;
495
496 rv = C_GetSessionInfo(session[2], &session_info);
497 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
498 goto bail;
499
500 /* Open a session, should be closed from library closure */
501 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
502 if (!ADBG_EXPECT_CK_OK(c, rv))
503 goto bail;
504
505bail:
506 Do_ADBG_EndSubCase(c, NULL);
507 rv = close_lib();
508 ADBG_EXPECT_CK_OK(c, rv);
509}
510
511ADBG_CASE_DEFINE(pkcs11, 1002, xtest_pkcs11_test_1002,
512 "PKCS11: Open and close PKCS#11 sessions");
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]513
514/*
515 * Helpers for tests where we must log into the token.
516 * These define the genuine PINs and label to be used with the test token.
517 */
518static CK_UTF8CHAR test_token_so_pin[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 , 9, 10, };
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]519static CK_UTF8CHAR test_token_user_pin[] = {
520 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
521};
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]522static CK_UTF8CHAR test_token_label[] = "PKCS11 TA test token";
523
524static CK_RV init_test_token(CK_SLOT_ID slot)
525{
526 return C_InitToken(slot, test_token_so_pin, sizeof(test_token_so_pin),
527 test_token_label);
528}
529
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]530/* Login as user, eventually reset user PIN if needed */
531static CK_RV init_user_test_token(CK_SLOT_ID slot)
532{
533 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
534 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
535 CK_RV rv = CKR_GENERAL_ERROR;
536
537 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
538 if (rv)
539 return rv;
540
541 rv = C_Login(session, CKU_USER, test_token_user_pin,
542 sizeof(test_token_user_pin));
543 if (rv == CKR_OK) {
544 C_Logout(session);
545 C_CloseSession(session);
546 return rv;
547 }
548
549 rv = C_Login(session, CKU_SO, test_token_so_pin,
550 sizeof(test_token_so_pin));
551 if (rv) {
552 C_CloseSession(session);
553
554 rv = init_test_token(slot);
555 if (rv)
556 return rv;
557
558 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
559 if (rv)
560 return rv;
561
562 rv = C_Login(session, CKU_SO, test_token_so_pin,
563 sizeof(test_token_so_pin));
564 if (rv) {
565 C_CloseSession(session);
566 return rv;
567 }
568 }
569
570 rv = C_InitPIN(session, test_token_user_pin,
571 sizeof(test_token_user_pin));
572
573 C_Logout(session);
574 C_CloseSession(session);
575
576 return rv;
577}
578
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]579static CK_RV test_already_initialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
580{
581 CK_RV rv = CKR_GENERAL_ERROR;
582 CK_TOKEN_INFO token_info = { };
583 /* Same content as test_token_so_pin[] but 1 more byte */
584 CK_UTF8CHAR pin1[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, };
585 /* Same content as test_token_so_pin[] but 1 different byte */
586 CK_UTF8CHAR pin2[] = { 0, 1, 2, 3, 4, 5, 6, 6, 8, 9, 10, };
587 CK_FLAGS flags = 0;
588
589 Do_ADBG_BeginSubCase(c, "C_InitToken() on initialized token");
590
591 rv = C_GetTokenInfo(slot, &token_info);
592 if (!ADBG_EXPECT_CK_OK(c, rv))
593 goto out;
594
595 rv = C_InitToken(slot, test_token_so_pin,
596 sizeof(test_token_so_pin) - 1, test_token_label);
597 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
598 goto out;
599
600 rv = C_InitToken(slot, pin1, sizeof(pin1), test_token_label);
601 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
602 goto out;
603
604 rv = C_InitToken(slot, pin2, sizeof(pin2), test_token_label);
605 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
606 goto out;
607
608 rv = C_GetTokenInfo(slot, &token_info);
609 if (!ADBG_EXPECT_CK_OK(c, rv))
610 goto out;
611
612 flags = token_info.flags;
613
614 /* Token should have set CKF_SO_PIN_COUNT_LOW to 1 */
615 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_SO_PIN_COUNT_LOW))) {
616 rv = CKR_GENERAL_ERROR;
617 goto out;
618 }
619
620 rv = init_test_token(slot);
621 if (!ADBG_EXPECT_CK_OK(c, rv))
622 goto out;
623
624 rv = C_GetTokenInfo(slot, &token_info);
625 if (!ADBG_EXPECT_CK_OK(c, rv))
626 goto out;
627
628 flags = token_info.flags;
629
630 /*
631 * Token should have reset CKF_SO_PIN_COUNT_LOW to 0.
632 * Other flags should show a sane initialized state.
633 */
634 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_SO_PIN_COUNT_LOW)) ||
635 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
636 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
637 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
638 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]639 goto out;
640 }
641
642 rv = init_user_test_token(slot);
643 if (!ADBG_EXPECT_CK_OK(c, rv))
644 goto out;
645
646 rv = C_GetTokenInfo(slot, &token_info);
647 if (!ADBG_EXPECT_CK_OK(c, rv))
648 goto out;
649
650 flags = token_info.flags;
651
652 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
653 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
654 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
655 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
656 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
657 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE))) {
658 rv = CKR_GENERAL_ERROR;
659 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]660 }
661
662out:
663 Do_ADBG_EndSubCase(c, "C_InitToken() on initialized token");
664
665 return rv;
666}
667
668static CK_RV test_uninitialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
669{
670 CK_RV rv = CKR_GENERAL_ERROR;
671 CK_TOKEN_INFO token_info = { };
672 CK_FLAGS flags = 0;
673
674 Do_ADBG_BeginSubCase(c, "C_InitToken() on uninitialized token");
675
676 rv = init_test_token(slot);
677 if (!ADBG_EXPECT_CK_OK(c, rv))
678 goto out;
679
680 rv = C_GetTokenInfo(slot, &token_info);
681 if (!ADBG_EXPECT_CK_OK(c, rv))
682 goto out;
683
684 flags = token_info.flags;
685
686 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
687 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
688 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
689 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]690 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]691 }
692
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]693 rv = init_user_test_token(slot);
694 if (!ADBG_EXPECT_CK_OK(c, rv))
695 goto out;
696
697 rv = C_GetTokenInfo(slot, &token_info);
698 if (!ADBG_EXPECT_CK_OK(c, rv))
699 goto out;
700
701 flags = token_info.flags;
702
703 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
704 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
705 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
706 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
707 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
708 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
709 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)))
710 rv = CKR_GENERAL_ERROR;
711
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]712out:
713 Do_ADBG_EndSubCase(c, "C_InitToken() on uninitialized token");
714
715 return rv;
716}
717
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]718static CK_RV test_login_logout(ADBG_Case_t *c, CK_SLOT_ID slot)
719{
720 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
721 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
722 CK_RV rv = CKR_GENERAL_ERROR;
723
724 Do_ADBG_BeginSubCase(c, "Test C_Login()/C_Logout()");
725
726 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
727 if (!ADBG_EXPECT_CK_OK(c, rv))
728 goto out;
729
730 /* Logout: should fail as we did not log in yet */
731 rv = C_Logout(session);
732 ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv);
733
734 /* Login/re-log/logout user */
735 rv = C_Login(session, CKU_USER, test_token_user_pin,
736 sizeof(test_token_user_pin));
737 if (!ADBG_EXPECT_CK_OK(c, rv))
738 goto out;
739
740 rv = C_Login(session, CKU_USER, test_token_user_pin,
741 sizeof(test_token_user_pin));
742 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
743
744 rv = C_Logout(session);
745 if (!ADBG_EXPECT_CK_OK(c, rv))
746 goto out;
747
748 /* Login/re-log/logout security officer */
749 rv = C_Login(session, CKU_SO, test_token_so_pin,
750 sizeof(test_token_so_pin));
751 if (!ADBG_EXPECT_CK_OK(c, rv))
752 goto out;
753
754 rv = C_Login(session, CKU_SO, test_token_so_pin,
755 sizeof(test_token_so_pin));
756 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
757
758 rv = C_Logout(session);
759 if (!ADBG_EXPECT_CK_OK(c, rv))
760 goto out;
761
762 /* Login user then SO and reverse */
763 rv = C_Login(session, CKU_SO, test_token_so_pin,
764 sizeof(test_token_so_pin));
765 ADBG_EXPECT_CK_OK(c, rv);
766
767 rv = C_Login(session, CKU_USER, test_token_user_pin,
768 sizeof(test_token_user_pin));
769 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
770
771 rv = C_Logout(session);
772 if (!ADBG_EXPECT_CK_OK(c, rv))
773 goto out;
774
775 rv = C_Login(session, CKU_USER, test_token_user_pin,
776 sizeof(test_token_user_pin));
777 ADBG_EXPECT_CK_OK(c, rv);
778
779 rv = C_Login(session, CKU_SO, test_token_so_pin,
780 sizeof(test_token_so_pin));
781 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
782
783 rv = C_Logout(session);
784 ADBG_EXPECT_CK_OK(c, rv);
785
786 /* Login context specifc, in an invalid case (need an operation) */
787 rv = C_Login(session, CKU_CONTEXT_SPECIFIC, test_token_user_pin,
788 sizeof(test_token_user_pin));
789 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
790
791 rv = C_CloseSession(session);
792 ADBG_EXPECT_CK_OK(c, rv);
793
794out:
795 Do_ADBG_EndSubCase(c, "Test C_Login()/C_Logout()");
796 return rv;
797}
798
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]799static CK_RV test_set_pin(ADBG_Case_t *c, CK_SLOT_ID slot,
800 CK_USER_TYPE user_type)
801{
802 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
803 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
804 CK_UTF8CHAR some_pin[] = { 7, 6, 5, 4, 3, 2, 1, 2, 3, 4, 5, 6, 7 };
805 CK_UTF8CHAR_PTR old_pin = NULL;
806 CK_USER_TYPE ut = user_type;
807 size_t old_pin_sz = 0;
808 CK_RV rv2 = CKR_OK;
809 CK_RV rv = CKR_OK;
810
811 Do_ADBG_BeginSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
812
813 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
814 if (!ADBG_EXPECT_CK_OK(c, rv))
815 goto out;
816
817 if (user_type == CKU_SO) {
818 old_pin = (CK_UTF8CHAR_PTR)test_token_so_pin;
819 old_pin_sz = sizeof(test_token_so_pin);
820 } else {
821 old_pin = (CK_UTF8CHAR_PTR)test_token_user_pin;
822 old_pin_sz = sizeof(test_token_user_pin);
823 ut = CKU_USER;
824 }
825
826 if (ut == user_type) {
827 rv = C_Login(session, ut, old_pin, old_pin_sz);
828 if (!ADBG_EXPECT_CK_OK(c, rv))
829 goto out_session;
830 }
831
832 rv = C_SetPIN(session, old_pin, old_pin_sz, some_pin, sizeof(some_pin));
833 if (!ADBG_EXPECT_CK_OK(c, rv)) {
834 if (ut == user_type)
835 goto out_logout;
836 else
837 goto out_session;
838 }
839
840 if (ut == user_type) {
841 rv = C_Logout(session);
842 if (!ADBG_EXPECT_CK_OK(c, rv))
843 goto out_session;
844 }
845
846 rv = C_Login(session, ut, some_pin, sizeof(some_pin));
847 if (!ADBG_EXPECT_CK_OK(c, rv))
848 goto out_session;
849
850 rv = C_SetPIN(session, some_pin, sizeof(some_pin), old_pin, old_pin_sz);
851 ADBG_EXPECT_CK_OK(c, rv);
852
853out_logout:
854 rv2 = C_Logout(session);
855 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
856 rv = rv2;
857out_session:
858 rv2 = C_CloseSession(session);
859 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
860 rv = rv2;
861out:
862 Do_ADBG_EndSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
863
864 return rv;
865}
866
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]867static void xtest_pkcs11_test_1003(ADBG_Case_t *c)
868{
869 CK_RV rv = CKR_GENERAL_ERROR;
870 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
871 CK_SLOT_ID slot = 0;
872 CK_TOKEN_INFO token_info = { };
873
874 rv = C_GetFunctionList(&ckfunc_list);
875 if (!ADBG_EXPECT_CK_OK(c, rv) ||
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]876 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitToken) ||
877 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitPIN) ||
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]878 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_SetPIN) ||
879 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Login) ||
880 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Logout))
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]881 goto out;
882
883 rv = init_lib_and_find_token_slot(&slot);
884 if (!ADBG_EXPECT_CK_OK(c, rv))
885 return;
886
887 rv = C_GetTokenInfo(slot, &token_info);
888 if (!ADBG_EXPECT_CK_OK(c, rv))
889 goto out;
890
891 /* Abort test if token is about to lock */
892 if (!ADBG_EXPECT_TRUE(c, !(token_info.flags & CKF_SO_PIN_FINAL_TRY)))
893 goto out;
894
895 if (!(token_info.flags & CKF_TOKEN_INITIALIZED)) {
896 rv = test_uninitialized_token(c, slot);
897 if (rv != CKR_OK)
898 goto out;
899 }
900
901 rv = test_already_initialized_token(c, slot);
902 if (rv != CKR_OK)
903 goto out;
904
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]905 rv = test_login_logout(c, slot);
906 if (rv != CKR_OK)
907 goto out;
908
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]909 rv = test_set_pin(c, slot, CKU_USER);
910 if (rv != CKR_OK)
911 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]912
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]913 rv = test_set_pin(c, slot, CKU_SO);
914 if (rv != CKR_OK)
915 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]916
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]917 /*
918 * CKU_CONTEXT_SPECIFIC is anything not CKU_USER or CKU_SO in order
919 * to skip the initial login.
920 */
921 test_set_pin(c, slot, CKU_CONTEXT_SPECIFIC);
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]922out:
923 rv = close_lib();
924 ADBG_EXPECT_CK_OK(c, rv);
925}
926
927ADBG_CASE_DEFINE(pkcs11, 1003, xtest_pkcs11_test_1003,
928 "PKCS11: Login to PKCS#11 token");
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]929
930static CK_ATTRIBUTE cktest_token_object[] = {
931 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
932 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
933 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
934 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
935 sizeof(CK_OBJECT_CLASS) },
936 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
937 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
938};
939
940static CK_ATTRIBUTE cktest_session_object[] = {
941 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
942 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
943 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
944 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
945 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
946 sizeof(CK_OBJECT_CLASS) },
947 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
948};
949
950/* Create session object and token object from a session */
951static void test_create_destroy_single_object(ADBG_Case_t *c, bool persistent)
952{
953 CK_RV rv = CKR_GENERAL_ERROR;
954 CK_SLOT_ID slot = 0;
955 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
956 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
957 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
958
959 rv = init_lib_and_find_token_slot(&slot);
960 if (!ADBG_EXPECT_CK_OK(c, rv))
961 return;
962
963 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
964 if (!ADBG_EXPECT_CK_OK(c, rv))
965 goto out;
966
967 if (persistent) {
968 rv = C_CreateObject(session, cktest_token_object,
969 ARRAY_SIZE(cktest_token_object),
970 &obj_hdl);
971 } else {
972 rv = C_CreateObject(session, cktest_session_object,
973 ARRAY_SIZE(cktest_session_object),
974 &obj_hdl);
975 }
976
977 if (!ADBG_EXPECT_CK_OK(c, rv))
978 goto out;
979
980 rv = C_DestroyObject(session, obj_hdl);
981 ADBG_EXPECT_CK_OK(c, rv);
982out:
983 rv = C_CloseSession(session);
984 ADBG_EXPECT_CK_OK(c, rv);
985
986 rv = close_lib();
987 ADBG_EXPECT_CK_OK(c, rv);
988}
989
990static void test_create_destroy_session_objects(ADBG_Case_t *c)
991{
992 CK_RV rv = CKR_GENERAL_ERROR;
993 CK_SLOT_ID slot = 0;
994 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
995 CK_OBJECT_HANDLE obj_hdl[512] = { 0 };
996 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
997 size_t n = 0;
998
999 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
1000 obj_hdl[n] = CK_INVALID_HANDLE;
1001
1002 rv = init_lib_and_find_token_slot(&slot);
1003 if (!ADBG_EXPECT_CK_OK(c, rv))
1004 return;
1005
1006 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1007 if (!ADBG_EXPECT_CK_OK(c, rv))
1008 goto out;
1009
1010 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++) {
1011 rv = C_CreateObject(session, cktest_session_object,
1012 ARRAY_SIZE(cktest_session_object),
1013 obj_hdl + n);
1014
1015 if (rv == CKR_DEVICE_MEMORY || !ADBG_EXPECT_CK_OK(c, rv))
1016 break;
1017 }
1018
1019 Do_ADBG_Log(" created object count: %zu", n);
1020
1021 rv = C_CloseSession(session);
1022 ADBG_EXPECT_CK_OK(c, rv);
1023
1024 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1025 if (!ADBG_EXPECT_CK_OK(c, rv))
1026 goto out;
1027
1028 rv = C_CreateObject(session, cktest_session_object,
1029 ARRAY_SIZE(cktest_session_object),
1030 obj_hdl);
1031
1032 ADBG_EXPECT_CK_OK(c, rv);
1033
1034out:
1035 rv = C_CloseSession(session);
1036 ADBG_EXPECT_CK_OK(c, rv);
1037
1038 rv = close_lib();
1039 ADBG_EXPECT_CK_OK(c, rv);
1040}
1041
1042/* Create session object and token object from a session */
1043static void test_create_objects_in_session(ADBG_Case_t *c, bool readwrite)
1044{
1045 CK_RV rv = CKR_GENERAL_ERROR;
1046 CK_SLOT_ID slot = 0;
1047 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1048 CK_OBJECT_HANDLE token_obj_hld = CK_INVALID_HANDLE;
1049 CK_OBJECT_HANDLE session_obj_hld = CK_INVALID_HANDLE;
1050 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1051
1052 rv = init_lib_and_find_token_slot(&slot);
1053 if (!ADBG_EXPECT_CK_OK(c, rv))
1054 return;
1055
1056 if (readwrite)
1057 session_flags |= CKF_RW_SESSION;
1058
1059 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1060 if (!ADBG_EXPECT_CK_OK(c, rv))
1061 goto out;
1062
1063 rv = C_CreateObject(session, cktest_token_object,
1064 ARRAY_SIZE(cktest_token_object),
1065 &token_obj_hld);
1066
1067 if (readwrite) {
1068 if (!ADBG_EXPECT_CK_OK(c, rv))
1069 goto out;
1070 } else {
1071 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
1072 goto out;
1073 }
1074
1075 rv = C_CreateObject(session, cktest_session_object,
1076 ARRAY_SIZE(cktest_session_object),
1077 &session_obj_hld);
1078
1079 if (!ADBG_EXPECT_CK_OK(c, rv))
1080 goto out_tobj;
1081
1082 rv = C_DestroyObject(session, session_obj_hld);
1083 ADBG_EXPECT_CK_OK(c, rv);
1084
1085out_tobj:
1086 if (readwrite) {
1087 rv = C_DestroyObject(session, token_obj_hld);
1088 ADBG_EXPECT_CK_OK(c, rv);
1089 }
1090out:
1091 rv = C_CloseSession(session);
1092 ADBG_EXPECT_CK_OK(c, rv);
1093
1094 rv = close_lib();
1095 ADBG_EXPECT_CK_OK(c, rv);
1096}
1097
1098static void xtest_pkcs11_test_1004(ADBG_Case_t *c)
1099{
1100 Do_ADBG_BeginSubCase(c, "Create and destroy a volatile object");
1101 test_create_destroy_single_object(c, false /*!persistent*/);
1102 Do_ADBG_EndSubCase(c, "Create and destroy a volatile object");
1103
1104 Do_ADBG_BeginSubCase(c, "Create and destroy a persistent object");
1105 test_create_destroy_single_object(c, true /*persistent*/);
1106 Do_ADBG_EndSubCase(c, "Create and destroy a persistent object");
1107
1108 Do_ADBG_BeginSubCase(c, "Create and destroy many session objects");
1109 test_create_destroy_session_objects(c);
1110 Do_ADBG_EndSubCase(c, "Create and destroy many session objects");
1111
1112 Do_ADBG_BeginSubCase(c, "Create objects in a read-only session");
1113 test_create_objects_in_session(c, false /*!readwrite*/);
1114 Do_ADBG_EndSubCase(c, "Create objects in a read-only session");
1115
1116 Do_ADBG_BeginSubCase(c, "Create objects in a read/write session");
1117 test_create_objects_in_session(c, true /*readwrite*/);
1118 Do_ADBG_EndSubCase(c, "Create objects in a read/write session");
1119}
1120
1121ADBG_CASE_DEFINE(pkcs11, 1004, xtest_pkcs11_test_1004,
1122 "PKCS11: create/destroy PKCS#11 simple objects");
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]1123
1124
1125static const CK_MECHANISM_TYPE allowed_only_aes_ecb[] = {
1126 CKM_AES_ECB,
1127};
1128static const CK_MECHANISM_TYPE allowed_not_aes_ecb[] = {
1129 CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1130 CKM_AES_GCM, CKM_AES_CCM,
1131};
1132static const CK_MECHANISM_TYPE allowed_only_aes_cbcnopad[] = {
1133 CKM_AES_CBC,
1134};
1135static const CK_MECHANISM_TYPE allowed_not_aes_cbcnopad[] = {
1136 CKM_AES_ECB, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1137 CKM_AES_GCM, CKM_AES_CCM,
1138};
1139static const CK_MECHANISM_TYPE allowed_only_aes_ctr[] = {
1140 CKM_AES_CTR,
1141};
1142static const CK_MECHANISM_TYPE allowed_not_aes_ctr[] = {
1143 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTS,
1144 CKM_AES_GCM, CKM_AES_CCM,
1145};
1146static const CK_MECHANISM_TYPE allowed_only_aes_cts[] = {
1147 CKM_AES_CTS,
1148};
1149static const CK_MECHANISM_TYPE allowed_not_aes_cts[] = {
1150 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR,
1151 CKM_AES_GCM, CKM_AES_CCM,
1152};
1153
1154#define CKTEST_AES_KEY \
1155 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1156 sizeof(CK_OBJECT_CLASS) }, \
1157 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, \
1158 sizeof(CK_KEY_TYPE) }, \
1159 { CKA_VALUE, (void *)cktest_aes128_key, \
1160 sizeof(cktest_aes128_key) }
1161
1162#define CKTEST_AES_ALLOWED_KEY(_allowed) \
1163 { CKA_ALLOWED_MECHANISMS, (void *)_allowed, sizeof(_allowed), }
1164
1165#define CK_KEY_ALLOWED_AES_TEST(_label, _allowed) \
1166 static CK_ATTRIBUTE _label[] = { \
1167 CKTEST_AES_KEY, \
1168 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1169 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1170 CKTEST_AES_ALLOWED_KEY(_allowed), \
1171 }
1172
1173#define CK_KEY_ALLOWED_AES_ENC_TEST(_label, _allowed) \
1174 static CK_ATTRIBUTE _label[] = { \
1175 CKTEST_AES_KEY, \
1176 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1177 CKTEST_AES_ALLOWED_KEY(_allowed), \
1178 }
1179#define CK_KEY_ALLOWED_AES_DEC_TEST(_label, _allowed) \
1180 static CK_ATTRIBUTE _label[] = { \
1181 CKTEST_AES_KEY, \
1182 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1183 CKTEST_AES_ALLOWED_KEY(_allowed), \
1184 }
1185
1186CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ecb, allowed_only_aes_ecb);
1187CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ecb, allowed_not_aes_ecb);
1188CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cbcnopad, allowed_only_aes_cbcnopad);
1189CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cbcnopad, allowed_not_aes_cbcnopad);
1190CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cts, allowed_only_aes_cts);
1191CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cts, allowed_not_aes_cts);
1192CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ctr, allowed_only_aes_ctr);
1193CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ctr, allowed_not_aes_ctr);
1194
1195struct cktest_allowed_test {
1196 CK_ATTRIBUTE_PTR attr_key;
1197 CK_ULONG attr_count;
1198 CK_MECHANISM_PTR mechanism;
1199};
1200
1201#define CKTEST_KEY_MECHA(key, mecha) { \
1202 .attr_key = key, \
1203 .attr_count = ARRAY_SIZE(key), \
1204 .mechanism = mecha, \
1205 }
1206
1207static const struct cktest_allowed_test cktest_allowed_valid[] = {
1208 CKTEST_KEY_MECHA(cktest_aes_only_ecb, &cktest_aes_ecb_mechanism),
1209 CKTEST_KEY_MECHA(cktest_aes_only_cbcnopad, &cktest_aes_cbc_mechanism),
1210 CKTEST_KEY_MECHA(cktest_aes_only_cts, &cktest_aes_cts_mechanism),
1211 CKTEST_KEY_MECHA(cktest_aes_only_ctr, &cktest_aes_ctr_mechanism),
1212};
1213
1214static const struct cktest_allowed_test cktest_allowed_invalid[] = {
1215 CKTEST_KEY_MECHA(cktest_aes_not_ecb, &cktest_aes_ecb_mechanism),
1216 CKTEST_KEY_MECHA(cktest_aes_not_cbcnopad, &cktest_aes_cbc_mechanism),
1217 CKTEST_KEY_MECHA(cktest_aes_not_cts, &cktest_aes_cts_mechanism),
1218 CKTEST_KEY_MECHA(cktest_aes_not_ctr, &cktest_aes_ctr_mechanism),
1219};
1220
1221/* Create session object and token object from a session */
1222static CK_RV cipher_init_final(ADBG_Case_t *c, CK_SESSION_HANDLE session,
1223 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1224 CK_MECHANISM_PTR mechanism, uint32_t mode,
1225 CK_RV expected_rc)
1226{
1227 CK_RV rv2 = CKR_GENERAL_ERROR;
1228 CK_RV rv = CKR_GENERAL_ERROR;
1229 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1230
1231 switch (mode) {
1232 case TEE_MODE_ENCRYPT:
1233 case TEE_MODE_DECRYPT:
1234 break;
1235 default:
1236 ADBG_EXPECT_TRUE(c, false);
1237 }
1238
1239 rv = C_CreateObject(session, attr_key, attr_count, &object);
1240 if (!ADBG_EXPECT_CK_OK(c, rv))
1241 return rv;
1242
1243 if (mode == TEE_MODE_ENCRYPT)
1244 rv = C_EncryptInit(session, mechanism, object);
1245 if (mode == TEE_MODE_DECRYPT)
1246 rv = C_DecryptInit(session, mechanism, object);
1247
1248 if (!ADBG_EXPECT_CK_RESULT(c, expected_rc, rv)) {
1249 rv = CKR_GENERAL_ERROR;
1250 goto out;
1251 }
1252
1253 if (rv) {
1254 /*
1255 * If we're here it was the expected error code above and
1256 * we're supposed to return OK below.
1257 */
1258 rv = CKR_OK;
1259 } else {
1260 if (mode == TEE_MODE_ENCRYPT)
1261 rv = C_EncryptFinal(session, NULL, NULL);
1262 if (mode == TEE_MODE_DECRYPT)
1263 rv = C_DecryptFinal(session, NULL, NULL);
1264
1265 /* Only check that the operation is no more active */
1266 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
1267 rv = CKR_GENERAL_ERROR;
1268 }
1269
1270out:
1271 rv2 = C_DestroyObject(session, object);
1272 ADBG_EXPECT_CK_OK(c, rv2);
1273
1274 if (rv)
1275 return rv;
1276 else
1277 return rv2;
1278}
1279
1280CK_KEY_ALLOWED_AES_ENC_TEST(cktest_aes_enc_only_cts, allowed_only_aes_cts);
1281
1282CK_KEY_ALLOWED_AES_DEC_TEST(cktest_aes_dec_only_ctr, allowed_only_aes_ctr);
1283
1284static void xtest_pkcs11_test_1005(ADBG_Case_t *c)
1285{
1286 CK_RV rv = CKR_GENERAL_ERROR;
1287 CK_SLOT_ID slot = 0;
1288 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1289 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1290 size_t n = 0;
1291
1292 rv = init_lib_and_find_token_slot(&slot);
1293 if (!ADBG_EXPECT_CK_OK(c, rv))
1294 return;
1295
1296 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1297 if (!ADBG_EXPECT_CK_OK(c, rv))
1298 goto out;
1299
1300 for (n = 0; n < ARRAY_SIZE(cktest_allowed_valid); n++) {
1301
1302 Do_ADBG_BeginSubCase(c, "valid usage #%zu", n);
1303
1304 rv = cipher_init_final(c, session,
1305 cktest_allowed_valid[n].attr_key,
1306 cktest_allowed_valid[n].attr_count,
1307 cktest_allowed_valid[n].mechanism,
1308 TEE_MODE_ENCRYPT,
1309 CKR_OK);
1310
1311 ADBG_EXPECT_CK_OK(c, rv);
1312
1313 Do_ADBG_EndSubCase(c, NULL);
1314 if (rv)
1315 goto out;
1316
1317 }
1318
1319 for (n = 0; n < ARRAY_SIZE(cktest_allowed_invalid); n++) {
1320 Do_ADBG_BeginSubCase(c, "invalid usage #%zu", n);
1321
1322 rv = cipher_init_final(c, session,
1323 cktest_allowed_invalid[n].attr_key,
1324 cktest_allowed_invalid[n].attr_count,
1325 cktest_allowed_invalid[n].mechanism,
1326 TEE_MODE_ENCRYPT,
1327 CKR_KEY_FUNCTION_NOT_PERMITTED);
1328
1329 ADBG_EXPECT_CK_OK(c, rv);
1330
1331 Do_ADBG_EndSubCase(c, NULL);
1332 if (rv)
1333 goto out;
1334
1335 }
1336
1337out:
1338 rv = C_CloseSession(session);
1339 ADBG_EXPECT_CK_OK(c, rv);
1340
1341 rv = close_lib();
1342 ADBG_EXPECT_CK_OK(c, rv);
1343}
1344
1345
1346ADBG_CASE_DEFINE(pkcs11, 1005, xtest_pkcs11_test_1005,
1347 "PKCS11: Check ciphering with valid and invalid keys #1");
1348
1349static void xtest_pkcs11_test_1006(ADBG_Case_t *c)
1350{
1351 CK_RV rv = CKR_GENERAL_ERROR;
1352 CK_SLOT_ID slot = 0;
1353 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1354 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1355
1356 rv = init_lib_and_find_token_slot(&slot);
1357 if (!ADBG_EXPECT_CK_OK(c, rv))
1358 return;
1359
1360 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1361 if (!ADBG_EXPECT_CK_OK(c, rv))
1362 goto out;
1363
1364 /* Encrypt only AES CTS key */
1365 rv = cipher_init_final(c, session,
1366 cktest_aes_enc_only_cts,
1367 ARRAY_SIZE(cktest_aes_enc_only_cts),
1368 &cktest_aes_cts_mechanism,
1369 TEE_MODE_ENCRYPT,
1370 CKR_OK);
1371 if (!ADBG_EXPECT_CK_OK(c, rv))
1372 goto out;
1373
1374 rv = cipher_init_final(c, session,
1375 cktest_aes_enc_only_cts,
1376 ARRAY_SIZE(cktest_aes_enc_only_cts),
1377 &cktest_aes_cts_mechanism,
1378 TEE_MODE_DECRYPT,
1379 CKR_KEY_FUNCTION_NOT_PERMITTED);
1380 if (!ADBG_EXPECT_CK_OK(c, rv))
1381 goto out;
1382
1383 /* Decrypt only AES CTR key */
1384 rv = cipher_init_final(c, session,
1385 cktest_aes_dec_only_ctr,
1386 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1387 &cktest_aes_ctr_mechanism,
1388 TEE_MODE_ENCRYPT,
1389 CKR_KEY_FUNCTION_NOT_PERMITTED);
1390 if (!ADBG_EXPECT_CK_OK(c, rv))
1391 goto out;
1392
1393 rv = cipher_init_final(c, session,
1394 cktest_aes_dec_only_ctr,
1395 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1396 &cktest_aes_ctr_mechanism,
1397 TEE_MODE_ENCRYPT,
1398 CKR_KEY_FUNCTION_NOT_PERMITTED);
1399 if (!ADBG_EXPECT_CK_OK(c, rv))
1400 goto out;
1401
1402out:
1403 rv = C_CloseSession(session);
1404 ADBG_EXPECT_CK_OK(c, rv);
1405
1406 rv = close_lib();
1407 ADBG_EXPECT_CK_OK(c, rv);
1408}
1409ADBG_CASE_DEFINE(pkcs11, 1006, xtest_pkcs11_test_1006,
1410 "PKCS11: Check ciphering with valid and invalid keys #2");
1411
1412static CK_RV open_cipher_session(ADBG_Case_t *c,
1413 CK_SLOT_ID slot, CK_SESSION_HANDLE_PTR session,
1414 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1415 CK_MECHANISM_PTR mechanism, uint32_t mode)
1416{
1417 CK_RV rv = CKR_GENERAL_ERROR;
1418 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1419 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1420
1421 switch (mode) {
1422 case TEE_MODE_ENCRYPT:
1423 case TEE_MODE_DECRYPT:
1424 break;
1425 default:
1426 ADBG_EXPECT_TRUE(c, false);
1427 return CKR_GENERAL_ERROR;
1428 }
1429
1430 rv = C_OpenSession(slot, session_flags, NULL, 0, session);
1431 if (rv == CKR_DEVICE_MEMORY)
1432 return rv;
1433 if (!ADBG_EXPECT_CK_OK(c, rv))
1434 return rv;
1435
1436 rv = C_CreateObject(*session, attr_key, attr_count, &object);
1437 if (rv == CKR_DEVICE_MEMORY)
1438 return rv;
1439 if (!ADBG_EXPECT_CK_OK(c, rv))
1440 return rv;
1441
1442 if (mode == TEE_MODE_ENCRYPT)
1443 rv = C_EncryptInit(*session, mechanism, object);
1444 if (mode == TEE_MODE_DECRYPT)
1445 rv = C_DecryptInit(*session, mechanism, object);
1446
1447 if (rv == CKR_DEVICE_MEMORY)
1448 return rv;
1449 if (!ADBG_EXPECT_CK_OK(c, rv))
1450 return CKR_GENERAL_ERROR;
1451
1452 return rv;
1453}
1454
1455static void xtest_pkcs11_test_1007(ADBG_Case_t *c)
1456{
1457 CK_RV rv = CKR_GENERAL_ERROR;
1458 CK_SLOT_ID slot = 0;
1459 CK_SESSION_HANDLE sessions[128];
1460 size_t n = 0;
1461
1462 for (n = 0; n < ARRAY_SIZE(sessions); n++)
1463 sessions[n] = CK_INVALID_HANDLE;
1464
1465 rv = init_lib_and_find_token_slot(&slot);
1466 if (!ADBG_EXPECT_CK_OK(c, rv))
1467 return;
1468
1469 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1470
1471 rv = open_cipher_session(c, slot, &sessions[n],
1472 cktest_allowed_valid[0].attr_key,
1473 cktest_allowed_valid[0].attr_count,
1474 cktest_allowed_valid[0].mechanism,
1475 TEE_MODE_ENCRYPT);
1476
1477 /* Failure due to memory allocation is not a error case */
1478 if (rv == CKR_DEVICE_MEMORY)
1479 break;
1480
1481 if (!ADBG_EXPECT_CK_OK(c, rv))
1482 goto out;
1483 }
1484
1485 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, >, 0))
1486 goto out;
1487
1488 Do_ADBG_Log(" created sessions count: %zu", n);
1489
1490 /* Closing session with out bound and invalid IDs (or negative ID) */
1491 rv = C_CloseSession(sessions[n - 1] + 1024);
1492 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1493 rv = C_CloseSession(CK_INVALID_HANDLE);
1494 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1495 rv = C_CloseSession(~0);
1496 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1497
1498 /* Closing each session: all related resources shall be free */
1499 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1500 if (sessions[n] == CK_INVALID_HANDLE)
1501 continue;
1502
1503 rv = C_CloseSession(sessions[n]);
1504 ADBG_EXPECT_CK_OK(c, rv);
1505 sessions[n] = CK_INVALID_HANDLE;
1506 }
1507
1508 /* Open and close another session */
1509 rv = open_cipher_session(c, slot, &sessions[0],
1510 cktest_allowed_valid[0].attr_key,
1511 cktest_allowed_valid[0].attr_count,
1512 cktest_allowed_valid[0].mechanism,
1513 TEE_MODE_ENCRYPT);
1514
1515 if (!ADBG_EXPECT_CK_OK(c, rv))
1516 goto out;
1517
1518 rv = C_CloseSession(sessions[0]);
1519 ADBG_EXPECT_CK_OK(c, rv);
1520 sessions[0] = CK_INVALID_HANDLE;
1521
1522out:
1523 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1524 if (sessions[n] == CK_INVALID_HANDLE)
1525 continue;
1526
1527 rv = C_CloseSession(sessions[n]);
1528 ADBG_EXPECT_CK_OK(c, rv);
1529 }
1530
1531 rv = close_lib();
1532 ADBG_EXPECT_CK_OK(c, rv);
1533}
1534ADBG_CASE_DEFINE(pkcs11, 1007, xtest_pkcs11_test_1007,
1535 "PKCS11: Check operations release at session closure");
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1536
1537#define CK_MAC_KEY_HMAC(_type, _key_array) \
1538 { \
1539 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, \
1540 sizeof(CK_BBOOL) }, \
1541 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, \
1542 sizeof(CK_BBOOL) }, \
1543 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1544 sizeof(CK_OBJECT_CLASS) }, \
1545 { CKA_KEY_TYPE, &(CK_KEY_TYPE){_type}, \
1546 sizeof(CK_KEY_TYPE) }, \
1547 { CKA_VALUE, (void *)(_key_array), \
1548 sizeof(_key_array) } \
1549 }
1550
1551static CK_ATTRIBUTE cktest_hmac_md5_key[] =
1552 CK_MAC_KEY_HMAC(CKK_MD5_HMAC, mac_data_md5_key1);
1553
1554static CK_ATTRIBUTE cktest_hmac_sha1_key[] =
1555 CK_MAC_KEY_HMAC(CKK_SHA_1_HMAC, mac_data_sha1_key1);
1556
1557static CK_ATTRIBUTE cktest_hmac_sha224_key[] =
1558 CK_MAC_KEY_HMAC(CKK_SHA224_HMAC, mac_data_sha224_key1);
1559
1560static CK_ATTRIBUTE cktest_hmac_sha256_key1[] =
1561 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key1);
1562
1563static CK_ATTRIBUTE cktest_hmac_sha256_key2[] =
1564 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key2);
1565
1566static CK_ATTRIBUTE cktest_hmac_sha384_key[] =
1567 CK_MAC_KEY_HMAC(CKK_SHA384_HMAC, mac_data_sha384_key1);
1568
1569static CK_ATTRIBUTE cktest_hmac_sha512_key[] =
1570 CK_MAC_KEY_HMAC(CKK_SHA512_HMAC, mac_data_sha512_key1);
1571
1572struct mac_test {
1573 CK_ATTRIBUTE_PTR attr_key;
1574 CK_ULONG attr_count;
1575 CK_MECHANISM_PTR mechanism;
1576 size_t in_incr;
1577 const uint8_t *in;
1578 size_t in_len;
1579 const uint8_t *out;
1580 size_t out_len;
1581 bool multiple_incr;
1582};
1583
1584#define CKTEST_MAC_TEST(key, mecha, input_incr, input, output, incr) { \
1585 .attr_key = key, \
1586 .attr_count = ARRAY_SIZE(key), \
1587 .mechanism = mecha, \
1588 .in_incr = input_incr, \
1589 .in = input, \
1590 .in_len = ARRAY_SIZE(input), \
1591 .out = output, \
1592 .out_len = ARRAY_SIZE(output), \
1593 .multiple_incr = incr \
1594 }
1595
1596static const struct mac_test cktest_mac_cases[] = {
1597 CKTEST_MAC_TEST(cktest_hmac_md5_key, &cktest_hmac_md5_mechanism,
1598 4, mac_data_md5_in1, mac_data_md5_out1, false),
1599 CKTEST_MAC_TEST(cktest_hmac_sha1_key, &cktest_hmac_sha1_mechanism,
1600 5, mac_data_sha1_in1, mac_data_sha1_out1, false),
1601 CKTEST_MAC_TEST(cktest_hmac_sha224_key, &cktest_hmac_sha224_mechanism,
1602 8, mac_data_sha224_in1, mac_data_sha224_out1, false),
1603 CKTEST_MAC_TEST(cktest_hmac_sha256_key1, &cktest_hmac_sha256_mechanism,
1604 1, mac_data_sha256_in1, mac_data_sha256_out1, false),
1605 CKTEST_MAC_TEST(cktest_hmac_sha256_key2, &cktest_hmac_sha256_mechanism,
1606 7, mac_data_sha256_in2, mac_data_sha256_out2, false),
1607 CKTEST_MAC_TEST(cktest_hmac_sha384_key, &cktest_hmac_sha384_mechanism,
1608 11, mac_data_sha384_in1, mac_data_sha384_out1, false),
1609 CKTEST_MAC_TEST(cktest_hmac_sha512_key, &cktest_hmac_sha512_mechanism,
1610 13, mac_data_sha512_in1, mac_data_sha512_out1, false),
1611};
1612
1613static void xtest_pkcs11_test_1008(ADBG_Case_t *c)
1614{
1615 CK_RV rv = CKR_GENERAL_ERROR;
1616 CK_SLOT_ID slot = 0;
1617 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1618 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1619 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1620 uint8_t out[512] = { 0 };
1621 CK_ULONG out_size = 0;
1622 struct mac_test const *test = NULL;
1623 size_t n = 0;
1624
1625 rv = init_lib_and_find_token_slot(&slot);
1626 if (!ADBG_EXPECT_CK_OK(c, rv))
1627 return;
1628
1629 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1630 if (!ADBG_EXPECT_CK_OK(c, rv))
1631 goto err_close_lib;
1632
1633 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1634
1635 test = &cktest_mac_cases[n];
1636 Do_ADBG_BeginSubCase(c, "Sign case %zu algo (%s)", n,
1637 ckm2str(test->mechanism->mechanism));
1638
1639 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1640 &key_handle);
1641 if (!ADBG_EXPECT_CK_OK(c, rv))
1642 goto err;
1643
1644 /* Test signature in 1 step */
1645 if (test->in != NULL) {
1646 rv = C_SignInit(session, test->mechanism, key_handle);
1647 if (!ADBG_EXPECT_CK_OK(c, rv))
1648 goto err_destr_obj;
1649
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame]1650 /* Pass input buffer of size 0 */
1651 rv = C_SignUpdate(session,
1652 (void *)test->in, 0);
1653 if (!ADBG_EXPECT_CK_OK(c, rv))
1654 goto err_destr_obj;
1655
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1656 rv = C_SignUpdate(session,
1657 (void *)test->in, test->in_len);
1658 if (!ADBG_EXPECT_CK_OK(c, rv))
1659 goto err_destr_obj;
1660
1661 /* Test too short buffer case */
1662 out_size = 1;
1663 rv = C_SignFinal(session, out, &out_size);
1664 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1665 goto err_destr_obj;
1666
1667 /*
1668 * Test NULL buffer case with size as 0
1669 * to get the out_size
1670 */
1671 out_size = 0;
1672 rv = C_SignFinal(session, NULL, &out_size);
1673 if (!ADBG_EXPECT_CK_OK(c, rv))
1674 goto err_destr_obj;
1675
1676 /* Get to full output */
1677 memset(out, 0, out_size);
1678 rv = C_SignFinal(session, out, &out_size);
1679 if (!ADBG_EXPECT_CK_OK(c, rv))
1680 goto err_destr_obj;
1681
1682 (void)ADBG_EXPECT_BUFFER(c, test->out,
1683 test->out_len,
1684 out, out_size);
1685 }
1686
1687 /* Test 2 step update signature */
1688 rv = C_SignInit(session, test->mechanism, key_handle);
1689 if (!ADBG_EXPECT_CK_OK(c, rv))
1690 goto err_destr_obj;
1691
1692 if (test->in != NULL) {
1693 rv = C_SignUpdate(session,
1694 (void *)test->in, test->in_incr);
1695 if (!ADBG_EXPECT_CK_OK(c, rv))
1696 goto err_destr_obj;
1697
1698 rv = C_SignUpdate(session,
1699 (void *)(test->in + test->in_incr),
1700 test->in_len - test->in_incr);
1701 if (!ADBG_EXPECT_CK_OK(c, rv))
1702 goto err_destr_obj;
1703 }
1704
1705 out_size = sizeof(out);
1706 memset(out, 0, sizeof(out));
1707
1708 rv = C_SignFinal(session, out, &out_size);
1709 if (!ADBG_EXPECT_CK_OK(c, rv))
1710 goto err_destr_obj;
1711
1712 (void)ADBG_EXPECT_BUFFER(c, test->out,
1713 test->out_len, out, out_size);
1714
1715 /* Test 3 signature in one shot */
1716 if (test->in != NULL) {
1717 rv = C_SignInit(session, test->mechanism, key_handle);
1718 if (!ADBG_EXPECT_CK_OK(c, rv))
1719 goto err_destr_obj;
1720
1721 /* Test too short buffer case */
1722 out_size = 1;
1723 rv = C_Sign(session,(void *)test->in, test->in_len,
1724 out, &out_size);
1725 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1726 goto err_destr_obj;
1727
1728 /*
1729 * Test NULL buffer case with size as 0
1730 * to get the out_size
1731 */
1732 out_size = 0;
1733 rv = C_Sign(session, (void *)test->in, test->in_len,
1734 NULL, &out_size);
1735 if (!ADBG_EXPECT_CK_OK(c, rv))
1736 goto err_destr_obj;
1737
1738 /* Get to full output */
1739 memset(out, 0, out_size);
1740 rv = C_Sign(session,(void *)test->in, test->in_len,
1741 out, &out_size);
1742 if (!ADBG_EXPECT_CK_OK(c, rv))
1743 goto err_destr_obj;
1744
1745 (void)ADBG_EXPECT_BUFFER(c, test->out,
1746 test->out_len,
1747 out, out_size);
1748 }
1749
1750 rv = C_DestroyObject(session, key_handle);
1751 if (!ADBG_EXPECT_CK_OK(c, rv))
1752 goto err;
1753
1754 Do_ADBG_EndSubCase(c, NULL);
1755 }
1756 goto out;
1757
1758err_destr_obj:
1759 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1760err:
1761 Do_ADBG_EndSubCase(c, NULL);
1762out:
1763 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1764err_close_lib:
1765 ADBG_EXPECT_CK_OK(c, close_lib());
1766}
1767ADBG_CASE_DEFINE(pkcs11, 1008, xtest_pkcs11_test_1008,
1768 "PKCS11: Check Compliance of C_Sign - HMAC algorithms");
1769
1770static void xtest_pkcs11_test_1009(ADBG_Case_t *c)
1771{
1772 CK_RV rv = CKR_GENERAL_ERROR;
1773 CK_SLOT_ID slot = 0;
1774 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1775 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1776 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1777 struct mac_test const *test = NULL;
1778 size_t n = 0;
1779
1780 rv = init_lib_and_find_token_slot(&slot);
1781 if (!ADBG_EXPECT_CK_OK(c, rv))
1782 return;
1783
1784 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1785 if (!ADBG_EXPECT_CK_OK(c, rv))
1786 goto err_close_lib;
1787
1788 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1789
1790 test = &cktest_mac_cases[n];
1791 Do_ADBG_BeginSubCase(c, "Verify case %zu algo (%s)", n,
1792 ckm2str(test->mechanism->mechanism));
1793
1794 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1795 &key_handle);
1796 if (!ADBG_EXPECT_CK_OK(c, rv))
1797 goto err;
1798
1799 /* Test Verification in 1 step */
1800 if (test->in != NULL) {
1801 rv = C_VerifyInit(session, test->mechanism, key_handle);
1802 if (!ADBG_EXPECT_CK_OK(c, rv))
1803 goto err_destr_obj;
1804
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame]1805 /* Pass input buffer with size 0 - No affect */
1806 rv = C_VerifyUpdate(session, (void *)test->in, 0);
1807 if (!ADBG_EXPECT_CK_OK(c, rv))
1808 goto err_destr_obj;
1809
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1810 rv = C_VerifyUpdate(session, (void *)test->in,
1811 test->in_len);
1812 if (!ADBG_EXPECT_CK_OK(c, rv))
1813 goto err_destr_obj;
1814
1815 rv = C_VerifyFinal(session,
1816 (void *)test->out, test->out_len);
1817 if (!ADBG_EXPECT_CK_OK(c, rv))
1818 goto err_destr_obj;
1819
1820 }
1821
1822 /* Test 2 step update verification*/
1823 rv = C_VerifyInit(session, test->mechanism, key_handle);
1824 if (!ADBG_EXPECT_CK_OK(c, rv))
1825 goto err_destr_obj;
1826
1827 if (test->in != NULL) {
1828 rv = C_VerifyUpdate(session,
1829 (void *)test->in, test->in_incr);
1830 if (!ADBG_EXPECT_CK_OK(c, rv))
1831 goto err_destr_obj;
1832
1833 rv = C_VerifyUpdate(session,
1834 (void *)(test->in + test->in_incr),
1835 test->in_len - test->in_incr);
1836 if (!ADBG_EXPECT_CK_OK(c, rv))
1837 goto err_destr_obj;
1838 }
1839
1840 rv = C_VerifyFinal(session, (void *)test->out, test->out_len);
1841 if (!ADBG_EXPECT_CK_OK(c, rv))
1842 goto err_destr_obj;
1843
1844 /* Error as Operation has already completed */
1845 rv = C_Verify(session,
1846 (void *)test->in, test->in_len,
1847 (void *)test->out, test->out_len);
1848 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED,
1849 rv))
1850 goto err_destr_obj;
1851
1852 /* Test 3 verification in one shot */
1853 if (test->in != NULL) {
1854 rv = C_VerifyInit(session, test->mechanism, key_handle);
1855 if (!ADBG_EXPECT_CK_OK(c, rv))
1856 goto err_destr_obj;
1857
1858 rv = C_Verify(session,
1859 (void *)test->in, test->in_len,
1860 (void *)test->out, test->out_len);
1861 if (!ADBG_EXPECT_CK_OK(c, rv))
1862 goto err_destr_obj;
1863
1864 /* Try calling Verify again */
1865 rv = C_Verify(session,
1866 (void *)test->in, test->in_len,
1867 (void *)test->out, test->out_len);
1868 if (!ADBG_EXPECT_CK_RESULT(c,
1869 CKR_OPERATION_NOT_INITIALIZED,
1870 rv))
1871 goto err_destr_obj;
1872 }
1873
1874 /*
1875 * Test 4 verification
1876 * Error - Signature Length Range with C_VerifyFinal
1877 */
1878 if (test->in != NULL) {
1879 rv = C_VerifyInit(session, test->mechanism, key_handle);
1880 if (!ADBG_EXPECT_CK_OK(c, rv))
1881 goto err_destr_obj;
1882
1883 rv = C_VerifyUpdate(session, (void *)test->in,
1884 test->in_len);
1885 if (!ADBG_EXPECT_CK_OK(c, rv))
1886 goto err_destr_obj;
1887
1888 rv = C_VerifyFinal(session, (void *)test->out, 3);
1889 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1890 rv))
1891 goto err_destr_obj;
1892 }
1893
1894 /*
1895 * Test 5 verification
1896 * Error - Signature Length Range with C_Verify
1897 */
1898 if (test->in != NULL) {
1899 rv = C_VerifyInit(session, test->mechanism, key_handle);
1900 if (!ADBG_EXPECT_CK_OK(c, rv))
1901 goto err_destr_obj;
1902
1903 rv = C_Verify(session,
1904 (void *)test->in, test->in_len,
1905 (void *)test->out, 0);
1906 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1907 rv))
1908 goto err_destr_obj;
1909 }
1910
1911 /* Test 6 verification - Invalid Operation sequence */
1912 if (test->in != NULL) {
1913 rv = C_VerifyInit(session, test->mechanism, key_handle);
1914 if (!ADBG_EXPECT_CK_OK(c, rv))
1915 goto err_destr_obj;
1916
1917 rv = C_Verify(session,
1918 (void *)test->in, test->in_len,
1919 (void *)test->out, test->out_len);
1920 if (!ADBG_EXPECT_CK_OK(c, rv))
1921 goto err_destr_obj;
1922
1923 /* Init session has already terminated with C_Verify */
1924 rv = C_VerifyUpdate(session, (void *)test->in,
1925 test->in_len);
1926 if (!ADBG_EXPECT_CK_RESULT(c,
1927 CKR_OPERATION_NOT_INITIALIZED,
1928 rv))
1929 goto err_destr_obj;
1930 }
1931
1932 rv = C_DestroyObject(session, key_handle);
1933 if (!ADBG_EXPECT_CK_OK(c, rv))
1934 goto err;
1935
1936 Do_ADBG_EndSubCase(c, NULL);
1937 }
1938 goto out;
1939
1940err_destr_obj:
1941 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1942err:
1943 Do_ADBG_EndSubCase(c, NULL);
1944out:
1945 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1946err_close_lib:
1947 ADBG_EXPECT_CK_OK(c, close_lib());
1948}
1949ADBG_CASE_DEFINE(pkcs11, 1009, xtest_pkcs11_test_1009,
1950 "PKCS11: Check Compliance of C_Verify - HMAC Algorithms");
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]1951
1952/* Bad key type */
1953static CK_ATTRIBUTE cktest_generate_gensecret_object_error1[] = {
1954 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1955 sizeof(CK_OBJECT_CLASS) },
1956 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
1957 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
1958};
1959
1960/* Missing VALUE_LEN */
1961static CK_ATTRIBUTE cktest_generate_gensecret_object_error2[] = {
1962 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1963 sizeof(CK_OBJECT_CLASS) },
1964 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1965 sizeof(CK_KEY_TYPE) },
1966};
1967
1968/* Bad object class */
1969static CK_ATTRIBUTE cktest_generate_gensecret_object_error3[] = {
1970 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA}, sizeof(CK_OBJECT_CLASS) },
1971 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1972 sizeof(CK_KEY_TYPE) },
1973 { CKA_VALUE_LEN, &(CK_ULONG){16 * 8}, sizeof(CK_ULONG) },
1974};
1975
1976/* Invalid template with CKA_LOCAL */
1977static CK_ATTRIBUTE cktest_generate_gensecret_object_error4[] = {
1978 { CKA_VALUE_LEN, &(CK_ULONG){16 * 8}, sizeof(CK_ULONG) },
1979 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1980};
1981
1982/* Valid template to generate a generic secret */
1983static CK_ATTRIBUTE cktest_generate_gensecret_object_valid1[] = {
1984 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1985 sizeof(CK_OBJECT_CLASS) },
1986 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1987 sizeof(CK_KEY_TYPE) },
1988 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1989 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1990 { CKA_VALUE_LEN, &(CK_ULONG){16 * 8}, sizeof(CK_ULONG) },
1991};
1992
1993/* Valid template to generate a generic secret with only VALUE_LEN */
1994static CK_ATTRIBUTE cktest_generate_gensecret_object_valid2[] = {
1995 { CKA_VALUE_LEN, &(CK_ULONG){16 * 8}, sizeof(CK_ULONG) },
1996 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1997};
1998
1999
2000/* Valid template to generate an all AES purpose key */
2001static CK_ATTRIBUTE cktest_generate_aes_object[] = {
2002 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
2003 sizeof(CK_OBJECT_CLASS) },
2004 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
2005 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2006 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2007 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
2008};
2009
2010static void xtest_pkcs11_test_1010(ADBG_Case_t *c)
2011{
2012 CK_RV rv = CKR_GENERAL_ERROR;
2013 CK_SLOT_ID slot = 0;
2014 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2015 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2016 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
2017 struct mac_test const *test = &cktest_mac_cases[0];
2018 uint8_t out[512] = { 0 };
2019 CK_ULONG out_len = 512;
2020
2021 rv = init_lib_and_find_token_slot(&slot);
2022 if (!ADBG_EXPECT_CK_OK(c, rv))
2023 return;
2024
2025 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2026 if (!ADBG_EXPECT_CK_OK(c, rv))
2027 goto close_lib;
2028
2029 /*
2030 * Generate Generic Secret key using invalid templates
2031 */
2032 Do_ADBG_BeginSubCase(c, "Generate Secret Key with Invalid Templates");
2033
2034 /* NULL Template with !null template length */
2035 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism, NULL,
2036 3, &key_handle);
2037 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
2038 goto err;
2039
2040 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2041 cktest_generate_gensecret_object_error1,
2042 ARRAY_SIZE(cktest_generate_gensecret_object_error1),
2043 &key_handle);
2044 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2045 goto err;
2046
2047 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2048 cktest_generate_gensecret_object_error2,
2049 ARRAY_SIZE(cktest_generate_gensecret_object_error2),
2050 &key_handle);
2051 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCOMPLETE, rv))
2052 goto err;
2053
2054 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2055 cktest_generate_gensecret_object_error3,
2056 ARRAY_SIZE(cktest_generate_gensecret_object_error3),
2057 &key_handle);
2058 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2059 goto err;
2060
2061 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2062 cktest_generate_gensecret_object_error4,
2063 ARRAY_SIZE(cktest_generate_gensecret_object_error4),
2064 &key_handle);
2065 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2066 goto err;
2067
2068 Do_ADBG_EndSubCase(c, NULL);
2069
2070 /*
2071 * Generate a Generic Secret object.
2072 * Try to encrypt with, it should fail...
2073 */
2074 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Encrypting");
2075
2076 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2077 cktest_generate_gensecret_object_valid1,
2078 ARRAY_SIZE(cktest_generate_gensecret_object_valid1),
2079 &key_handle);
2080 if (!ADBG_EXPECT_CK_OK(c, rv))
2081 goto err;
2082
2083 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2084 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_FUNCTION_NOT_PERMITTED, rv))
2085 goto err_destr_obj;
2086
2087 rv = C_DestroyObject(session, key_handle);
2088 if (!ADBG_EXPECT_CK_OK(c, rv))
2089 goto err;
2090
2091 Do_ADBG_EndSubCase(c, NULL);
2092
2093 /*
2094 * Generate a Generic Secret object.
2095 * Try to sign with it, it should pass...
2096 */
2097 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Signing");
2098 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2099 cktest_generate_gensecret_object_valid2,
2100 ARRAY_SIZE(cktest_generate_gensecret_object_valid2),
2101 &key_handle);
2102 if (!ADBG_EXPECT_CK_OK(c, rv))
2103 goto err;
2104
2105 rv = C_SignInit(session, test->mechanism, key_handle);
2106 if (!ADBG_EXPECT_CK_OK(c, rv))
2107 goto err_destr_obj;
2108
2109 rv = C_Sign(session, (void *)test->in, test->in_len,
2110 (void *)out, &out_len);
2111 if (!ADBG_EXPECT_CK_OK(c, rv))
2112 goto err_destr_obj;
2113
2114 rv = C_DestroyObject(session, key_handle);
2115 if (!ADBG_EXPECT_CK_OK(c, rv))
2116 goto err;
2117
2118 Do_ADBG_EndSubCase(c, NULL);
2119
2120 /*
2121 * Generate a 128 bit AES Secret Key.
2122 * Try to encrypt with, it should pass...
2123 */
2124 Do_ADBG_BeginSubCase(c, "Generate AES Key - Try Encrypting");
2125
2126 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
2127 cktest_generate_aes_object,
2128 ARRAY_SIZE(cktest_generate_aes_object),
2129 &key_handle);
2130 if (!ADBG_EXPECT_CK_OK(c, rv))
2131 goto err;
2132
2133 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2134 if (!ADBG_EXPECT_CK_OK(c, rv))
2135 goto err_destr_obj;
2136
2137 rv = C_EncryptFinal(session, NULL, NULL);
2138 /* Only check that the operation is no more active */
2139 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
2140 goto err;
2141
2142 rv = C_DestroyObject(session, key_handle);
2143 if (!ADBG_EXPECT_CK_OK(c, rv))
2144 goto err;
2145
2146 Do_ADBG_EndSubCase(c, NULL);
2147
2148 goto out;
2149
2150err_destr_obj:
2151 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
2152err:
2153 Do_ADBG_EndSubCase(c, NULL);
2154out:
2155 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2156close_lib:
2157 ADBG_EXPECT_CK_OK(c, close_lib());
2158}
2159ADBG_CASE_DEFINE(pkcs11, 1010, xtest_pkcs11_test_1010,
2160 "PKCS11: Key Generation");
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2161
2162static CK_RV create_data_object(CK_SESSION_HANDLE session,
2163 CK_OBJECT_HANDLE *obj_handle,
2164 CK_BBOOL token, CK_BBOOL private,
2165 const char *label)
2166{
2167 CK_OBJECT_CLASS class = CKO_DATA;
2168 CK_ATTRIBUTE object_template[] = {
2169 { CKA_CLASS, &class, sizeof(CK_OBJECT_CLASS) },
2170 { CKA_TOKEN, &token, sizeof(CK_BBOOL) },
2171 { CKA_PRIVATE, &private, sizeof(CK_BBOOL) },
2172 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2173 };
2174
2175 return C_CreateObject(session, object_template,
2176 ARRAY_SIZE(object_template), obj_handle);
2177}
2178
2179static CK_RV test_find_objects(ADBG_Case_t *c, CK_SESSION_HANDLE session,
2180 CK_ATTRIBUTE_PTR find_template,
2181 CK_ULONG attr_count,
2182 CK_OBJECT_HANDLE_PTR obj_found,
2183 CK_ULONG obj_count,
2184 CK_ULONG expected_cnt)
2185{
2186 CK_RV rv = CKR_GENERAL_ERROR;
2187 CK_ULONG hdl_count = 0;
2188
2189 rv = C_FindObjectsInit(session, find_template, attr_count);
2190 if (!ADBG_EXPECT_CK_OK(c, rv))
2191 return rv;
2192
2193 rv = C_FindObjects(session, obj_found, obj_count, &hdl_count);
2194 if (!ADBG_EXPECT_CK_OK(c, rv))
2195 return rv;
2196 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, expected_cnt))
2197 return CKR_GENERAL_ERROR;
2198
2199 rv = C_FindObjectsFinal(session);
2200 if (!ADBG_EXPECT_CK_OK(c, rv))
2201 return rv;
2202
2203 return rv;
2204}
2205
2206static void destroy_persistent_objects(ADBG_Case_t *c, CK_SLOT_ID slot)
2207{
2208 uint32_t rv = CKR_GENERAL_ERROR;
2209 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2210 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2211 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2212 CK_ULONG count = 1;
2213 CK_ATTRIBUTE cktest_find_all_token_objs[] = {
2214 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2215 };
2216
2217 rv = init_user_test_token(slot);
2218 if (!ADBG_EXPECT_CK_OK(c, rv))
2219 return;
2220
2221 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2222 if (!ADBG_EXPECT_CK_OK(c, rv))
2223 return;
2224
2225 /* Login to destroy private objects */
2226 rv = C_Login(session, CKU_USER, test_token_user_pin,
2227 sizeof(test_token_user_pin));
2228 if (!ADBG_EXPECT_CK_OK(c, rv))
2229 goto bail;
2230
2231 rv = C_FindObjectsInit(session, cktest_find_all_token_objs,
2232 ARRAY_SIZE(cktest_find_all_token_objs));
2233 if (!ADBG_EXPECT_CK_OK(c, rv))
2234 goto bail;
2235
2236 while (1) {
2237 rv = C_FindObjects(session, &obj_hdl, 1, &count);
2238 if (!ADBG_EXPECT_CK_OK(c, rv))
2239 goto bail;
2240 if (!count)
2241 break;
2242
2243 rv = C_DestroyObject(session, obj_hdl);
2244 ADBG_EXPECT_CK_OK(c, rv);
2245 }
2246
2247 rv = C_FindObjectsFinal(session);
2248 ADBG_EXPECT_CK_OK(c, rv);
2249
2250 rv = C_Logout(session);
2251 ADBG_EXPECT_CK_OK(c, rv);
2252
2253bail:
2254 rv = C_CloseSession(session);
2255 ADBG_EXPECT_CK_OK(c, rv);
2256}
2257
2258static void xtest_pkcs11_test_1011(ADBG_Case_t *c)
2259{
2260 CK_RV rv = CKR_GENERAL_ERROR;
2261 CK_SLOT_ID slot = 0;
2262 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2263 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2264 CK_OBJECT_HANDLE obj_hdl[10] = { };
2265 CK_OBJECT_HANDLE obj_found[10] = { };
2266 const char *label = "Common Label";
2267 CK_ULONG hdl_count = 0;
2268 size_t n = 0;
2269 uint32_t i = 0;
2270 uint32_t object_id = 0;
2271 bool logged_in = false;
2272 CK_ATTRIBUTE find_template[] = {
2273 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2274 };
2275 CK_ATTRIBUTE find_token_template[] = {
2276 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2277 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2278 };
2279 CK_ATTRIBUTE find_session_template[] = {
2280 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2281 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
2282 };
2283 CK_BBOOL bToken = CK_FALSE;
2284 CK_ATTRIBUTE get_attr_template[] = {
2285 { CKA_TOKEN, &bToken, sizeof(bToken) },
2286 };
2287
2288 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
2289 obj_hdl[n] = CK_INVALID_HANDLE;
2290 for (n = 0; n < ARRAY_SIZE(obj_found); n++)
2291 obj_found[n] = CK_INVALID_HANDLE;
2292
2293 rv = init_lib_and_find_token_slot(&slot);
2294 if (!ADBG_EXPECT_CK_OK(c, rv))
2295 return;
2296
2297 rv = init_test_token(slot);
2298 if (!ADBG_EXPECT_CK_OK(c, rv))
2299 return;
2300
2301 rv = init_user_test_token(slot);
2302 if (!ADBG_EXPECT_CK_OK(c, rv))
2303 return;
2304
2305 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2306 if (!ADBG_EXPECT_CK_OK(c, rv))
2307 goto close_lib;
2308
2309 /*
2310 * Sub test: Create Session Public/Private,
2311 * Token Public/Private objects and find them
2312 */
2313 Do_ADBG_BeginSubCase(c, "Find created Data objects when logged in");
2314
2315 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2316 rv = create_data_object(session, &obj_hdl[object_id++], CK_FALSE,
2317 CK_FALSE, label);
2318 if (!ADBG_EXPECT_CK_OK(c, rv))
2319 goto out;
2320
2321 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2322 rv = create_data_object(session, &obj_hdl[object_id++], CK_TRUE,
2323 CK_FALSE, label);
2324 if (!ADBG_EXPECT_CK_OK(c, rv))
2325 goto out;
2326
2327 /*
2328 * Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE
2329 * Expected error as User not logged in
2330 */
2331 rv = create_data_object(session, &obj_hdl[object_id], CK_TRUE,
2332 CK_TRUE, label);
2333 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2334 goto out;
2335
2336 /* Login to Test Token */
2337 rv = C_Login(session, CKU_USER, test_token_user_pin,
2338 sizeof(test_token_user_pin));
2339 if (!ADBG_EXPECT_CK_OK(c, rv))
2340 goto out;
2341
2342 logged_in = true;
2343
2344 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
2345 rv = create_data_object(session, &obj_hdl[object_id++], CK_TRUE,
2346 CK_TRUE, label);
2347 if (!ADBG_EXPECT_CK_OK(c, rv))
2348 goto out;
2349
2350 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2351 rv = create_data_object(session, &obj_hdl[object_id++], CK_FALSE,
2352 CK_TRUE, label);
2353 if (!ADBG_EXPECT_CK_OK(c, rv))
2354 goto out;
2355
2356 rv = test_find_objects(c, session, find_template,
2357 ARRAY_SIZE(find_template),
2358 obj_found, ARRAY_SIZE(obj_found), 4);
2359 if (!ADBG_EXPECT_CK_OK(c, rv))
2360 goto out;
2361
2362 /*
2363 * Check if object handles returned when creating objects with this
2364 * session are still valid
2365 */
2366 for (i = 0; i < object_id; i++) {
2367 rv = C_GetAttributeValue(session, obj_hdl[i], get_attr_template,
2368 ARRAY_SIZE(get_attr_template));
2369 if (!ADBG_EXPECT_CK_OK(c, rv))
2370 goto out;
2371 }
2372
2373 Do_ADBG_EndSubCase(c, NULL);
2374
2375 /*
2376 * Sub test: Pass NULL template with count as 0. All objects should
2377 * get returned
2378 */
2379 Do_ADBG_BeginSubCase(c, "Find all objects by passing NULL template");
2380
2381 rv = test_find_objects(c, session, NULL, 0, obj_found,
2382 ARRAY_SIZE(obj_found), 4);
2383 if (!ADBG_EXPECT_CK_OK(c, rv))
2384 goto out;
2385
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2386 Do_ADBG_EndSubCase(c, NULL);
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2387
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2388 /*
2389 * Sub test: finalize search without getting the handles found
2390 */
2391 Do_ADBG_BeginSubCase(c, "Initiate and finalize straight a search");
2392
2393 rv = C_FindObjectsInit(session, find_template,
2394 ARRAY_SIZE(find_template));
2395 if (!ADBG_EXPECT_CK_OK(c, rv))
2396 goto out;
2397
2398 rv = C_FindObjectsFinal(session);
2399 if (!ADBG_EXPECT_CK_OK(c, rv))
2400 goto out;
2401
2402 /*
2403 * Check if object handles returned when creating objects with this
2404 * session are still valid
2405 */
2406 for (i = 0; i < object_id; i++) {
2407 rv = C_GetAttributeValue(session, obj_hdl[i], get_attr_template,
2408 ARRAY_SIZE(get_attr_template));
2409 if (!ADBG_EXPECT_CK_OK(c, rv))
2410 goto out;
2411 }
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2412 Do_ADBG_EndSubCase(c, NULL);
2413
2414 /*
2415 * Sub test: Logout and find objects. We will find only public
2416 * objects (2)
2417 */
2418 Do_ADBG_BeginSubCase(c, "Find created Data objects when logged out");
2419
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2420 rv = C_Logout(session);
2421 ADBG_EXPECT_CK_OK(c, rv);
2422
2423 logged_in = false;
2424
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2425 rv = test_find_objects(c, session, find_template,
2426 ARRAY_SIZE(find_template),
2427 obj_found, ARRAY_SIZE(obj_found), 2);
2428 if (!ADBG_EXPECT_CK_OK(c, rv))
2429 goto out;
2430
2431 Do_ADBG_EndSubCase(c, NULL);
2432
2433 /*
2434 * Sub test
2435 */
2436 Do_ADBG_BeginSubCase(c, "Find objects 1 by 1 and match handles");
2437
2438 for (n = 0; n < ARRAY_SIZE(obj_found); n++)
2439 obj_found[n] = CK_INVALID_HANDLE;
2440
2441 rv = C_FindObjectsInit(session, find_template,
2442 ARRAY_SIZE(find_template));
2443 if (!ADBG_EXPECT_CK_OK(c, rv))
2444 goto out;
2445
2446 rv = C_FindObjects(session, obj_found, 1, &hdl_count);
2447 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2448 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 1) ||
2449 !ADBG_EXPECT_TRUE(c, (obj_found[0] == obj_hdl[0]) ||
2450 (obj_found[0] == obj_hdl[1])))
2451 goto out;
2452
2453 rv = C_FindObjects(session, &obj_found[1], 1, &hdl_count);
2454 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2455 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 1) ||
2456 !ADBG_EXPECT_TRUE(c, (obj_found[1] == obj_hdl[0]) ||
2457 (obj_found[1] == obj_hdl[1])) ||
2458 !ADBG_EXPECT_TRUE(c, (obj_found[1] != obj_found[0])))
2459 goto out;
2460
2461 rv = C_FindObjects(session, obj_found, 1, &hdl_count);
2462 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2463 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 0))
2464 goto out;
2465
2466 rv = C_FindObjectsFinal(session);
2467 if (!ADBG_EXPECT_CK_OK(c, rv))
2468 goto out;
2469
2470 Do_ADBG_EndSubCase(c, NULL);
2471
2472 /*
2473 * Sub test: Find objects with CKA_TOKEN=TRUE
2474 */
2475 Do_ADBG_BeginSubCase(c, "Find persistent objects");
2476
2477 rv = test_find_objects(c, session, find_token_template,
2478 ARRAY_SIZE(find_token_template),
2479 obj_found, ARRAY_SIZE(obj_found), 1);
2480 if (!ADBG_EXPECT_CK_OK(c, rv))
2481 goto out;
2482
2483 Do_ADBG_EndSubCase(c, NULL);
2484
2485 /*
2486 * Sub test: Find only session objects
2487 */
2488 Do_ADBG_BeginSubCase(c, "Find session objects");
2489
2490 rv = test_find_objects(c, session, find_session_template,
2491 ARRAY_SIZE(find_session_template),
2492 obj_found, ARRAY_SIZE(obj_found), 1);
2493 if (!ADBG_EXPECT_CK_OK(c, rv))
2494 goto out;
2495
2496 Do_ADBG_EndSubCase(c, NULL);
2497
2498 /*
2499 * Sub test:
2500 */
2501 Do_ADBG_BeginSubCase(c, "Login again and find Data objects");
2502
2503 /* Login to Test Token */
2504 rv = C_Login(session, CKU_USER, test_token_user_pin,
2505 sizeof(test_token_user_pin));
2506 if (!ADBG_EXPECT_CK_OK(c, rv))
2507 goto out;
2508
2509 logged_in = true;
2510
2511 rv = test_find_objects(c, session, find_template,
2512 ARRAY_SIZE(find_template),
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2513 obj_found, ARRAY_SIZE(obj_found), 3);
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2514 if (!ADBG_EXPECT_CK_OK(c, rv))
2515 goto out;
2516
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2517 rv = C_Logout(session);
2518 ADBG_EXPECT_CK_OK(c, rv);
2519
2520 logged_in = false;
2521
2522 Do_ADBG_EndSubCase(c, NULL);
2523
2524 /*
2525 * Sub test: Close session and open new session, find objects
2526 * without logging and after logging
2527 */
2528 Do_ADBG_BeginSubCase(c, "Find objects from brand new session");
2529
2530 rv = C_CloseSession(session);
2531 if (!ADBG_EXPECT_CK_OK(c, rv))
2532 goto destr_obj;
2533
2534 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2535 if (!ADBG_EXPECT_CK_OK(c, rv))
2536 goto destr_obj;
2537
2538 rv = test_find_objects(c, session, find_template,
2539 ARRAY_SIZE(find_template),
2540 obj_found, ARRAY_SIZE(obj_found), 1);
2541 if (!ADBG_EXPECT_CK_OK(c, rv))
2542 goto out;
2543
2544 /* Login to Test Token */
2545 rv = C_Login(session, CKU_USER, test_token_user_pin,
2546 sizeof(test_token_user_pin));
2547 if (!ADBG_EXPECT_CK_OK(c, rv))
2548 goto out;
2549
2550 logged_in = true;
2551
2552 rv = test_find_objects(c, session, find_template,
2553 ARRAY_SIZE(find_template),
2554 obj_found, ARRAY_SIZE(obj_found), 2);
2555 if (!ADBG_EXPECT_CK_OK(c, rv))
2556 goto out;
2557
2558 rv = C_Logout(session);
2559 ADBG_EXPECT_CK_OK(c, rv);
2560
2561 logged_in = false;
2562
2563 Do_ADBG_EndSubCase(c, NULL);
2564
2565 /*
2566 * Sub test: invalid call cases
2567 */
2568 Do_ADBG_BeginSubCase(c, "Invalid cases");
2569
2570 rv = C_FindObjectsFinal(session);
2571 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
2572
2573 rv = C_FindObjects(session,
2574 obj_found, ARRAY_SIZE(obj_found), &hdl_count);
2575 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
2576
2577 rv = C_FindObjectsInit(session, find_template,
2578 ARRAY_SIZE(find_template));
2579 if (!ADBG_EXPECT_CK_OK(c, rv))
2580 goto out;
2581
2582 rv = C_FindObjectsInit(session, find_template,
2583 ARRAY_SIZE(find_template));
2584 ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK);
2585
2586 rv = C_FindObjectsFinal(session);
2587 ADBG_EXPECT_CK_OK(c, rv);
2588
2589 rv = C_FindObjectsInit(session, find_template,
2590 ARRAY_SIZE(find_template));
2591 ADBG_EXPECT_CK_OK(c, rv);
2592
2593 /*
2594 * Intentionally do not finalize the active object search. It should be
2595 * released together with the session closure.
2596 */
2597 Do_ADBG_EndSubCase(c, NULL);
2598
2599out:
2600 if (logged_in)
2601 ADBG_EXPECT_CK_OK(c, C_Logout(session));
2602
2603 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2604
2605destr_obj:
2606 destroy_persistent_objects(c, slot);
2607close_lib:
2608 ADBG_EXPECT_CK_OK(c, close_lib());
2609}
2610ADBG_CASE_DEFINE(pkcs11, 1011, xtest_pkcs11_test_1011,
2611 "PKCS11: Test Find Objects");
Vesa Jääskeläinen33ada292021-01-13 23:17:55 +0200[diff] [blame]2612
2613static void xtest_pkcs11_test_1012(ADBG_Case_t *c)
2614{
2615 CK_RV rv = CKR_GENERAL_ERROR;
2616 CK_SLOT_ID slot = 0;
2617 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2618 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2619 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2620 CK_OBJECT_HANDLE key_hdl = CK_INVALID_HANDLE;
2621 size_t i = 0;
2622
2623 CK_OBJECT_CLASS obj_class = CKO_DATA;
2624 CK_BBOOL obj_token = CK_FALSE;
2625 CK_BBOOL obj_private = CK_FALSE;
2626 uint8_t obj_value[5] = { 1, 2, 3, 4, 5 };
2627 const char *obj_label = "Label";
2628
2629 CK_ATTRIBUTE object_template[] = {
2630 { CKA_CLASS, &obj_class, sizeof(obj_class) },
2631 { CKA_TOKEN, &obj_token, sizeof(obj_token) },
2632 { CKA_PRIVATE, &obj_private, sizeof(obj_private) },
2633 { CKA_VALUE, obj_value, sizeof(obj_value) },
2634 { CKA_LABEL, (CK_UTF8CHAR_PTR)obj_label, strlen(obj_label) },
2635 };
2636
2637 CK_OBJECT_CLASS secret_class = CKO_SECRET_KEY;
2638 CK_BBOOL secret_token = CK_FALSE;
2639 CK_BBOOL secret_private = CK_FALSE;
2640 CK_KEY_TYPE secret_key_type = CKK_GENERIC_SECRET;
2641 CK_ULONG secret_len = 32;
2642 CK_MECHANISM_TYPE secret_allowed_mecha[] = { CKM_SHA_1_HMAC,
2643 CKM_SHA224_HMAC,
2644 CKM_SHA256_HMAC };
2645
2646 CK_ATTRIBUTE secret_template[] = {
2647 { CKA_CLASS, &secret_class, sizeof(secret_class) },
2648 { CKA_TOKEN, &secret_token, sizeof(secret_token) },
2649 { CKA_PRIVATE, &secret_private, sizeof(secret_private) },
2650 { CKA_KEY_TYPE, &secret_key_type, sizeof(secret_key_type) },
2651 { CKA_VALUE_LEN, &secret_len, sizeof(secret_len) },
2652 { CKA_ALLOWED_MECHANISMS, secret_allowed_mecha,
2653 sizeof(secret_allowed_mecha) }
2654 };
2655
2656 CK_BBOOL g_token = CK_TRUE;
2657 CK_BBOOL g_private = CK_TRUE;
2658 CK_OBJECT_CLASS g_class = ~0;
2659 uint8_t g_value[128] = { 0 };
2660 CK_MECHANISM_TYPE g_mecha_list[10] = { 0 };
2661
2662 uint8_t *data_ptr = NULL;
2663
2664 CK_ATTRIBUTE get_attr_template_bc[] = {
2665 { CKA_TOKEN, &g_token, sizeof(g_token) },
2666 { CKA_CLASS, &g_class, sizeof(g_class) },
2667 };
2668
2669 CK_ATTRIBUTE get_attr_template_cb[] = {
2670 { CKA_CLASS, &g_class, sizeof(g_class) },
2671 { CKA_TOKEN, &g_token, sizeof(g_token) },
2672 };
2673
2674 CK_ATTRIBUTE get_attr_template_ve[] = {
2675 { CKA_VALUE, &g_value, sizeof(obj_value) },
2676 };
2677
2678 CK_ATTRIBUTE get_attr_template_vl[] = {
2679 { CKA_VALUE, &g_value, sizeof(g_value) },
2680 };
2681
2682 CK_ATTRIBUTE get_attr_template_bvecb[] = {
2683 { CKA_TOKEN, &g_token, sizeof(g_token) },
2684 { CKA_VALUE, &g_value, sizeof(obj_value) },
2685 { CKA_CLASS, &g_class, sizeof(g_class) },
2686 { CKA_TOKEN, &g_private, sizeof(g_private) },
2687 };
2688
2689 CK_ATTRIBUTE get_attr_template_bvlcb[] = {
2690 { CKA_TOKEN, &g_token, sizeof(g_token) },
2691 { CKA_VALUE, &g_value, sizeof(g_value) },
2692 { CKA_CLASS, &g_class, sizeof(g_class) },
2693 { CKA_TOKEN, &g_private, sizeof(g_private) },
2694 };
2695
2696 CK_ATTRIBUTE get_attr_template_am[] = {
2697 { CKA_ALLOWED_MECHANISMS, &g_mecha_list, sizeof(g_mecha_list) },
2698 };
2699
2700 rv = init_lib_and_find_token_slot(&slot);
2701 if (!ADBG_EXPECT_CK_OK(c, rv))
2702 return;
2703
2704 rv = init_test_token(slot);
2705 if (!ADBG_EXPECT_CK_OK(c, rv))
2706 goto close_lib;
2707
2708 rv = init_user_test_token(slot);
2709 if (!ADBG_EXPECT_CK_OK(c, rv))
2710 goto close_lib;
2711
2712 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2713 if (!ADBG_EXPECT_CK_OK(c, rv))
2714 goto close_lib;
2715
2716 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2717 rv = C_CreateObject(session, object_template,
2718 ARRAY_SIZE(object_template), &obj_hdl);
2719 if (!ADBG_EXPECT_CK_OK(c, rv))
2720 goto out;
2721
2722 /*
2723 * Sub test: Test Boolean (1 byte) + object class (CK_ULONG)
2724 */
2725 Do_ADBG_BeginSubCase(c, "Get Attribute - boolean + class");
2726 g_token = CK_TRUE;
2727 g_class = ~0;
2728
2729 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bc,
2730 ARRAY_SIZE(get_attr_template_bc));
2731 if (!ADBG_EXPECT_CK_OK(c, rv))
2732 goto out;
2733
2734 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2735 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2736
2737 Do_ADBG_EndSubCase(c, NULL);
2738
2739 /*
2740 * Sub test: object class (CK_ULONG) + Test Boolean (1 byte)
2741 */
2742 Do_ADBG_BeginSubCase(c, "Get Attribute - class + boolean");
2743 g_token = CK_TRUE;
2744 g_class = ~0;
2745
2746 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_cb,
2747 ARRAY_SIZE(get_attr_template_cb));
2748 if (!ADBG_EXPECT_CK_OK(c, rv))
2749 goto out;
2750
2751 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2752 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2753
2754 Do_ADBG_EndSubCase(c, NULL);
2755
2756 /*
2757 * Sub test: value with exact size
2758 */
2759 Do_ADBG_BeginSubCase(c, "Get Attribute - value with exact size buffer");
2760 memset(g_value, 0xCC, sizeof(g_value));
2761
2762 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_ve,
2763 ARRAY_SIZE(get_attr_template_ve));
2764 if (!ADBG_EXPECT_CK_OK(c, rv))
2765 goto out;
2766
2767 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_ve[0].ulValueLen, ==, sizeof(obj_value));
2768 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2769 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2770 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2771 break;
2772
2773 Do_ADBG_EndSubCase(c, NULL);
2774
2775 /*
2776 * Sub test: value with larger buffer
2777 */
2778 Do_ADBG_BeginSubCase(c, "Get Attribute - value with larger buffer");
2779 memset(g_value, 0xCC, sizeof(g_value));
2780
2781 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_vl,
2782 ARRAY_SIZE(get_attr_template_vl));
2783 if (!ADBG_EXPECT_CK_OK(c, rv))
2784 goto out;
2785
2786 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_vl[0].ulValueLen, ==, sizeof(obj_value));
2787 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2788 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2789 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2790 break;
2791
2792 Do_ADBG_EndSubCase(c, NULL);
2793
2794 /*
2795 * Sub test: bool + value with exact size + class + bool
2796 */
2797 Do_ADBG_BeginSubCase(c, "Get Attribute - bool + value with exact size + class + bool");
2798 memset(g_value, 0xCC, sizeof(g_value));
2799 g_token = CK_TRUE;
2800 g_private = CK_TRUE;
2801 g_class = ~0;
2802
2803 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bvecb,
2804 ARRAY_SIZE(get_attr_template_bvecb));
2805 if (!ADBG_EXPECT_CK_OK(c, rv))
2806 goto out;
2807
2808 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_bvecb[1].ulValueLen,
2809 ==, sizeof(obj_value));
2810 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2811 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2812 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2813 break;
2814
2815 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2816 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2817 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE);
2818
2819 Do_ADBG_EndSubCase(c, NULL);
2820
2821 /*
2822 * Sub test: bool + value with larger buffer + class + bool
2823 */
2824 Do_ADBG_BeginSubCase(c, "Get Attribute - bool + value with larger buffer + class + bool");
2825 memset(g_value, 0xCC, sizeof(g_value));
2826 g_token = CK_TRUE;
2827 g_private = CK_TRUE;
2828 g_class = ~0;
2829
2830 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bvlcb,
2831 ARRAY_SIZE(get_attr_template_bvlcb));
2832 if (!ADBG_EXPECT_CK_OK(c, rv))
2833 goto out;
2834
2835 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_bvlcb[1].ulValueLen,
2836 ==, sizeof(obj_value));
2837 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2838 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2839 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2840 break;
2841
2842 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2843 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2844 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE);
2845
2846 Do_ADBG_EndSubCase(c, NULL);
2847
2848 /*
2849 * Sub test: allowed mechanism list
2850 */
2851 Do_ADBG_BeginSubCase(c, "Get Attribute - allowed mechanism list");
2852 memset(g_mecha_list, 0xCC, sizeof(g_mecha_list));
2853
2854 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2855 secret_template, ARRAY_SIZE(secret_template),
2856 &key_hdl);
2857 if (!ADBG_EXPECT_CK_OK(c, rv))
2858 goto out;
2859
2860 rv = C_GetAttributeValue(session, key_hdl, get_attr_template_am,
2861 ARRAY_SIZE(get_attr_template_am));
2862 if (!ADBG_EXPECT_CK_OK(c, rv))
2863 goto out;
2864
2865 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_am[0].ulValueLen, ==,
2866 sizeof(secret_allowed_mecha));
2867
2868 for (i = 0; i < sizeof(secret_allowed_mecha) / sizeof(*secret_allowed_mecha); i++)
2869 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_mecha_list[i], ==, secret_allowed_mecha[i]))
2870 break;
2871
2872 data_ptr = (uint8_t *)g_mecha_list;
2873 for (i = sizeof(secret_allowed_mecha); i < sizeof(g_mecha_list); i++)
2874 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, data_ptr[i], ==, 0xCC))
2875 break;
2876
2877 Do_ADBG_EndSubCase(c, NULL);
2878
2879out:
2880 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2881
2882close_lib:
2883 ADBG_EXPECT_CK_OK(c, close_lib());
2884}
2885ADBG_CASE_DEFINE(pkcs11, 1012, xtest_pkcs11_test_1012,
2886 "PKCS11: Serializer tests");
Ruchika Guptafdabbfa2021-01-25 11:55:18 +0530[diff] [blame]2887
2888static void xtest_pkcs11_test_1013(ADBG_Case_t *c)
2889{
2890 CK_RV rv = CKR_GENERAL_ERROR;
2891 CK_SLOT_ID slot = 0;
2892 CK_SESSION_HANDLE rw_session = CK_INVALID_HANDLE;
2893 CK_SESSION_HANDLE ro_session = CK_INVALID_HANDLE;
2894 CK_FLAGS rw_session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2895 CK_FLAGS ro_session_flags = CKF_SERIAL_SESSION;
2896 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2897 const char *label = "Dummy Objects";
2898 bool ro_logged_in = false;
2899
2900 rv = init_lib_and_find_token_slot(&slot);
2901 if (!ADBG_EXPECT_CK_OK(c, rv))
2902 return;
2903
2904 rv = init_test_token(slot);
2905 if (!ADBG_EXPECT_CK_OK(c, rv))
2906 goto close_lib;
2907
2908 rv = init_user_test_token(slot);
2909 if (!ADBG_EXPECT_CK_OK(c, rv))
2910 goto close_lib;
2911
2912 /* Open a RW session */
2913 rv = C_OpenSession(slot, rw_session_flags, NULL, 0, &rw_session);
2914 if (!ADBG_EXPECT_CK_OK(c, rv))
2915 goto close_lib;
2916
2917 /* Open a RO session */
2918 rv = C_OpenSession(slot, ro_session_flags, NULL, 0, &ro_session);
2919 if (!ADBG_EXPECT_CK_OK(c, rv))
2920 goto close_lib;
2921
2922 /*
2923 * Sub test: Check object creation from a R/O Public session
2924 */
2925 Do_ADBG_BeginSubCase(c, "Create objects in R/O Public Session");
2926
2927 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2928 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
2929 CK_FALSE, label);
2930 if (!ADBG_EXPECT_CK_OK(c, rv))
2931 goto out;
2932
2933 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2934 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
2935 CK_TRUE, label);
2936 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2937 goto out;
2938
2939 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2940 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
2941 CK_FALSE, label);
2942 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
2943 goto out;
2944
2945 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
2946 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
2947 CK_TRUE, label);
2948 /* For Token object creation, SESSION_READ_ONLY will take priority */
2949 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
2950 goto out;
2951
2952 Do_ADBG_EndSubCase(c, NULL);
2953
2954 /*
2955 * Sub test: Check access for a R/W Public session
2956 */
2957 Do_ADBG_BeginSubCase(c, "Create objects in R/O Public Session");
2958
2959 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2960 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
2961 CK_FALSE, label);
2962 if (!ADBG_EXPECT_CK_OK(c, rv))
2963 goto out;
2964
2965 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2966 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
2967 CK_TRUE, label);
2968 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2969 goto out;
2970
2971 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2972 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
2973 CK_FALSE, label);
2974 if (!ADBG_EXPECT_CK_OK(c, rv))
2975 goto out;
2976
2977 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
2978 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
2979 CK_TRUE, label);
2980 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2981 goto out;
2982
2983 Do_ADBG_EndSubCase(c, NULL);
2984
2985 /*
2986 * Sub test: Check access for a R/O User session
2987 */
2988 Do_ADBG_BeginSubCase(c, "Create objects in R/O User Session");
2989
2990 /* Login to Test Token */
2991 rv = C_Login(ro_session, CKU_USER, test_token_user_pin,
2992 sizeof(test_token_user_pin));
2993 if (!ADBG_EXPECT_CK_OK(c, rv))
2994 goto out;
2995
2996 ro_logged_in = true;
2997
2998 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2999 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3000 CK_FALSE, label);
3001 if (!ADBG_EXPECT_CK_OK(c, rv))
3002 goto out;
3003
3004 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3005 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3006 CK_TRUE, label);
3007 if (!ADBG_EXPECT_CK_OK(c, rv))
3008 goto out;
3009
3010 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3011 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3012 CK_FALSE, label);
3013 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3014 goto out;
3015
3016 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3017 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3018 CK_TRUE, label);
3019 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3020 goto out;
3021
3022 Do_ADBG_EndSubCase(c, NULL);
3023
3024 /*
3025 * Sub test: Check access for a R/W User session
3026 */
3027 Do_ADBG_BeginSubCase(c, "Create objects in R/W User Session");
3028
3029 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3030 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3031 CK_FALSE, label);
3032 if (!ADBG_EXPECT_CK_OK(c, rv))
3033 goto out;
3034
3035 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3036 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3037 CK_TRUE, label);
3038 if (!ADBG_EXPECT_CK_OK(c, rv))
3039 goto out;
3040
3041 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3042 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3043 CK_FALSE, label);
3044 if (!ADBG_EXPECT_CK_OK(c, rv))
3045 goto out;
3046
3047 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3048 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3049 CK_TRUE, label);
3050 if (!ADBG_EXPECT_CK_OK(c, rv))
3051 goto out;
3052
3053 /* Log out */
3054 ADBG_EXPECT_CK_OK(c, C_Logout(ro_session));
3055 ro_logged_in = false;
3056
3057 /* Close RO session */
3058 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3059 ro_session = CK_INVALID_HANDLE;
3060
3061 Do_ADBG_EndSubCase(c, NULL);
3062
3063 /*
3064 * Sub test: Check access for a R/W SO session
3065 */
3066 Do_ADBG_BeginSubCase(c, "Create objects in R/W SO Session");
3067
3068 /* Login as security officer in RW session */
3069 rv = C_Login(rw_session, CKU_SO, test_token_so_pin,
3070 sizeof(test_token_so_pin));
3071 if (!ADBG_EXPECT_CK_OK(c, rv))
3072 goto out;
3073
3074 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3075 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3076 CK_FALSE, label);
3077 if (!ADBG_EXPECT_CK_OK(c, rv))
3078 goto logout;
3079
3080 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3081 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3082 CK_TRUE, label);
3083 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3084 goto logout;
3085
3086 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3087 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3088 CK_FALSE, label);
3089 if (!ADBG_EXPECT_CK_OK(c, rv))
3090 goto logout;
3091
3092 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3093 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3094 CK_TRUE, label);
3095 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3096 goto logout;
3097
3098logout:
3099 ADBG_EXPECT_CK_OK(c, C_Logout(rw_session));
3100out:
3101 if (ro_logged_in)
3102 ADBG_EXPECT_CK_OK(c, C_Logout(ro_session));
3103
3104 if (ro_session != CK_INVALID_HANDLE)
3105 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3106
3107 ADBG_EXPECT_CK_OK(c, C_CloseSession(rw_session));
3108
3109 Do_ADBG_EndSubCase(c, NULL);
3110
3111 destroy_persistent_objects(c, slot);
3112close_lib:
3113 ADBG_EXPECT_CK_OK(c, close_lib());
3114
3115}
3116ADBG_CASE_DEFINE(pkcs11, 1013, xtest_pkcs11_test_1013,
3117 "PKCS11: Object creation upon session type");
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3118
3119static void xtest_pkcs11_test_1014(ADBG_Case_t *c)
3120{
3121 CK_RV rv = CKR_GENERAL_ERROR;
3122 CK_SLOT_ID slot = 0;
3123 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3124 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3125 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
3126 const char *id = "1";
3127 const char *label = "Dummy Objects";
3128 const char *new_label = "New Object lable";
3129 size_t n = 0;
3130 char *g_label[100] = { };
3131 char *g_id[100] = { };
3132 CK_MECHANISM_TYPE secret_allowed_mecha[] = { CKM_SHA_1_HMAC,
3133 CKM_SHA224_HMAC,
3134 CKM_SHA256_HMAC };
3135 CK_ATTRIBUTE secret_key_template[] = {
3136 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3137 sizeof(CK_OBJECT_CLASS) },
3138 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3139 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3140 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3141 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3142 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3143 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3144 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
3145 sizeof(CK_KEY_TYPE) },
3146 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
3147 { CKA_VALUE_LEN, &(CK_ULONG){16 * 8}, sizeof(CK_ULONG) },
3148 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3149 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3150 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3151 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3152 { CKA_ALLOWED_MECHANISMS, secret_allowed_mecha,
3153 sizeof(secret_allowed_mecha) },
3154 };
3155 CK_BBOOL g_derive = CK_FALSE;
3156 CK_BBOOL g_sign = CK_FALSE;
3157 CK_BBOOL g_verify = CK_FALSE;
3158 CK_BBOOL g_encrypt = CK_FALSE;
3159 CK_BBOOL g_decrypt = CK_FALSE;
3160 CK_BBOOL g_wrap = CK_FALSE;
3161 CK_BBOOL g_unwrap = CK_FALSE;
3162 CK_ATTRIBUTE get_template[] = {
3163 { CKA_LABEL, (CK_UTF8CHAR_PTR)g_label, sizeof(g_label) },
3164 { CKA_ID, (CK_BYTE_PTR)g_id, sizeof(g_id) },
3165 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
3166 { CKA_SIGN, &g_sign, sizeof(CK_BBOOL) },
3167 { CKA_VERIFY, &g_verify, sizeof(CK_BBOOL) },
3168 { CKA_ENCRYPT, &g_encrypt, sizeof(CK_BBOOL) },
3169 { CKA_DECRYPT, &g_decrypt, sizeof(CK_BBOOL) },
3170 { CKA_WRAP, &g_wrap, sizeof(CK_BBOOL) },
3171 { CKA_UNWRAP, &g_unwrap, sizeof(CK_BBOOL) },
3172 };
3173 CK_ATTRIBUTE set_template[] = {
3174 { CKA_LABEL, (CK_UTF8CHAR_PTR)new_label, strlen(new_label) },
3175 { CKA_ID, (CK_BYTE_PTR)id, strlen(id) },
3176 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3177 { CKA_WRAP, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3178 { CKA_UNWRAP, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3179 { CKA_SIGN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3180 { CKA_VERIFY, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3181 { CKA_ENCRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3182 { CKA_DECRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3183 /* CKA_SENSITIVE -> CK_FALSE to CK_TRUE is allowed */
3184 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3185 /* CKA_EXTRACTABLE -> CK_TRUE to CK_FALSE is allowed */
3186 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3187 /* CKA_COPYABLE -> CK_TRUE to CK_FALSE is allowed */
3188 { CKA_COPYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3189 };
3190 CK_ATTRIBUTE set_inv_template1[] = {
3191 /* Attributes Not Modifiable */
3192 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA},
3193 sizeof(CK_OBJECT_CLASS) },
3194 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3195 { CKA_ALWAYS_SENSITIVE, &(CK_BBOOL){CK_FALSE},
3196 sizeof(CK_BBOOL) },
3197 { CKA_NEVER_EXTRACTABLE, &(CK_BBOOL){CK_FALSE},
3198 sizeof(CK_BBOOL) },
3199 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3200 { CKA_PRIVATE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3201 { CKA_MODIFIABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3202 { CKA_DESTROYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3203 /* Change not allowed from CK_TRUE -> CK_FALSE */
3204 { CKA_SENSITIVE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3205 /* Change not allowed from CK_FALSE -> CK_TRUE */
3206 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3207 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3208 };
3209 CK_ATTRIBUTE set_inv_template2[] = {
3210 { CKA_APPLICATION, (CK_UTF8CHAR_PTR)label, sizeof(label) },
3211 };
3212 CK_ATTRIBUTE set_trusted_template[] = {
3213 { CKA_TRUSTED, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3214 };
3215
3216 rv = init_lib_and_find_token_slot(&slot);
3217 if (!ADBG_EXPECT_CK_OK(c, rv))
3218 return;
3219
3220 rv = init_test_token(slot);
3221 if (!ADBG_EXPECT_CK_OK(c, rv))
3222 goto close_lib;
3223
3224 rv = init_user_test_token(slot);
3225 if (!ADBG_EXPECT_CK_OK(c, rv))
3226 goto close_lib;
3227
3228 /* Open a RW session */
3229 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3230 if (!ADBG_EXPECT_CK_OK(c, rv))
3231 goto close_lib;
3232
3233 /* Create a secret key object */
3234 rv = C_CreateObject(session, secret_key_template,
3235 ARRAY_SIZE(secret_key_template), &obj_hdl);
3236 if (!ADBG_EXPECT_CK_OK(c, rv))
3237 goto close_session;
3238
3239 Do_ADBG_BeginSubCase(c, "Set attributes on secret key object");
3240
3241 rv = C_GetAttributeValue(session, obj_hdl, get_template,
3242 ARRAY_SIZE(get_template));
3243 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3244 !ADBG_EXPECT_BUFFER(c, label, strlen(label), g_label,
3245 get_template[0].ulValueLen) ||
3246 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
3247 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_FALSE) ||
3248 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_FALSE) ||
3249 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_TRUE) ||
3250 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_TRUE) ||
3251 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_TRUE) ||
3252 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_TRUE) ||
3253 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_template[1].ulValueLen, ==, 0))
3254 goto out;
3255
3256 rv = C_SetAttributeValue(session, obj_hdl, set_template,
3257 ARRAY_SIZE(set_template));
3258 if (!ADBG_EXPECT_CK_OK(c, rv))
3259 goto out;
3260
3261 get_template[0].ulValueLen = sizeof(g_label);
3262 get_template[1].ulValueLen = sizeof(g_id);
3263 rv = C_GetAttributeValue(session, obj_hdl, get_template,
3264 ARRAY_SIZE(get_template));
3265 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3266 !ADBG_EXPECT_BUFFER(c, new_label, strlen(new_label), g_label,
3267 get_template[0].ulValueLen) ||
3268 !ADBG_EXPECT_BUFFER(c, id, strlen(id), g_id,
3269 get_template[1].ulValueLen) ||
3270 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_TRUE) ||
3271 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_TRUE) ||
3272 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_TRUE) ||
3273 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_FALSE) ||
3274 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_FALSE) ||
3275 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_FALSE) ||
3276 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_FALSE))
3277 goto out;
3278
3279 Do_ADBG_EndSubCase(c, NULL);
3280
3281 Do_ADBG_BeginSubCase(c, "Test Invalid template with R/O Attributes");
3282
3283 for (n = 0; n < ARRAY_SIZE(set_inv_template1); n++) {
3284 rv = C_SetAttributeValue(session, obj_hdl,
3285 &set_inv_template1[n], 1);
3286 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_READ_ONLY, rv))
3287 goto out;
3288 }
3289
3290 Do_ADBG_EndSubCase(c, NULL);
3291
3292 Do_ADBG_BeginSubCase(c, "Test Invalid template with Invalid Attribute");
3293
3294 rv = C_SetAttributeValue(session, obj_hdl, set_inv_template2,
3295 ARRAY_SIZE(set_inv_template2));
3296 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_TYPE_INVALID, rv))
3297 goto out;
3298
3299 Do_ADBG_EndSubCase(c, NULL);
3300
3301 Do_ADBG_BeginSubCase(c, "Set CKA_TRUSTED with and w/o SO Login");
3302
3303 rv = C_SetAttributeValue(session, obj_hdl, set_trusted_template,
3304 ARRAY_SIZE(set_trusted_template));
3305 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_READ_ONLY, rv))
3306 goto out;
3307
3308 /* Login as SO in RW session */
3309 rv = C_Login(session, CKU_SO, test_token_so_pin,
3310 sizeof(test_token_so_pin));
3311 if (!ADBG_EXPECT_CK_OK(c, rv))
3312 goto out;
3313
3314 rv = C_SetAttributeValue(session, obj_hdl, set_trusted_template,
3315 ARRAY_SIZE(set_trusted_template));
3316 ADBG_EXPECT_CK_OK(c, rv);
3317
3318 ADBG_EXPECT_CK_OK(c, C_Logout(session));
3319out:
3320 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, obj_hdl));
3321
3322 Do_ADBG_EndSubCase(c, NULL);
3323
3324close_session:
3325 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
3326
3327close_lib:
3328 ADBG_EXPECT_CK_OK(c, close_lib());
3329}
3330ADBG_CASE_DEFINE(pkcs11, 1014, xtest_pkcs11_test_1014,
3331 "PKCS11: Test C_SetAttributeValue()");
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame^]3332
3333static void xtest_pkcs11_test_1015(ADBG_Case_t *c)
3334{
3335 CK_RV rv = CKR_GENERAL_ERROR;
3336 CK_SLOT_ID slot = 0;
3337 CK_SESSION_HANDLE rw_session = CK_INVALID_HANDLE;
3338 CK_SESSION_HANDLE ro_session = CK_INVALID_HANDLE;
3339 CK_FLAGS rw_session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3340 CK_FLAGS ro_session_flags = CKF_SERIAL_SESSION;
3341 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
3342 CK_OBJECT_HANDLE obj_hdl_ro = CK_INVALID_HANDLE;
3343 CK_OBJECT_HANDLE obj_hdl_cp = CK_INVALID_HANDLE;
3344 const char *label = "Dummy Objects";
3345 CK_ATTRIBUTE secret_key_template[] = {
3346 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3347 sizeof(CK_OBJECT_CLASS) },
3348 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
3349 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3350 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3351 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3352 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3353 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3354 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3355 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3356 };
3357 CK_BBOOL g_token = CK_FALSE;
3358 CK_BBOOL g_private = CK_FALSE;
3359 CK_BBOOL g_modify = CK_FALSE;
3360 CK_BBOOL g_copy = CK_FALSE;
3361 CK_BBOOL g_destroy = CK_FALSE;
3362 CK_BBOOL g_extract = CK_FALSE;
3363 CK_BBOOL g_sensitive = CK_FALSE;
3364 CK_BBOOL g_nextract = CK_FALSE;
3365 CK_BBOOL g_asensitive = CK_FALSE;
3366 CK_BBOOL g_local = CK_FALSE;
3367 CK_ATTRIBUTE get_template[] = {
3368 { CKA_TOKEN, &g_token, sizeof(CK_BBOOL) },
3369 { CKA_PRIVATE, &g_private, sizeof(CK_BBOOL) },
3370 { CKA_MODIFIABLE, &g_modify, sizeof(CK_BBOOL) },
3371 { CKA_COPYABLE, &g_copy, sizeof(CK_BBOOL) },
3372 { CKA_DESTROYABLE, &g_destroy, sizeof(CK_BBOOL) },
3373 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
3374 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
3375 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
3376 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
3377 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
3378 };
3379 CK_ATTRIBUTE copy_template[] = {
3380 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3381 { CKA_MODIFIABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3382 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3383 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3384 };
3385 CK_ATTRIBUTE copy_template_inv[] = {
3386 { CKA_APPLICATION, (CK_UTF8CHAR_PTR)label, sizeof(label) },
3387 };
3388 CK_ATTRIBUTE copy_template_priv[] = {
3389 { CKA_PRIVATE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3390 };
3391 CK_ATTRIBUTE set_template[] = {
3392 { CKA_COPYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3393 };
3394
3395 rv = init_lib_and_find_token_slot(&slot);
3396 if (!ADBG_EXPECT_CK_OK(c, rv))
3397 return;
3398
3399 rv = init_test_token(slot);
3400 if (!ADBG_EXPECT_CK_OK(c, rv))
3401 goto close_lib;
3402
3403 rv = init_user_test_token(slot);
3404 if (!ADBG_EXPECT_CK_OK(c, rv))
3405 goto close_lib;
3406
3407 /* Open a RW session */
3408 rv = C_OpenSession(slot, rw_session_flags, NULL, 0, &rw_session);
3409 if (!ADBG_EXPECT_CK_OK(c, rv))
3410 goto close_lib;
3411
3412 /* Open a RO session */
3413 rv = C_OpenSession(slot, ro_session_flags, NULL, 0, &ro_session);
3414 if (!ADBG_EXPECT_CK_OK(c, rv))
3415 goto close_session;
3416
3417 /* Generate a secret key object in rw session */
3418 rv = C_GenerateKey(rw_session, &cktest_aes_keygen_mechanism,
3419 secret_key_template,
3420 ARRAY_SIZE(secret_key_template), &obj_hdl);
3421 if (!ADBG_EXPECT_CK_OK(c, rv))
3422 goto close_session;
3423
3424 /* Check its attribute values */
3425 rv = C_GetAttributeValue(rw_session, obj_hdl, get_template,
3426 ARRAY_SIZE(get_template));
3427 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3428 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3429 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3430 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3431 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3432 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3433 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
3434 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3435 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3436 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3437 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3438 goto close_session;
3439
3440 /* Create a secret key object in ro session*/
3441 rv = C_CreateObject(ro_session, secret_key_template,
3442 ARRAY_SIZE(secret_key_template), &obj_hdl_ro);
3443 if (!ADBG_EXPECT_CK_OK(c, rv))
3444 goto close_session;
3445
3446 /*
3447 * Duplicate the object generated in RW session using C_GenerateKey() to
3448 * another object. Pass Template as NULL and test the attributes of
3449 * new created object.
3450 */
3451 Do_ADBG_BeginSubCase(c, "Copy Local Obj with NULL Template");
3452 rv = C_CopyObject(rw_session, obj_hdl, NULL, 0, &obj_hdl_cp);
3453 if (!ADBG_EXPECT_CK_OK(c, rv))
3454 goto out;
3455
3456 /*
3457 * Check its attribute values, should match the original object.
3458 * CKA_LOCAL shall be TRUE even in copied object as original object
3459 * was generated using C_GenerateKey()
3460 */
3461 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_template,
3462 ARRAY_SIZE(get_template));
3463 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3464 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3465 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3466 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3467 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3468 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3469 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
3470 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3471 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3472 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3473 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3474 goto out;
3475
3476 rv = C_DestroyObject(rw_session, obj_hdl_cp);
3477 if (!ADBG_EXPECT_CK_OK(c, rv))
3478 goto out;
3479
3480 obj_hdl_cp = CK_INVALID_HANDLE;
3481
3482 Do_ADBG_EndSubCase(c, NULL);
3483
3484 /*
3485 * Duplicate the object generated in RO session using C_CreateObject()
3486 * to another object. Pass Template as NULL and test the attributes of
3487 * new created object.
3488 */
3489 Do_ADBG_BeginSubCase(c, "Copy a non-local object with NULL Template");
3490
3491 /* Copy ro session object */
3492 rv = C_CopyObject(ro_session, obj_hdl_ro, NULL, 0, &obj_hdl_cp);
3493 if (!ADBG_EXPECT_CK_OK(c, rv))
3494 goto out;
3495
3496 /*
3497 * Check its attribute values, should match the original object.
3498 * CKA_LOCAL shall be FALSE even in copied object as original object
3499 * was generated using C_CreateObject()
3500 */
3501 rv = C_GetAttributeValue(ro_session, obj_hdl_cp, get_template,
3502 ARRAY_SIZE(get_template));
3503 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3504 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3505 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3506 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3507 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3508 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3509 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
3510 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3511 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3512 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3513 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3514 goto out;
3515
3516 rv = C_DestroyObject(ro_session, obj_hdl_cp);
3517 if (!ADBG_EXPECT_CK_OK(c, rv))
3518 goto out;
3519
3520 obj_hdl_cp = CK_INVALID_HANDLE;
3521
3522 Do_ADBG_EndSubCase(c, NULL);
3523
3524 /*
3525 * Test copying object with a valid template and check if attributes
3526 * get modified as indicated in the template. Checks modification of
3527 * attributes like CKA_TOKEN, CKA_MODIFIABLE which were not modifiable
3528 * via C_SetAttributeValue(). Also modifies the CKA_SENSITIVE,
3529 * CKA_EXTRACTABLE and checks corresponding values of RO attributes
3530 * CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE.
3531 */
3532 Do_ADBG_BeginSubCase(c, "Copy Object with Valid Template");
3533
3534 /*
3535 * Copy Session Object as a Token object
3536 * Properties CKA_MODIFIABLE turned to FALSE
3537 * CKA_EXTRACTABLE changed from TRUE to FALSE
3538 * CKA_NEVER_EXTRACTABLE should be FALSE.
3539 * CKA_SENSITIVE set to TRUE
3540 * However CKA_ALWAYS_SENSITIVE should be FALSE
3541 */
3542 rv = C_CopyObject(rw_session, obj_hdl, copy_template,
3543 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3544 if (!ADBG_EXPECT_CK_OK(c, rv))
3545 goto out;
3546
3547 /* Check the changed attribute values */
3548 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_template,
3549 ARRAY_SIZE(get_template));
3550 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3551 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_TRUE) ||
3552 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_FALSE) ||
3553 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
3554 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3555 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
3556 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3557 goto out;
3558
3559 /*
3560 * The copied object has CKA_MODIFIABLE set to FALSE. Check if
3561 * call to C_SetAttributeValue() returns CKR_ACTION_PROHIBITED
3562 */
3563 rv = C_SetAttributeValue(rw_session, obj_hdl_cp, set_template,
3564 ARRAY_SIZE(set_template));
3565 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ACTION_PROHIBITED, rv))
3566 goto out;
3567
3568 rv = C_DestroyObject(rw_session, obj_hdl_cp);
3569 if (!ADBG_EXPECT_CK_OK(c, rv))
3570 goto out;
3571
3572 obj_hdl_cp = CK_INVALID_HANDLE;
3573
3574 Do_ADBG_EndSubCase(c, NULL);
3575
3576 /*
3577 * Test changing the CKA_PRIVATE to TRUE when copying object.
3578 * Fails when user is not logged in. Passes after user logs in
3579 */
3580 Do_ADBG_BeginSubCase(c, "Copy Object as a Private Object");
3581
3582 /* The first attempt will fail as user is not logged in */
3583 rv = C_CopyObject(rw_session, obj_hdl, copy_template_priv,
3584 ARRAY_SIZE(copy_template_priv), &obj_hdl_cp);
3585 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3586 goto out;
3587
3588 /* Login to Test Token and repeat*/
3589 rv = C_Login(rw_session, CKU_USER, test_token_user_pin,
3590 sizeof(test_token_user_pin));
3591 if (!ADBG_EXPECT_CK_OK(c, rv))
3592 goto out;
3593
3594 /* Try copying a public object to a private object - should pass */
3595 rv = C_CopyObject(rw_session, obj_hdl, copy_template_priv,
3596 ARRAY_SIZE(copy_template_priv), &obj_hdl_cp);
3597 if (!ADBG_EXPECT_CK_OK(c, rv)) {
3598 ADBG_EXPECT_CK_OK(c, C_Logout(rw_session));
3599 goto out;
3600 }
3601
3602 if (!ADBG_EXPECT_CK_OK(c, C_Logout(rw_session)))
3603 goto out;
3604
3605 Do_ADBG_EndSubCase(c, NULL);
3606
3607 Do_ADBG_BeginSubCase(c, "Copy Object with Invalid Template");
3608
3609 rv = C_CopyObject(rw_session, obj_hdl, copy_template_inv,
3610 ARRAY_SIZE(copy_template_inv), &obj_hdl_cp);
3611 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_TYPE_INVALID, rv))
3612 goto out;
3613
3614 Do_ADBG_EndSubCase(c, NULL);
3615
3616 Do_ADBG_BeginSubCase(c, "Copy Object with COPYABLE false");
3617
3618 rv = C_SetAttributeValue(rw_session, obj_hdl, set_template,
3619 ARRAY_SIZE(set_template));
3620 if (!ADBG_EXPECT_CK_OK(c, rv))
3621 goto out;
3622
3623 rv = C_CopyObject(rw_session, obj_hdl, copy_template,
3624 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3625 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ACTION_PROHIBITED, rv))
3626 goto out;
3627
3628 Do_ADBG_EndSubCase(c, NULL);
3629
3630 Do_ADBG_BeginSubCase(c, "Copy session object to token in RO session");
3631
3632 rv = C_CopyObject(ro_session, obj_hdl_ro, copy_template,
3633 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3634 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3635 goto out;
3636
3637out:
3638 Do_ADBG_EndSubCase(c, NULL);
3639
3640 /* Destroy any token objects which may have been created */
3641 destroy_persistent_objects(c, slot);
3642
3643close_session:
3644 /* Closing session will also destroy all session objects */
3645 if (ro_session != CK_INVALID_HANDLE)
3646 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3647
3648 ADBG_EXPECT_CK_OK(c, C_CloseSession(rw_session));
3649
3650close_lib:
3651 ADBG_EXPECT_CK_OK(c, close_lib());
3652}
3653ADBG_CASE_DEFINE(pkcs11, 1015, xtest_pkcs11_test_1015,
3654 "PKCS11: Test C_CopyObject()");