TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / 2d6dc931293587124d378ead615a935d04e0e33c / . / host / xtest / pkcs11_1000.c
blob: c29f2fcf7cbe3ff60f0918ff28101fce0a1053dc [file] [log] [blame]
Etienne Carriere9b7b70d2020-05-16 10:27:23 +0200[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]2/*
3 * Copyright (c) 2018, Linaro Limited
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]4 */
5
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]6#include <ck_debug.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]7#include <inttypes.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]8#include <pkcs11.h>
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]9#include <stdio.h>
10#include <stdlib.h>
11#include <string.h>
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]12#include <util.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]13
14#include "xtest_test.h"
15#include "xtest_helpers.h"
16
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]17/*
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]18 * Some PKCS#11 object resources used in the tests
19 */
20static const CK_BYTE cktest_aes128_key[16];
21
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame^]22static const CK_BYTE cktest_aes128_iv[16];
23
24static const CK_AES_CTR_PARAMS cktest_aes_ctr_params = {
25 .ulCounterBits = 1,
26};
27
28static CK_MECHANISM cktest_aes_ecb_mechanism = {
29 CKM_AES_ECB,
30 NULL, 0,
31};
32static CK_MECHANISM cktest_aes_cbc_mechanism = {
33 CKM_AES_CBC,
34 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
35};
36static CK_MECHANISM cktest_aes_ctr_mechanism = {
37 CKM_AES_CTR,
38 (CK_BYTE_PTR)&cktest_aes_ctr_params, sizeof(cktest_aes_ctr_params),
39};
40static CK_MECHANISM cktest_aes_cts_mechanism = {
41 CKM_AES_CTS,
42 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
43};
44
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]45/*
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]46 * Util to find a slot on which to open a session
47 */
48static CK_RV close_lib(void)
49{
50 return C_Finalize(0);
51}
52
53static CK_RV init_lib_and_find_token_slot(CK_SLOT_ID *slot)
54{
55 CK_RV rv = CKR_GENERAL_ERROR;
56 CK_SLOT_ID_PTR slots = NULL;
57 CK_ULONG count = 0;
58
59 rv = C_Initialize(0);
60 if (rv)
61 return rv;
62
63 rv = C_GetSlotList(CK_TRUE, NULL, &count);
64 if (rv != CKR_OK)
65 goto bail;
66
67 if (count < 1) {
68 rv = CKR_GENERAL_ERROR;
69 goto bail;
70 }
71
72 slots = malloc(count * sizeof(CK_SLOT_ID));
73 if (!slots) {
74 rv = CKR_HOST_MEMORY;
75 goto bail;
76 }
77
78 rv = C_GetSlotList(CK_TRUE, slots, &count);
79 if (rv)
80 goto bail;
81
82 /* Use the last slot */
83 *slot = slots[count - 1];
84
85bail:
86 free(slots);
87 if (rv)
88 close_lib();
89
90 return rv;
91}
92
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]93static void xtest_pkcs11_test_1000(ADBG_Case_t *c)
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]94{
95 CK_RV rv;
96
97 rv = C_Initialize(NULL);
98 if (!ADBG_EXPECT_CK_OK(c, rv))
99 return;
100
101 rv = C_Finalize(NULL);
102 if (!ADBG_EXPECT_CK_OK(c, rv))
103 return;
104
105 rv = C_Initialize(NULL);
106 if (!ADBG_EXPECT_CK_OK(c, rv))
107 return;
108
109 rv = C_Initialize(NULL);
110 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_ALREADY_INITIALIZED, rv);
111
112 rv = C_Finalize(NULL);
113 ADBG_EXPECT_CK_OK(c, rv);
Etienne Carriere21f4e3c2020-02-05 15:40:24 +0100[diff] [blame]114
115 rv = C_Finalize(NULL);
116 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_NOT_INITIALIZED, rv);
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]117}
118
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]119ADBG_CASE_DEFINE(pkcs11, 1000, xtest_pkcs11_test_1000,
120 "Initialize and close Cryptoki library");
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]121
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]122static void xtest_pkcs11_test_1001(ADBG_Case_t *c)
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]123{
124 CK_RV rv = CKR_GENERAL_ERROR;
125 CK_SLOT_ID_PTR slot_ids = NULL;
126 CK_ULONG slot_count = 0;
127 CK_ULONG present_slot_count = 0;
128 CK_INFO lib_info = { };
129 CK_SLOT_INFO slot_info = { };
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]130 CK_TOKEN_INFO token_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]131 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
132 size_t i = 0;
133 CK_SLOT_ID max_slot_id = 0;
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]134 CK_MECHANISM_TYPE_PTR mecha_types = NULL;
135 CK_ULONG mecha_count = 0;
136 CK_MECHANISM_INFO mecha_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]137
138 rv = C_Initialize(NULL);
139 if (!ADBG_EXPECT_CK_OK(c, rv))
140 return;
141
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]142 Do_ADBG_BeginSubCase(c, "Test C_GetFunctionList()");
143
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]144 rv = C_GetFunctionList(&ckfunc_list);
145 if (!ADBG_EXPECT_CK_OK(c, rv))
146 goto out;
147
148 if (!ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetInfo) ||
149 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotList) ||
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]150 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotInfo) ||
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]151 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetTokenInfo) ||
152 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismList) ||
153 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismInfo))
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]154 goto out;
155
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]156 Do_ADBG_EndSubCase(c, "Test C_GetFunctionList()");
157 Do_ADBG_BeginSubCase(c, "Test C_GetInfo()");
158
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]159 rv = C_GetInfo(&lib_info);
160 if (!ADBG_EXPECT_CK_OK(c, rv))
161 goto out;
162
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]163 Do_ADBG_EndSubCase(c, "Test C_GetInfo()");
164 Do_ADBG_BeginSubCase(c, "Test C_GetSlotList()");
165
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]166 rv = C_GetSlotList(0, NULL, &slot_count);
167 if (!ADBG_EXPECT_CK_OK(c, rv))
168 goto out;
169
170 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, !=, 0))
171 goto out;
172
Etienne Carrierede746332020-03-04 19:43:53 +0100[diff] [blame]173 if (slot_count > 1) {
174 /* Ensure case non-NULL-buffer and zero-count is tested */
175 CK_SLOT_ID id = 0;
176
177 slot_count = 0;
178 rv = C_GetSlotList(0, &id, &slot_count);
179 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
180 goto out;
181 }
182
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]183 rv = C_GetSlotList(1, NULL, &present_slot_count);
184 if (!ADBG_EXPECT_CK_OK(c, rv))
185 goto out;
186
187 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, ==,
188 present_slot_count))
189 goto out;
190
191 slot_ids = calloc(slot_count, sizeof(CK_SLOT_ID));
192 if (!ADBG_EXPECT_NOT_NULL(c, slot_ids))
193 goto out;
194
195 slot_count--;
196 rv = C_GetSlotList(1, slot_ids, &slot_count);
197 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
198 goto out;
199
200 rv = C_GetSlotList(1, slot_ids, &slot_count);
201 if (!ADBG_EXPECT_CK_OK(c, rv))
202 goto out;
203
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]204 Do_ADBG_EndSubCase(c, "Test C_GetSlotList()");
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]205 Do_ADBG_BeginSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]206
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]207 for (i = 0; i < slot_count; i++) {
208 CK_SLOT_ID slot = slot_ids[i];
209
210 rv = C_GetSlotInfo(slot, &slot_info);
211 if (!ADBG_EXPECT_CK_OK(c, rv))
212 goto out;
213
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]214 rv = C_GetTokenInfo(slot, &token_info);
215 if (!ADBG_EXPECT_CK_OK(c, rv))
216 goto out;
217
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]218 if (max_slot_id < slot)
219 max_slot_id = slot;
220 }
221
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]222 Do_ADBG_EndSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]223 Do_ADBG_BeginSubCase(c, "Test C_GetMechanism{List|Info}()");
224
225 for (i = 0; i < slot_count; i++) {
226 CK_SLOT_ID slot = slot_ids[i];
227 size_t j = 0;
228
229 mecha_count = 0;
230 rv = C_GetMechanismList(slot, NULL, &mecha_count);
231 if (!ADBG_EXPECT_CK_OK(c, rv))
232 goto out;
233
234 if (mecha_count == 0)
235 continue;
236
237 free(mecha_types);
238 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
239 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
240 goto out;
241
242 /* Test specific case: valid buffer reference with 0 count */
243 mecha_count = 0;
244 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
245 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
246 goto out;
247
248 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
249 if (!ADBG_EXPECT_CK_OK(c, rv))
250 goto out;
251
252 for (j = 0; j < mecha_count; j++) {
253 rv = C_GetMechanismInfo(slot, mecha_types[j],
254 &mecha_info);
255 if (!ADBG_EXPECT_CK_OK(c, rv))
256 goto out;
257 }
258 }
259
260 Do_ADBG_EndSubCase(c, "Test C_GetMechanism{List|Info}()");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]261 Do_ADBG_BeginSubCase(c, "Test C_Get*Info() with invalid reference");
262
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]263 rv = C_GetSlotInfo(max_slot_id + 1, &slot_info);
264 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
265 goto out;
266
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]267 rv = C_GetTokenInfo(max_slot_id + 1, &token_info);
268 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
269 goto out;
270
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]271 mecha_count = 1;
272 if (!mecha_types)
273 mecha_types = malloc(sizeof(*mecha_types));
274 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
275 goto out;
276
277 rv = C_GetMechanismList(max_slot_id + 1, mecha_types, &mecha_count);
278 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
279 goto out;
280
281 rv = C_GetMechanismInfo(max_slot_id + 1, CKM_AES_KEY_GEN, &mecha_info);
282 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
283 goto out;
284
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]285 rv = C_GetSlotInfo(ULONG_MAX, &slot_info);
286 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
287 goto out;
288
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]289 rv = C_GetTokenInfo(ULONG_MAX, &token_info);
290 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
291 goto out;
292
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]293 mecha_count = 1;
294 rv = C_GetMechanismList(ULONG_MAX, mecha_types, &mecha_count);
295 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
296 goto out;
297
298 rv = C_GetMechanismInfo(ULONG_MAX, CKM_AES_KEY_GEN, &mecha_info);
299 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
300 goto out;
301
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]302out:
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]303 Do_ADBG_EndSubCase(c, NULL);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]304 free(slot_ids);
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]305 free(mecha_types);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]306
307 rv = C_Finalize(NULL);
308 ADBG_EXPECT_CK_OK(c, rv);
309}
310
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]311ADBG_CASE_DEFINE(pkcs11, 1001, xtest_pkcs11_test_1001,
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]312 "PKCS11: List PKCS#11 slots and get information from");
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]313
314static void xtest_pkcs11_test_1002(ADBG_Case_t *c)
315{
316 CK_RV rv = CKR_GENERAL_ERROR;
317 CK_SLOT_ID slot = 0;
318 CK_SESSION_HANDLE session[3] = { 0 };
319 CK_FLAGS session_flags = 0;
320 CK_SESSION_INFO session_info = { };
321 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
322
323 rv = init_lib_and_find_token_slot(&slot);
324 if (!ADBG_EXPECT_CK_OK(c, rv))
325 return;
326
327 rv = C_GetFunctionList(&ckfunc_list);
328 if (!ADBG_EXPECT_CK_OK(c, rv) ||
329 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_OpenSession) ||
330 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseSession) ||
331 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseAllSessions) ||
332 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSessionInfo))
333 goto bail;
334
335 Do_ADBG_BeginSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
336
337 session_flags = CKF_RW_SESSION;
338
339 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
340 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
341 goto bail;
342
343 session_flags = CKF_SERIAL_SESSION;
344
345 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
346 if (!ADBG_EXPECT_CK_OK(c, rv))
347 goto bail;
348
349 rv = C_GetSessionInfo(session[0], &session_info);
350 if (!ADBG_EXPECT_CK_OK(c, rv) ||
351 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
352 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
353 session_flags) ||
354 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
355 CKS_RO_PUBLIC_SESSION) ||
356 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
357 goto bail;
358
359 session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
360
361 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[1]);
362 if (!ADBG_EXPECT_CK_OK(c, rv))
363 goto bail;
364
365 rv = C_GetSessionInfo(session[1], &session_info);
366 if (!ADBG_EXPECT_CK_OK(c, rv) ||
367 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
368 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
369 session_flags) ||
370 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
371 CKS_RW_PUBLIC_SESSION) ||
372 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
373 goto bail;
374
375 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[2]);
376 if (!ADBG_EXPECT_CK_OK(c, rv))
377 goto bail;
378
379 rv = C_GetSessionInfo(session[2], &session_info);
380 if (!ADBG_EXPECT_CK_OK(c, rv) ||
381 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
382 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
383 session_flags) ||
384 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
385 CKS_RW_PUBLIC_SESSION) ||
386 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
387 goto bail;
388
389 Do_ADBG_EndSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
390 Do_ADBG_BeginSubCase(c, "Test C_CloseSession()");
391
392 /* Close 2 of them */
393 rv = C_CloseSession(session[0]);
394 if (!ADBG_EXPECT_CK_OK(c, rv))
395 goto bail;
396
397 rv = C_GetSessionInfo(session[0], &session_info);
398 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
399 goto bail;
400
401 rv = C_GetSessionInfo(session[1], &session_info);
402 if (!ADBG_EXPECT_CK_OK(c, rv))
403 goto bail;
404
405 rv = C_GetSessionInfo(session[2], &session_info);
406 if (!ADBG_EXPECT_CK_OK(c, rv))
407 goto bail;
408
409 /* Close all remaining sessions, later calls should failed on session */
410 rv = C_CloseAllSessions(slot);
411 if (!ADBG_EXPECT_CK_OK(c, rv))
412 goto bail;
413
414 rv = C_CloseSession(session[1]);
415 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
416 goto bail;
417
418 rv = C_CloseSession(session[2]);
419 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
420 goto bail;
421
422 rv = C_GetSessionInfo(session[1], &session_info);
423 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
424 goto bail;
425
426 rv = C_GetSessionInfo(session[2], &session_info);
427 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
428 goto bail;
429
430 /* Open a session, should be closed from library closure */
431 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
432 if (!ADBG_EXPECT_CK_OK(c, rv))
433 goto bail;
434
435bail:
436 Do_ADBG_EndSubCase(c, NULL);
437 rv = close_lib();
438 ADBG_EXPECT_CK_OK(c, rv);
439}
440
441ADBG_CASE_DEFINE(pkcs11, 1002, xtest_pkcs11_test_1002,
442 "PKCS11: Open and close PKCS#11 sessions");
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]443
444/*
445 * Helpers for tests where we must log into the token.
446 * These define the genuine PINs and label to be used with the test token.
447 */
448static CK_UTF8CHAR test_token_so_pin[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 , 9, 10, };
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]449static CK_UTF8CHAR test_token_user_pin[] = {
450 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
451};
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]452static CK_UTF8CHAR test_token_label[] = "PKCS11 TA test token";
453
454static CK_RV init_test_token(CK_SLOT_ID slot)
455{
456 return C_InitToken(slot, test_token_so_pin, sizeof(test_token_so_pin),
457 test_token_label);
458}
459
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]460/* Login as user, eventually reset user PIN if needed */
461static CK_RV init_user_test_token(CK_SLOT_ID slot)
462{
463 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
464 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
465 CK_RV rv = CKR_GENERAL_ERROR;
466
467 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
468 if (rv)
469 return rv;
470
471 rv = C_Login(session, CKU_USER, test_token_user_pin,
472 sizeof(test_token_user_pin));
473 if (rv == CKR_OK) {
474 C_Logout(session);
475 C_CloseSession(session);
476 return rv;
477 }
478
479 rv = C_Login(session, CKU_SO, test_token_so_pin,
480 sizeof(test_token_so_pin));
481 if (rv) {
482 C_CloseSession(session);
483
484 rv = init_test_token(slot);
485 if (rv)
486 return rv;
487
488 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
489 if (rv)
490 return rv;
491
492 rv = C_Login(session, CKU_SO, test_token_so_pin,
493 sizeof(test_token_so_pin));
494 if (rv) {
495 C_CloseSession(session);
496 return rv;
497 }
498 }
499
500 rv = C_InitPIN(session, test_token_user_pin,
501 sizeof(test_token_user_pin));
502
503 C_Logout(session);
504 C_CloseSession(session);
505
506 return rv;
507}
508
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]509static CK_RV test_already_initialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
510{
511 CK_RV rv = CKR_GENERAL_ERROR;
512 CK_TOKEN_INFO token_info = { };
513 /* Same content as test_token_so_pin[] but 1 more byte */
514 CK_UTF8CHAR pin1[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, };
515 /* Same content as test_token_so_pin[] but 1 different byte */
516 CK_UTF8CHAR pin2[] = { 0, 1, 2, 3, 4, 5, 6, 6, 8, 9, 10, };
517 CK_FLAGS flags = 0;
518
519 Do_ADBG_BeginSubCase(c, "C_InitToken() on initialized token");
520
521 rv = C_GetTokenInfo(slot, &token_info);
522 if (!ADBG_EXPECT_CK_OK(c, rv))
523 goto out;
524
525 rv = C_InitToken(slot, test_token_so_pin,
526 sizeof(test_token_so_pin) - 1, test_token_label);
527 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
528 goto out;
529
530 rv = C_InitToken(slot, pin1, sizeof(pin1), test_token_label);
531 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
532 goto out;
533
534 rv = C_InitToken(slot, pin2, sizeof(pin2), test_token_label);
535 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
536 goto out;
537
538 rv = C_GetTokenInfo(slot, &token_info);
539 if (!ADBG_EXPECT_CK_OK(c, rv))
540 goto out;
541
542 flags = token_info.flags;
543
544 /* Token should have set CKF_SO_PIN_COUNT_LOW to 1 */
545 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_SO_PIN_COUNT_LOW))) {
546 rv = CKR_GENERAL_ERROR;
547 goto out;
548 }
549
550 rv = init_test_token(slot);
551 if (!ADBG_EXPECT_CK_OK(c, rv))
552 goto out;
553
554 rv = C_GetTokenInfo(slot, &token_info);
555 if (!ADBG_EXPECT_CK_OK(c, rv))
556 goto out;
557
558 flags = token_info.flags;
559
560 /*
561 * Token should have reset CKF_SO_PIN_COUNT_LOW to 0.
562 * Other flags should show a sane initialized state.
563 */
564 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_SO_PIN_COUNT_LOW)) ||
565 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
566 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
567 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
568 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]569 goto out;
570 }
571
572 rv = init_user_test_token(slot);
573 if (!ADBG_EXPECT_CK_OK(c, rv))
574 goto out;
575
576 rv = C_GetTokenInfo(slot, &token_info);
577 if (!ADBG_EXPECT_CK_OK(c, rv))
578 goto out;
579
580 flags = token_info.flags;
581
582 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
583 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
584 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
585 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
586 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
587 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE))) {
588 rv = CKR_GENERAL_ERROR;
589 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]590 }
591
592out:
593 Do_ADBG_EndSubCase(c, "C_InitToken() on initialized token");
594
595 return rv;
596}
597
598static CK_RV test_uninitialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
599{
600 CK_RV rv = CKR_GENERAL_ERROR;
601 CK_TOKEN_INFO token_info = { };
602 CK_FLAGS flags = 0;
603
604 Do_ADBG_BeginSubCase(c, "C_InitToken() on uninitialized token");
605
606 rv = init_test_token(slot);
607 if (!ADBG_EXPECT_CK_OK(c, rv))
608 goto out;
609
610 rv = C_GetTokenInfo(slot, &token_info);
611 if (!ADBG_EXPECT_CK_OK(c, rv))
612 goto out;
613
614 flags = token_info.flags;
615
616 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
617 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
618 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
619 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]620 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]621 }
622
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]623 rv = init_user_test_token(slot);
624 if (!ADBG_EXPECT_CK_OK(c, rv))
625 goto out;
626
627 rv = C_GetTokenInfo(slot, &token_info);
628 if (!ADBG_EXPECT_CK_OK(c, rv))
629 goto out;
630
631 flags = token_info.flags;
632
633 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
634 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
635 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
636 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
637 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
638 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
639 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)))
640 rv = CKR_GENERAL_ERROR;
641
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]642out:
643 Do_ADBG_EndSubCase(c, "C_InitToken() on uninitialized token");
644
645 return rv;
646}
647
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]648static CK_RV test_login_logout(ADBG_Case_t *c, CK_SLOT_ID slot)
649{
650 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
651 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
652 CK_RV rv = CKR_GENERAL_ERROR;
653
654 Do_ADBG_BeginSubCase(c, "Test C_Login()/C_Logout()");
655
656 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
657 if (!ADBG_EXPECT_CK_OK(c, rv))
658 goto out;
659
660 /* Logout: should fail as we did not log in yet */
661 rv = C_Logout(session);
662 ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv);
663
664 /* Login/re-log/logout user */
665 rv = C_Login(session, CKU_USER, test_token_user_pin,
666 sizeof(test_token_user_pin));
667 if (!ADBG_EXPECT_CK_OK(c, rv))
668 goto out;
669
670 rv = C_Login(session, CKU_USER, test_token_user_pin,
671 sizeof(test_token_user_pin));
672 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
673
674 rv = C_Logout(session);
675 if (!ADBG_EXPECT_CK_OK(c, rv))
676 goto out;
677
678 /* Login/re-log/logout security officer */
679 rv = C_Login(session, CKU_SO, test_token_so_pin,
680 sizeof(test_token_so_pin));
681 if (!ADBG_EXPECT_CK_OK(c, rv))
682 goto out;
683
684 rv = C_Login(session, CKU_SO, test_token_so_pin,
685 sizeof(test_token_so_pin));
686 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
687
688 rv = C_Logout(session);
689 if (!ADBG_EXPECT_CK_OK(c, rv))
690 goto out;
691
692 /* Login user then SO and reverse */
693 rv = C_Login(session, CKU_SO, test_token_so_pin,
694 sizeof(test_token_so_pin));
695 ADBG_EXPECT_CK_OK(c, rv);
696
697 rv = C_Login(session, CKU_USER, test_token_user_pin,
698 sizeof(test_token_user_pin));
699 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
700
701 rv = C_Logout(session);
702 if (!ADBG_EXPECT_CK_OK(c, rv))
703 goto out;
704
705 rv = C_Login(session, CKU_USER, test_token_user_pin,
706 sizeof(test_token_user_pin));
707 ADBG_EXPECT_CK_OK(c, rv);
708
709 rv = C_Login(session, CKU_SO, test_token_so_pin,
710 sizeof(test_token_so_pin));
711 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
712
713 rv = C_Logout(session);
714 ADBG_EXPECT_CK_OK(c, rv);
715
716 /* Login context specifc, in an invalid case (need an operation) */
717 rv = C_Login(session, CKU_CONTEXT_SPECIFIC, test_token_user_pin,
718 sizeof(test_token_user_pin));
719 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
720
721 rv = C_CloseSession(session);
722 ADBG_EXPECT_CK_OK(c, rv);
723
724out:
725 Do_ADBG_EndSubCase(c, "Test C_Login()/C_Logout()");
726 return rv;
727}
728
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]729static CK_RV test_set_pin(ADBG_Case_t *c, CK_SLOT_ID slot,
730 CK_USER_TYPE user_type)
731{
732 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
733 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
734 CK_UTF8CHAR some_pin[] = { 7, 6, 5, 4, 3, 2, 1, 2, 3, 4, 5, 6, 7 };
735 CK_UTF8CHAR_PTR old_pin = NULL;
736 CK_USER_TYPE ut = user_type;
737 size_t old_pin_sz = 0;
738 CK_RV rv2 = CKR_OK;
739 CK_RV rv = CKR_OK;
740
741 Do_ADBG_BeginSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
742
743 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
744 if (!ADBG_EXPECT_CK_OK(c, rv))
745 goto out;
746
747 if (user_type == CKU_SO) {
748 old_pin = (CK_UTF8CHAR_PTR)test_token_so_pin;
749 old_pin_sz = sizeof(test_token_so_pin);
750 } else {
751 old_pin = (CK_UTF8CHAR_PTR)test_token_user_pin;
752 old_pin_sz = sizeof(test_token_user_pin);
753 ut = CKU_USER;
754 }
755
756 if (ut == user_type) {
757 rv = C_Login(session, ut, old_pin, old_pin_sz);
758 if (!ADBG_EXPECT_CK_OK(c, rv))
759 goto out_session;
760 }
761
762 rv = C_SetPIN(session, old_pin, old_pin_sz, some_pin, sizeof(some_pin));
763 if (!ADBG_EXPECT_CK_OK(c, rv)) {
764 if (ut == user_type)
765 goto out_logout;
766 else
767 goto out_session;
768 }
769
770 if (ut == user_type) {
771 rv = C_Logout(session);
772 if (!ADBG_EXPECT_CK_OK(c, rv))
773 goto out_session;
774 }
775
776 rv = C_Login(session, ut, some_pin, sizeof(some_pin));
777 if (!ADBG_EXPECT_CK_OK(c, rv))
778 goto out_session;
779
780 rv = C_SetPIN(session, some_pin, sizeof(some_pin), old_pin, old_pin_sz);
781 ADBG_EXPECT_CK_OK(c, rv);
782
783out_logout:
784 rv2 = C_Logout(session);
785 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
786 rv = rv2;
787out_session:
788 rv2 = C_CloseSession(session);
789 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
790 rv = rv2;
791out:
792 Do_ADBG_EndSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
793
794 return rv;
795}
796
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]797static void xtest_pkcs11_test_1003(ADBG_Case_t *c)
798{
799 CK_RV rv = CKR_GENERAL_ERROR;
800 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
801 CK_SLOT_ID slot = 0;
802 CK_TOKEN_INFO token_info = { };
803
804 rv = C_GetFunctionList(&ckfunc_list);
805 if (!ADBG_EXPECT_CK_OK(c, rv) ||
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]806 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitToken) ||
807 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitPIN) ||
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]808 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_SetPIN) ||
809 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Login) ||
810 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Logout))
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]811 goto out;
812
813 rv = init_lib_and_find_token_slot(&slot);
814 if (!ADBG_EXPECT_CK_OK(c, rv))
815 return;
816
817 rv = C_GetTokenInfo(slot, &token_info);
818 if (!ADBG_EXPECT_CK_OK(c, rv))
819 goto out;
820
821 /* Abort test if token is about to lock */
822 if (!ADBG_EXPECT_TRUE(c, !(token_info.flags & CKF_SO_PIN_FINAL_TRY)))
823 goto out;
824
825 if (!(token_info.flags & CKF_TOKEN_INITIALIZED)) {
826 rv = test_uninitialized_token(c, slot);
827 if (rv != CKR_OK)
828 goto out;
829 }
830
831 rv = test_already_initialized_token(c, slot);
832 if (rv != CKR_OK)
833 goto out;
834
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]835 rv = test_login_logout(c, slot);
836 if (rv != CKR_OK)
837 goto out;
838
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]839 rv = test_set_pin(c, slot, CKU_USER);
840 if (rv != CKR_OK)
841 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]842
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]843 rv = test_set_pin(c, slot, CKU_SO);
844 if (rv != CKR_OK)
845 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]846
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]847 /*
848 * CKU_CONTEXT_SPECIFIC is anything not CKU_USER or CKU_SO in order
849 * to skip the initial login.
850 */
851 test_set_pin(c, slot, CKU_CONTEXT_SPECIFIC);
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]852out:
853 rv = close_lib();
854 ADBG_EXPECT_CK_OK(c, rv);
855}
856
857ADBG_CASE_DEFINE(pkcs11, 1003, xtest_pkcs11_test_1003,
858 "PKCS11: Login to PKCS#11 token");
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]859
860static CK_ATTRIBUTE cktest_token_object[] = {
861 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
862 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
863 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
864 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
865 sizeof(CK_OBJECT_CLASS) },
866 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
867 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
868};
869
870static CK_ATTRIBUTE cktest_session_object[] = {
871 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
872 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
873 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
874 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
875 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
876 sizeof(CK_OBJECT_CLASS) },
877 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
878};
879
880/* Create session object and token object from a session */
881static void test_create_destroy_single_object(ADBG_Case_t *c, bool persistent)
882{
883 CK_RV rv = CKR_GENERAL_ERROR;
884 CK_SLOT_ID slot = 0;
885 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
886 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
887 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
888
889 rv = init_lib_and_find_token_slot(&slot);
890 if (!ADBG_EXPECT_CK_OK(c, rv))
891 return;
892
893 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
894 if (!ADBG_EXPECT_CK_OK(c, rv))
895 goto out;
896
897 if (persistent) {
898 rv = C_CreateObject(session, cktest_token_object,
899 ARRAY_SIZE(cktest_token_object),
900 &obj_hdl);
901 } else {
902 rv = C_CreateObject(session, cktest_session_object,
903 ARRAY_SIZE(cktest_session_object),
904 &obj_hdl);
905 }
906
907 if (!ADBG_EXPECT_CK_OK(c, rv))
908 goto out;
909
910 rv = C_DestroyObject(session, obj_hdl);
911 ADBG_EXPECT_CK_OK(c, rv);
912out:
913 rv = C_CloseSession(session);
914 ADBG_EXPECT_CK_OK(c, rv);
915
916 rv = close_lib();
917 ADBG_EXPECT_CK_OK(c, rv);
918}
919
920static void test_create_destroy_session_objects(ADBG_Case_t *c)
921{
922 CK_RV rv = CKR_GENERAL_ERROR;
923 CK_SLOT_ID slot = 0;
924 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
925 CK_OBJECT_HANDLE obj_hdl[512] = { 0 };
926 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
927 size_t n = 0;
928
929 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
930 obj_hdl[n] = CK_INVALID_HANDLE;
931
932 rv = init_lib_and_find_token_slot(&slot);
933 if (!ADBG_EXPECT_CK_OK(c, rv))
934 return;
935
936 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
937 if (!ADBG_EXPECT_CK_OK(c, rv))
938 goto out;
939
940 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++) {
941 rv = C_CreateObject(session, cktest_session_object,
942 ARRAY_SIZE(cktest_session_object),
943 obj_hdl + n);
944
945 if (rv == CKR_DEVICE_MEMORY || !ADBG_EXPECT_CK_OK(c, rv))
946 break;
947 }
948
949 Do_ADBG_Log(" created object count: %zu", n);
950
951 rv = C_CloseSession(session);
952 ADBG_EXPECT_CK_OK(c, rv);
953
954 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
955 if (!ADBG_EXPECT_CK_OK(c, rv))
956 goto out;
957
958 rv = C_CreateObject(session, cktest_session_object,
959 ARRAY_SIZE(cktest_session_object),
960 obj_hdl);
961
962 ADBG_EXPECT_CK_OK(c, rv);
963
964out:
965 rv = C_CloseSession(session);
966 ADBG_EXPECT_CK_OK(c, rv);
967
968 rv = close_lib();
969 ADBG_EXPECT_CK_OK(c, rv);
970}
971
972/* Create session object and token object from a session */
973static void test_create_objects_in_session(ADBG_Case_t *c, bool readwrite)
974{
975 CK_RV rv = CKR_GENERAL_ERROR;
976 CK_SLOT_ID slot = 0;
977 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
978 CK_OBJECT_HANDLE token_obj_hld = CK_INVALID_HANDLE;
979 CK_OBJECT_HANDLE session_obj_hld = CK_INVALID_HANDLE;
980 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
981
982 rv = init_lib_and_find_token_slot(&slot);
983 if (!ADBG_EXPECT_CK_OK(c, rv))
984 return;
985
986 if (readwrite)
987 session_flags |= CKF_RW_SESSION;
988
989 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
990 if (!ADBG_EXPECT_CK_OK(c, rv))
991 goto out;
992
993 rv = C_CreateObject(session, cktest_token_object,
994 ARRAY_SIZE(cktest_token_object),
995 &token_obj_hld);
996
997 if (readwrite) {
998 if (!ADBG_EXPECT_CK_OK(c, rv))
999 goto out;
1000 } else {
1001 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
1002 goto out;
1003 }
1004
1005 rv = C_CreateObject(session, cktest_session_object,
1006 ARRAY_SIZE(cktest_session_object),
1007 &session_obj_hld);
1008
1009 if (!ADBG_EXPECT_CK_OK(c, rv))
1010 goto out_tobj;
1011
1012 rv = C_DestroyObject(session, session_obj_hld);
1013 ADBG_EXPECT_CK_OK(c, rv);
1014
1015out_tobj:
1016 if (readwrite) {
1017 rv = C_DestroyObject(session, token_obj_hld);
1018 ADBG_EXPECT_CK_OK(c, rv);
1019 }
1020out:
1021 rv = C_CloseSession(session);
1022 ADBG_EXPECT_CK_OK(c, rv);
1023
1024 rv = close_lib();
1025 ADBG_EXPECT_CK_OK(c, rv);
1026}
1027
1028static void xtest_pkcs11_test_1004(ADBG_Case_t *c)
1029{
1030 Do_ADBG_BeginSubCase(c, "Create and destroy a volatile object");
1031 test_create_destroy_single_object(c, false /*!persistent*/);
1032 Do_ADBG_EndSubCase(c, "Create and destroy a volatile object");
1033
1034 Do_ADBG_BeginSubCase(c, "Create and destroy a persistent object");
1035 test_create_destroy_single_object(c, true /*persistent*/);
1036 Do_ADBG_EndSubCase(c, "Create and destroy a persistent object");
1037
1038 Do_ADBG_BeginSubCase(c, "Create and destroy many session objects");
1039 test_create_destroy_session_objects(c);
1040 Do_ADBG_EndSubCase(c, "Create and destroy many session objects");
1041
1042 Do_ADBG_BeginSubCase(c, "Create objects in a read-only session");
1043 test_create_objects_in_session(c, false /*!readwrite*/);
1044 Do_ADBG_EndSubCase(c, "Create objects in a read-only session");
1045
1046 Do_ADBG_BeginSubCase(c, "Create objects in a read/write session");
1047 test_create_objects_in_session(c, true /*readwrite*/);
1048 Do_ADBG_EndSubCase(c, "Create objects in a read/write session");
1049}
1050
1051ADBG_CASE_DEFINE(pkcs11, 1004, xtest_pkcs11_test_1004,
1052 "PKCS11: create/destroy PKCS#11 simple objects");
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame^]1053
1054
1055static const CK_MECHANISM_TYPE allowed_only_aes_ecb[] = {
1056 CKM_AES_ECB,
1057};
1058static const CK_MECHANISM_TYPE allowed_not_aes_ecb[] = {
1059 CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1060 CKM_AES_GCM, CKM_AES_CCM,
1061};
1062static const CK_MECHANISM_TYPE allowed_only_aes_cbcnopad[] = {
1063 CKM_AES_CBC,
1064};
1065static const CK_MECHANISM_TYPE allowed_not_aes_cbcnopad[] = {
1066 CKM_AES_ECB, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1067 CKM_AES_GCM, CKM_AES_CCM,
1068};
1069static const CK_MECHANISM_TYPE allowed_only_aes_ctr[] = {
1070 CKM_AES_CTR,
1071};
1072static const CK_MECHANISM_TYPE allowed_not_aes_ctr[] = {
1073 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTS,
1074 CKM_AES_GCM, CKM_AES_CCM,
1075};
1076static const CK_MECHANISM_TYPE allowed_only_aes_cts[] = {
1077 CKM_AES_CTS,
1078};
1079static const CK_MECHANISM_TYPE allowed_not_aes_cts[] = {
1080 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR,
1081 CKM_AES_GCM, CKM_AES_CCM,
1082};
1083
1084#define CKTEST_AES_KEY \
1085 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1086 sizeof(CK_OBJECT_CLASS) }, \
1087 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, \
1088 sizeof(CK_KEY_TYPE) }, \
1089 { CKA_VALUE, (void *)cktest_aes128_key, \
1090 sizeof(cktest_aes128_key) }
1091
1092#define CKTEST_AES_ALLOWED_KEY(_allowed) \
1093 { CKA_ALLOWED_MECHANISMS, (void *)_allowed, sizeof(_allowed), }
1094
1095#define CK_KEY_ALLOWED_AES_TEST(_label, _allowed) \
1096 static CK_ATTRIBUTE _label[] = { \
1097 CKTEST_AES_KEY, \
1098 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1099 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1100 CKTEST_AES_ALLOWED_KEY(_allowed), \
1101 }
1102
1103#define CK_KEY_ALLOWED_AES_ENC_TEST(_label, _allowed) \
1104 static CK_ATTRIBUTE _label[] = { \
1105 CKTEST_AES_KEY, \
1106 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1107 CKTEST_AES_ALLOWED_KEY(_allowed), \
1108 }
1109#define CK_KEY_ALLOWED_AES_DEC_TEST(_label, _allowed) \
1110 static CK_ATTRIBUTE _label[] = { \
1111 CKTEST_AES_KEY, \
1112 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1113 CKTEST_AES_ALLOWED_KEY(_allowed), \
1114 }
1115
1116CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ecb, allowed_only_aes_ecb);
1117CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ecb, allowed_not_aes_ecb);
1118CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cbcnopad, allowed_only_aes_cbcnopad);
1119CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cbcnopad, allowed_not_aes_cbcnopad);
1120CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cts, allowed_only_aes_cts);
1121CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cts, allowed_not_aes_cts);
1122CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ctr, allowed_only_aes_ctr);
1123CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ctr, allowed_not_aes_ctr);
1124
1125struct cktest_allowed_test {
1126 CK_ATTRIBUTE_PTR attr_key;
1127 CK_ULONG attr_count;
1128 CK_MECHANISM_PTR mechanism;
1129};
1130
1131#define CKTEST_KEY_MECHA(key, mecha) { \
1132 .attr_key = key, \
1133 .attr_count = ARRAY_SIZE(key), \
1134 .mechanism = mecha, \
1135 }
1136
1137static const struct cktest_allowed_test cktest_allowed_valid[] = {
1138 CKTEST_KEY_MECHA(cktest_aes_only_ecb, &cktest_aes_ecb_mechanism),
1139 CKTEST_KEY_MECHA(cktest_aes_only_cbcnopad, &cktest_aes_cbc_mechanism),
1140 CKTEST_KEY_MECHA(cktest_aes_only_cts, &cktest_aes_cts_mechanism),
1141 CKTEST_KEY_MECHA(cktest_aes_only_ctr, &cktest_aes_ctr_mechanism),
1142};
1143
1144static const struct cktest_allowed_test cktest_allowed_invalid[] = {
1145 CKTEST_KEY_MECHA(cktest_aes_not_ecb, &cktest_aes_ecb_mechanism),
1146 CKTEST_KEY_MECHA(cktest_aes_not_cbcnopad, &cktest_aes_cbc_mechanism),
1147 CKTEST_KEY_MECHA(cktest_aes_not_cts, &cktest_aes_cts_mechanism),
1148 CKTEST_KEY_MECHA(cktest_aes_not_ctr, &cktest_aes_ctr_mechanism),
1149};
1150
1151/* Create session object and token object from a session */
1152static CK_RV cipher_init_final(ADBG_Case_t *c, CK_SESSION_HANDLE session,
1153 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1154 CK_MECHANISM_PTR mechanism, uint32_t mode,
1155 CK_RV expected_rc)
1156{
1157 CK_RV rv2 = CKR_GENERAL_ERROR;
1158 CK_RV rv = CKR_GENERAL_ERROR;
1159 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1160
1161 switch (mode) {
1162 case TEE_MODE_ENCRYPT:
1163 case TEE_MODE_DECRYPT:
1164 break;
1165 default:
1166 ADBG_EXPECT_TRUE(c, false);
1167 }
1168
1169 rv = C_CreateObject(session, attr_key, attr_count, &object);
1170 if (!ADBG_EXPECT_CK_OK(c, rv))
1171 return rv;
1172
1173 if (mode == TEE_MODE_ENCRYPT)
1174 rv = C_EncryptInit(session, mechanism, object);
1175 if (mode == TEE_MODE_DECRYPT)
1176 rv = C_DecryptInit(session, mechanism, object);
1177
1178 if (!ADBG_EXPECT_CK_RESULT(c, expected_rc, rv)) {
1179 rv = CKR_GENERAL_ERROR;
1180 goto out;
1181 }
1182
1183 if (rv) {
1184 /*
1185 * If we're here it was the expected error code above and
1186 * we're supposed to return OK below.
1187 */
1188 rv = CKR_OK;
1189 } else {
1190 if (mode == TEE_MODE_ENCRYPT)
1191 rv = C_EncryptFinal(session, NULL, NULL);
1192 if (mode == TEE_MODE_DECRYPT)
1193 rv = C_DecryptFinal(session, NULL, NULL);
1194
1195 /* Only check that the operation is no more active */
1196 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
1197 rv = CKR_GENERAL_ERROR;
1198 }
1199
1200out:
1201 rv2 = C_DestroyObject(session, object);
1202 ADBG_EXPECT_CK_OK(c, rv2);
1203
1204 if (rv)
1205 return rv;
1206 else
1207 return rv2;
1208}
1209
1210CK_KEY_ALLOWED_AES_ENC_TEST(cktest_aes_enc_only_cts, allowed_only_aes_cts);
1211
1212CK_KEY_ALLOWED_AES_DEC_TEST(cktest_aes_dec_only_ctr, allowed_only_aes_ctr);
1213
1214static void xtest_pkcs11_test_1005(ADBG_Case_t *c)
1215{
1216 CK_RV rv = CKR_GENERAL_ERROR;
1217 CK_SLOT_ID slot = 0;
1218 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1219 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1220 size_t n = 0;
1221
1222 rv = init_lib_and_find_token_slot(&slot);
1223 if (!ADBG_EXPECT_CK_OK(c, rv))
1224 return;
1225
1226 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1227 if (!ADBG_EXPECT_CK_OK(c, rv))
1228 goto out;
1229
1230 for (n = 0; n < ARRAY_SIZE(cktest_allowed_valid); n++) {
1231
1232 Do_ADBG_BeginSubCase(c, "valid usage #%zu", n);
1233
1234 rv = cipher_init_final(c, session,
1235 cktest_allowed_valid[n].attr_key,
1236 cktest_allowed_valid[n].attr_count,
1237 cktest_allowed_valid[n].mechanism,
1238 TEE_MODE_ENCRYPT,
1239 CKR_OK);
1240
1241 ADBG_EXPECT_CK_OK(c, rv);
1242
1243 Do_ADBG_EndSubCase(c, NULL);
1244 if (rv)
1245 goto out;
1246
1247 }
1248
1249 for (n = 0; n < ARRAY_SIZE(cktest_allowed_invalid); n++) {
1250 Do_ADBG_BeginSubCase(c, "invalid usage #%zu", n);
1251
1252 rv = cipher_init_final(c, session,
1253 cktest_allowed_invalid[n].attr_key,
1254 cktest_allowed_invalid[n].attr_count,
1255 cktest_allowed_invalid[n].mechanism,
1256 TEE_MODE_ENCRYPT,
1257 CKR_KEY_FUNCTION_NOT_PERMITTED);
1258
1259 ADBG_EXPECT_CK_OK(c, rv);
1260
1261 Do_ADBG_EndSubCase(c, NULL);
1262 if (rv)
1263 goto out;
1264
1265 }
1266
1267out:
1268 rv = C_CloseSession(session);
1269 ADBG_EXPECT_CK_OK(c, rv);
1270
1271 rv = close_lib();
1272 ADBG_EXPECT_CK_OK(c, rv);
1273}
1274
1275
1276ADBG_CASE_DEFINE(pkcs11, 1005, xtest_pkcs11_test_1005,
1277 "PKCS11: Check ciphering with valid and invalid keys #1");
1278
1279static void xtest_pkcs11_test_1006(ADBG_Case_t *c)
1280{
1281 CK_RV rv = CKR_GENERAL_ERROR;
1282 CK_SLOT_ID slot = 0;
1283 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1284 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1285
1286 rv = init_lib_and_find_token_slot(&slot);
1287 if (!ADBG_EXPECT_CK_OK(c, rv))
1288 return;
1289
1290 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1291 if (!ADBG_EXPECT_CK_OK(c, rv))
1292 goto out;
1293
1294 /* Encrypt only AES CTS key */
1295 rv = cipher_init_final(c, session,
1296 cktest_aes_enc_only_cts,
1297 ARRAY_SIZE(cktest_aes_enc_only_cts),
1298 &cktest_aes_cts_mechanism,
1299 TEE_MODE_ENCRYPT,
1300 CKR_OK);
1301 if (!ADBG_EXPECT_CK_OK(c, rv))
1302 goto out;
1303
1304 rv = cipher_init_final(c, session,
1305 cktest_aes_enc_only_cts,
1306 ARRAY_SIZE(cktest_aes_enc_only_cts),
1307 &cktest_aes_cts_mechanism,
1308 TEE_MODE_DECRYPT,
1309 CKR_KEY_FUNCTION_NOT_PERMITTED);
1310 if (!ADBG_EXPECT_CK_OK(c, rv))
1311 goto out;
1312
1313 /* Decrypt only AES CTR key */
1314 rv = cipher_init_final(c, session,
1315 cktest_aes_dec_only_ctr,
1316 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1317 &cktest_aes_ctr_mechanism,
1318 TEE_MODE_ENCRYPT,
1319 CKR_KEY_FUNCTION_NOT_PERMITTED);
1320 if (!ADBG_EXPECT_CK_OK(c, rv))
1321 goto out;
1322
1323 rv = cipher_init_final(c, session,
1324 cktest_aes_dec_only_ctr,
1325 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1326 &cktest_aes_ctr_mechanism,
1327 TEE_MODE_ENCRYPT,
1328 CKR_KEY_FUNCTION_NOT_PERMITTED);
1329 if (!ADBG_EXPECT_CK_OK(c, rv))
1330 goto out;
1331
1332out:
1333 rv = C_CloseSession(session);
1334 ADBG_EXPECT_CK_OK(c, rv);
1335
1336 rv = close_lib();
1337 ADBG_EXPECT_CK_OK(c, rv);
1338}
1339ADBG_CASE_DEFINE(pkcs11, 1006, xtest_pkcs11_test_1006,
1340 "PKCS11: Check ciphering with valid and invalid keys #2");
1341
1342static CK_RV open_cipher_session(ADBG_Case_t *c,
1343 CK_SLOT_ID slot, CK_SESSION_HANDLE_PTR session,
1344 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1345 CK_MECHANISM_PTR mechanism, uint32_t mode)
1346{
1347 CK_RV rv = CKR_GENERAL_ERROR;
1348 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1349 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1350
1351 switch (mode) {
1352 case TEE_MODE_ENCRYPT:
1353 case TEE_MODE_DECRYPT:
1354 break;
1355 default:
1356 ADBG_EXPECT_TRUE(c, false);
1357 return CKR_GENERAL_ERROR;
1358 }
1359
1360 rv = C_OpenSession(slot, session_flags, NULL, 0, session);
1361 if (rv == CKR_DEVICE_MEMORY)
1362 return rv;
1363 if (!ADBG_EXPECT_CK_OK(c, rv))
1364 return rv;
1365
1366 rv = C_CreateObject(*session, attr_key, attr_count, &object);
1367 if (rv == CKR_DEVICE_MEMORY)
1368 return rv;
1369 if (!ADBG_EXPECT_CK_OK(c, rv))
1370 return rv;
1371
1372 if (mode == TEE_MODE_ENCRYPT)
1373 rv = C_EncryptInit(*session, mechanism, object);
1374 if (mode == TEE_MODE_DECRYPT)
1375 rv = C_DecryptInit(*session, mechanism, object);
1376
1377 if (rv == CKR_DEVICE_MEMORY)
1378 return rv;
1379 if (!ADBG_EXPECT_CK_OK(c, rv))
1380 return CKR_GENERAL_ERROR;
1381
1382 return rv;
1383}
1384
1385static void xtest_pkcs11_test_1007(ADBG_Case_t *c)
1386{
1387 CK_RV rv = CKR_GENERAL_ERROR;
1388 CK_SLOT_ID slot = 0;
1389 CK_SESSION_HANDLE sessions[128];
1390 size_t n = 0;
1391
1392 for (n = 0; n < ARRAY_SIZE(sessions); n++)
1393 sessions[n] = CK_INVALID_HANDLE;
1394
1395 rv = init_lib_and_find_token_slot(&slot);
1396 if (!ADBG_EXPECT_CK_OK(c, rv))
1397 return;
1398
1399 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1400
1401 rv = open_cipher_session(c, slot, &sessions[n],
1402 cktest_allowed_valid[0].attr_key,
1403 cktest_allowed_valid[0].attr_count,
1404 cktest_allowed_valid[0].mechanism,
1405 TEE_MODE_ENCRYPT);
1406
1407 /* Failure due to memory allocation is not a error case */
1408 if (rv == CKR_DEVICE_MEMORY)
1409 break;
1410
1411 if (!ADBG_EXPECT_CK_OK(c, rv))
1412 goto out;
1413 }
1414
1415 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, >, 0))
1416 goto out;
1417
1418 Do_ADBG_Log(" created sessions count: %zu", n);
1419
1420 /* Closing session with out bound and invalid IDs (or negative ID) */
1421 rv = C_CloseSession(sessions[n - 1] + 1024);
1422 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1423 rv = C_CloseSession(CK_INVALID_HANDLE);
1424 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1425 rv = C_CloseSession(~0);
1426 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1427
1428 /* Closing each session: all related resources shall be free */
1429 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1430 if (sessions[n] == CK_INVALID_HANDLE)
1431 continue;
1432
1433 rv = C_CloseSession(sessions[n]);
1434 ADBG_EXPECT_CK_OK(c, rv);
1435 sessions[n] = CK_INVALID_HANDLE;
1436 }
1437
1438 /* Open and close another session */
1439 rv = open_cipher_session(c, slot, &sessions[0],
1440 cktest_allowed_valid[0].attr_key,
1441 cktest_allowed_valid[0].attr_count,
1442 cktest_allowed_valid[0].mechanism,
1443 TEE_MODE_ENCRYPT);
1444
1445 if (!ADBG_EXPECT_CK_OK(c, rv))
1446 goto out;
1447
1448 rv = C_CloseSession(sessions[0]);
1449 ADBG_EXPECT_CK_OK(c, rv);
1450 sessions[0] = CK_INVALID_HANDLE;
1451
1452out:
1453 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1454 if (sessions[n] == CK_INVALID_HANDLE)
1455 continue;
1456
1457 rv = C_CloseSession(sessions[n]);
1458 ADBG_EXPECT_CK_OK(c, rv);
1459 }
1460
1461 rv = close_lib();
1462 ADBG_EXPECT_CK_OK(c, rv);
1463}
1464ADBG_CASE_DEFINE(pkcs11, 1007, xtest_pkcs11_test_1007,
1465 "PKCS11: Check operations release at session closure");