TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / 71bc74045f8fcccce00ba3ce4e00974a3cad9607 / . / host / xtest / pkcs11_1000.c
blob: 3fca675986432666bc780408f18915f6f9be5557 [file] [log] [blame]
Etienne Carriere9b7b70d2020-05-16 10:27:23 +0200[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]2/*
3 * Copyright (c) 2018, Linaro Limited
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]4 */
5
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]6#include <ck_debug.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]7#include <inttypes.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]8#include <pkcs11.h>
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]9#include <stdio.h>
10#include <stdlib.h>
11#include <string.h>
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]12#include <util.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]13
14#include "xtest_test.h"
15#include "xtest_helpers.h"
16
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]17#include <regression_4000_data.h>
18
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]19/*
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]20 * Some PKCS#11 object resources used in the tests
21 */
22static const CK_BYTE cktest_aes128_key[16];
23
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]24static const CK_BYTE cktest_aes128_iv[16];
25
26static const CK_AES_CTR_PARAMS cktest_aes_ctr_params = {
27 .ulCounterBits = 1,
28};
29
30static CK_MECHANISM cktest_aes_ecb_mechanism = {
31 CKM_AES_ECB,
32 NULL, 0,
33};
34static CK_MECHANISM cktest_aes_cbc_mechanism = {
35 CKM_AES_CBC,
36 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
37};
38static CK_MECHANISM cktest_aes_ctr_mechanism = {
39 CKM_AES_CTR,
40 (CK_BYTE_PTR)&cktest_aes_ctr_params, sizeof(cktest_aes_ctr_params),
41};
42static CK_MECHANISM cktest_aes_cts_mechanism = {
43 CKM_AES_CTS,
44 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
45};
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]46static CK_MECHANISM cktest_hmac_md5_mechanism = {
47 CKM_MD5_HMAC, NULL, 0,
48};
49static CK_MECHANISM cktest_hmac_sha1_mechanism = {
50 CKM_SHA_1_HMAC, NULL, 0,
51};
52static CK_MECHANISM cktest_hmac_sha224_mechanism = {
53 CKM_SHA224_HMAC, NULL, 0,
54};
55static CK_MECHANISM cktest_hmac_sha256_mechanism = {
56 CKM_SHA256_HMAC, NULL, 0,
57};
58static CK_MECHANISM cktest_hmac_sha384_mechanism = {
59 CKM_SHA384_HMAC, NULL, 0,
60};
61static CK_MECHANISM cktest_hmac_sha512_mechanism = {
62 CKM_SHA512_HMAC, NULL, 0,
63};
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame^]64static CK_MECHANISM cktest_gensecret_keygen_mechanism = {
65 CKM_GENERIC_SECRET_KEY_GEN, NULL, 0,
66};
67static CK_MECHANISM cktest_aes_keygen_mechanism = {
68 CKM_AES_KEY_GEN, NULL, 0,
69};
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]70
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]71/*
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]72 * Util to find a slot on which to open a session
73 */
74static CK_RV close_lib(void)
75{
76 return C_Finalize(0);
77}
78
79static CK_RV init_lib_and_find_token_slot(CK_SLOT_ID *slot)
80{
81 CK_RV rv = CKR_GENERAL_ERROR;
82 CK_SLOT_ID_PTR slots = NULL;
83 CK_ULONG count = 0;
84
85 rv = C_Initialize(0);
86 if (rv)
87 return rv;
88
89 rv = C_GetSlotList(CK_TRUE, NULL, &count);
90 if (rv != CKR_OK)
91 goto bail;
92
93 if (count < 1) {
94 rv = CKR_GENERAL_ERROR;
95 goto bail;
96 }
97
98 slots = malloc(count * sizeof(CK_SLOT_ID));
99 if (!slots) {
100 rv = CKR_HOST_MEMORY;
101 goto bail;
102 }
103
104 rv = C_GetSlotList(CK_TRUE, slots, &count);
105 if (rv)
106 goto bail;
107
108 /* Use the last slot */
109 *slot = slots[count - 1];
110
111bail:
112 free(slots);
113 if (rv)
114 close_lib();
115
116 return rv;
117}
118
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]119static void xtest_pkcs11_test_1000(ADBG_Case_t *c)
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]120{
121 CK_RV rv;
122
123 rv = C_Initialize(NULL);
124 if (!ADBG_EXPECT_CK_OK(c, rv))
125 return;
126
127 rv = C_Finalize(NULL);
128 if (!ADBG_EXPECT_CK_OK(c, rv))
129 return;
130
131 rv = C_Initialize(NULL);
132 if (!ADBG_EXPECT_CK_OK(c, rv))
133 return;
134
135 rv = C_Initialize(NULL);
136 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_ALREADY_INITIALIZED, rv);
137
138 rv = C_Finalize(NULL);
139 ADBG_EXPECT_CK_OK(c, rv);
Etienne Carriere21f4e3c2020-02-05 15:40:24 +0100[diff] [blame]140
141 rv = C_Finalize(NULL);
142 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_NOT_INITIALIZED, rv);
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]143}
144
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]145ADBG_CASE_DEFINE(pkcs11, 1000, xtest_pkcs11_test_1000,
146 "Initialize and close Cryptoki library");
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]147
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]148static void xtest_pkcs11_test_1001(ADBG_Case_t *c)
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]149{
150 CK_RV rv = CKR_GENERAL_ERROR;
151 CK_SLOT_ID_PTR slot_ids = NULL;
152 CK_ULONG slot_count = 0;
153 CK_ULONG present_slot_count = 0;
154 CK_INFO lib_info = { };
155 CK_SLOT_INFO slot_info = { };
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]156 CK_TOKEN_INFO token_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]157 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
158 size_t i = 0;
159 CK_SLOT_ID max_slot_id = 0;
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]160 CK_MECHANISM_TYPE_PTR mecha_types = NULL;
161 CK_ULONG mecha_count = 0;
162 CK_MECHANISM_INFO mecha_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]163
164 rv = C_Initialize(NULL);
165 if (!ADBG_EXPECT_CK_OK(c, rv))
166 return;
167
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]168 Do_ADBG_BeginSubCase(c, "Test C_GetFunctionList()");
169
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]170 rv = C_GetFunctionList(&ckfunc_list);
171 if (!ADBG_EXPECT_CK_OK(c, rv))
172 goto out;
173
174 if (!ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetInfo) ||
175 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotList) ||
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]176 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotInfo) ||
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]177 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetTokenInfo) ||
178 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismList) ||
179 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismInfo))
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]180 goto out;
181
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]182 Do_ADBG_EndSubCase(c, "Test C_GetFunctionList()");
183 Do_ADBG_BeginSubCase(c, "Test C_GetInfo()");
184
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]185 rv = C_GetInfo(&lib_info);
186 if (!ADBG_EXPECT_CK_OK(c, rv))
187 goto out;
188
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]189 Do_ADBG_EndSubCase(c, "Test C_GetInfo()");
190 Do_ADBG_BeginSubCase(c, "Test C_GetSlotList()");
191
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]192 rv = C_GetSlotList(0, NULL, &slot_count);
193 if (!ADBG_EXPECT_CK_OK(c, rv))
194 goto out;
195
196 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, !=, 0))
197 goto out;
198
Etienne Carrierede746332020-03-04 19:43:53 +0100[diff] [blame]199 if (slot_count > 1) {
200 /* Ensure case non-NULL-buffer and zero-count is tested */
201 CK_SLOT_ID id = 0;
202
203 slot_count = 0;
204 rv = C_GetSlotList(0, &id, &slot_count);
205 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
206 goto out;
207 }
208
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]209 rv = C_GetSlotList(1, NULL, &present_slot_count);
210 if (!ADBG_EXPECT_CK_OK(c, rv))
211 goto out;
212
213 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, ==,
214 present_slot_count))
215 goto out;
216
217 slot_ids = calloc(slot_count, sizeof(CK_SLOT_ID));
218 if (!ADBG_EXPECT_NOT_NULL(c, slot_ids))
219 goto out;
220
221 slot_count--;
222 rv = C_GetSlotList(1, slot_ids, &slot_count);
223 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
224 goto out;
225
226 rv = C_GetSlotList(1, slot_ids, &slot_count);
227 if (!ADBG_EXPECT_CK_OK(c, rv))
228 goto out;
229
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]230 Do_ADBG_EndSubCase(c, "Test C_GetSlotList()");
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]231 Do_ADBG_BeginSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]232
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]233 for (i = 0; i < slot_count; i++) {
234 CK_SLOT_ID slot = slot_ids[i];
235
236 rv = C_GetSlotInfo(slot, &slot_info);
237 if (!ADBG_EXPECT_CK_OK(c, rv))
238 goto out;
239
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]240 rv = C_GetTokenInfo(slot, &token_info);
241 if (!ADBG_EXPECT_CK_OK(c, rv))
242 goto out;
243
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]244 if (max_slot_id < slot)
245 max_slot_id = slot;
246 }
247
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]248 Do_ADBG_EndSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]249 Do_ADBG_BeginSubCase(c, "Test C_GetMechanism{List|Info}()");
250
251 for (i = 0; i < slot_count; i++) {
252 CK_SLOT_ID slot = slot_ids[i];
253 size_t j = 0;
254
255 mecha_count = 0;
256 rv = C_GetMechanismList(slot, NULL, &mecha_count);
257 if (!ADBG_EXPECT_CK_OK(c, rv))
258 goto out;
259
260 if (mecha_count == 0)
261 continue;
262
263 free(mecha_types);
264 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
265 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
266 goto out;
267
268 /* Test specific case: valid buffer reference with 0 count */
269 mecha_count = 0;
270 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
271 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
272 goto out;
273
274 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
275 if (!ADBG_EXPECT_CK_OK(c, rv))
276 goto out;
277
278 for (j = 0; j < mecha_count; j++) {
279 rv = C_GetMechanismInfo(slot, mecha_types[j],
280 &mecha_info);
281 if (!ADBG_EXPECT_CK_OK(c, rv))
282 goto out;
283 }
284 }
285
286 Do_ADBG_EndSubCase(c, "Test C_GetMechanism{List|Info}()");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]287 Do_ADBG_BeginSubCase(c, "Test C_Get*Info() with invalid reference");
288
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]289 rv = C_GetSlotInfo(max_slot_id + 1, &slot_info);
290 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
291 goto out;
292
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]293 rv = C_GetTokenInfo(max_slot_id + 1, &token_info);
294 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
295 goto out;
296
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]297 mecha_count = 1;
298 if (!mecha_types)
299 mecha_types = malloc(sizeof(*mecha_types));
300 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
301 goto out;
302
303 rv = C_GetMechanismList(max_slot_id + 1, mecha_types, &mecha_count);
304 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
305 goto out;
306
307 rv = C_GetMechanismInfo(max_slot_id + 1, CKM_AES_KEY_GEN, &mecha_info);
308 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
309 goto out;
310
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]311 rv = C_GetSlotInfo(ULONG_MAX, &slot_info);
312 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
313 goto out;
314
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]315 rv = C_GetTokenInfo(ULONG_MAX, &token_info);
316 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
317 goto out;
318
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]319 mecha_count = 1;
320 rv = C_GetMechanismList(ULONG_MAX, mecha_types, &mecha_count);
321 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
322 goto out;
323
324 rv = C_GetMechanismInfo(ULONG_MAX, CKM_AES_KEY_GEN, &mecha_info);
325 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
326 goto out;
327
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]328out:
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]329 Do_ADBG_EndSubCase(c, NULL);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]330 free(slot_ids);
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]331 free(mecha_types);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]332
333 rv = C_Finalize(NULL);
334 ADBG_EXPECT_CK_OK(c, rv);
335}
336
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]337ADBG_CASE_DEFINE(pkcs11, 1001, xtest_pkcs11_test_1001,
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]338 "PKCS11: List PKCS#11 slots and get information from");
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]339
340static void xtest_pkcs11_test_1002(ADBG_Case_t *c)
341{
342 CK_RV rv = CKR_GENERAL_ERROR;
343 CK_SLOT_ID slot = 0;
344 CK_SESSION_HANDLE session[3] = { 0 };
345 CK_FLAGS session_flags = 0;
346 CK_SESSION_INFO session_info = { };
347 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
348
349 rv = init_lib_and_find_token_slot(&slot);
350 if (!ADBG_EXPECT_CK_OK(c, rv))
351 return;
352
353 rv = C_GetFunctionList(&ckfunc_list);
354 if (!ADBG_EXPECT_CK_OK(c, rv) ||
355 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_OpenSession) ||
356 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseSession) ||
357 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseAllSessions) ||
358 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSessionInfo))
359 goto bail;
360
361 Do_ADBG_BeginSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
362
363 session_flags = CKF_RW_SESSION;
364
365 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
366 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
367 goto bail;
368
369 session_flags = CKF_SERIAL_SESSION;
370
371 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
372 if (!ADBG_EXPECT_CK_OK(c, rv))
373 goto bail;
374
375 rv = C_GetSessionInfo(session[0], &session_info);
376 if (!ADBG_EXPECT_CK_OK(c, rv) ||
377 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
378 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
379 session_flags) ||
380 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
381 CKS_RO_PUBLIC_SESSION) ||
382 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
383 goto bail;
384
385 session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
386
387 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[1]);
388 if (!ADBG_EXPECT_CK_OK(c, rv))
389 goto bail;
390
391 rv = C_GetSessionInfo(session[1], &session_info);
392 if (!ADBG_EXPECT_CK_OK(c, rv) ||
393 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
394 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
395 session_flags) ||
396 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
397 CKS_RW_PUBLIC_SESSION) ||
398 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
399 goto bail;
400
401 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[2]);
402 if (!ADBG_EXPECT_CK_OK(c, rv))
403 goto bail;
404
405 rv = C_GetSessionInfo(session[2], &session_info);
406 if (!ADBG_EXPECT_CK_OK(c, rv) ||
407 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
408 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
409 session_flags) ||
410 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
411 CKS_RW_PUBLIC_SESSION) ||
412 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
413 goto bail;
414
415 Do_ADBG_EndSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
416 Do_ADBG_BeginSubCase(c, "Test C_CloseSession()");
417
418 /* Close 2 of them */
419 rv = C_CloseSession(session[0]);
420 if (!ADBG_EXPECT_CK_OK(c, rv))
421 goto bail;
422
423 rv = C_GetSessionInfo(session[0], &session_info);
424 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
425 goto bail;
426
427 rv = C_GetSessionInfo(session[1], &session_info);
428 if (!ADBG_EXPECT_CK_OK(c, rv))
429 goto bail;
430
431 rv = C_GetSessionInfo(session[2], &session_info);
432 if (!ADBG_EXPECT_CK_OK(c, rv))
433 goto bail;
434
435 /* Close all remaining sessions, later calls should failed on session */
436 rv = C_CloseAllSessions(slot);
437 if (!ADBG_EXPECT_CK_OK(c, rv))
438 goto bail;
439
440 rv = C_CloseSession(session[1]);
441 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
442 goto bail;
443
444 rv = C_CloseSession(session[2]);
445 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
446 goto bail;
447
448 rv = C_GetSessionInfo(session[1], &session_info);
449 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
450 goto bail;
451
452 rv = C_GetSessionInfo(session[2], &session_info);
453 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
454 goto bail;
455
456 /* Open a session, should be closed from library closure */
457 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
458 if (!ADBG_EXPECT_CK_OK(c, rv))
459 goto bail;
460
461bail:
462 Do_ADBG_EndSubCase(c, NULL);
463 rv = close_lib();
464 ADBG_EXPECT_CK_OK(c, rv);
465}
466
467ADBG_CASE_DEFINE(pkcs11, 1002, xtest_pkcs11_test_1002,
468 "PKCS11: Open and close PKCS#11 sessions");
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]469
470/*
471 * Helpers for tests where we must log into the token.
472 * These define the genuine PINs and label to be used with the test token.
473 */
474static CK_UTF8CHAR test_token_so_pin[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 , 9, 10, };
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]475static CK_UTF8CHAR test_token_user_pin[] = {
476 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
477};
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]478static CK_UTF8CHAR test_token_label[] = "PKCS11 TA test token";
479
480static CK_RV init_test_token(CK_SLOT_ID slot)
481{
482 return C_InitToken(slot, test_token_so_pin, sizeof(test_token_so_pin),
483 test_token_label);
484}
485
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]486/* Login as user, eventually reset user PIN if needed */
487static CK_RV init_user_test_token(CK_SLOT_ID slot)
488{
489 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
490 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
491 CK_RV rv = CKR_GENERAL_ERROR;
492
493 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
494 if (rv)
495 return rv;
496
497 rv = C_Login(session, CKU_USER, test_token_user_pin,
498 sizeof(test_token_user_pin));
499 if (rv == CKR_OK) {
500 C_Logout(session);
501 C_CloseSession(session);
502 return rv;
503 }
504
505 rv = C_Login(session, CKU_SO, test_token_so_pin,
506 sizeof(test_token_so_pin));
507 if (rv) {
508 C_CloseSession(session);
509
510 rv = init_test_token(slot);
511 if (rv)
512 return rv;
513
514 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
515 if (rv)
516 return rv;
517
518 rv = C_Login(session, CKU_SO, test_token_so_pin,
519 sizeof(test_token_so_pin));
520 if (rv) {
521 C_CloseSession(session);
522 return rv;
523 }
524 }
525
526 rv = C_InitPIN(session, test_token_user_pin,
527 sizeof(test_token_user_pin));
528
529 C_Logout(session);
530 C_CloseSession(session);
531
532 return rv;
533}
534
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]535static CK_RV test_already_initialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
536{
537 CK_RV rv = CKR_GENERAL_ERROR;
538 CK_TOKEN_INFO token_info = { };
539 /* Same content as test_token_so_pin[] but 1 more byte */
540 CK_UTF8CHAR pin1[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, };
541 /* Same content as test_token_so_pin[] but 1 different byte */
542 CK_UTF8CHAR pin2[] = { 0, 1, 2, 3, 4, 5, 6, 6, 8, 9, 10, };
543 CK_FLAGS flags = 0;
544
545 Do_ADBG_BeginSubCase(c, "C_InitToken() on initialized token");
546
547 rv = C_GetTokenInfo(slot, &token_info);
548 if (!ADBG_EXPECT_CK_OK(c, rv))
549 goto out;
550
551 rv = C_InitToken(slot, test_token_so_pin,
552 sizeof(test_token_so_pin) - 1, test_token_label);
553 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
554 goto out;
555
556 rv = C_InitToken(slot, pin1, sizeof(pin1), test_token_label);
557 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
558 goto out;
559
560 rv = C_InitToken(slot, pin2, sizeof(pin2), test_token_label);
561 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
562 goto out;
563
564 rv = C_GetTokenInfo(slot, &token_info);
565 if (!ADBG_EXPECT_CK_OK(c, rv))
566 goto out;
567
568 flags = token_info.flags;
569
570 /* Token should have set CKF_SO_PIN_COUNT_LOW to 1 */
571 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_SO_PIN_COUNT_LOW))) {
572 rv = CKR_GENERAL_ERROR;
573 goto out;
574 }
575
576 rv = init_test_token(slot);
577 if (!ADBG_EXPECT_CK_OK(c, rv))
578 goto out;
579
580 rv = C_GetTokenInfo(slot, &token_info);
581 if (!ADBG_EXPECT_CK_OK(c, rv))
582 goto out;
583
584 flags = token_info.flags;
585
586 /*
587 * Token should have reset CKF_SO_PIN_COUNT_LOW to 0.
588 * Other flags should show a sane initialized state.
589 */
590 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_SO_PIN_COUNT_LOW)) ||
591 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
592 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
593 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
594 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]595 goto out;
596 }
597
598 rv = init_user_test_token(slot);
599 if (!ADBG_EXPECT_CK_OK(c, rv))
600 goto out;
601
602 rv = C_GetTokenInfo(slot, &token_info);
603 if (!ADBG_EXPECT_CK_OK(c, rv))
604 goto out;
605
606 flags = token_info.flags;
607
608 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
609 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
610 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
611 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
612 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
613 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE))) {
614 rv = CKR_GENERAL_ERROR;
615 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]616 }
617
618out:
619 Do_ADBG_EndSubCase(c, "C_InitToken() on initialized token");
620
621 return rv;
622}
623
624static CK_RV test_uninitialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
625{
626 CK_RV rv = CKR_GENERAL_ERROR;
627 CK_TOKEN_INFO token_info = { };
628 CK_FLAGS flags = 0;
629
630 Do_ADBG_BeginSubCase(c, "C_InitToken() on uninitialized token");
631
632 rv = init_test_token(slot);
633 if (!ADBG_EXPECT_CK_OK(c, rv))
634 goto out;
635
636 rv = C_GetTokenInfo(slot, &token_info);
637 if (!ADBG_EXPECT_CK_OK(c, rv))
638 goto out;
639
640 flags = token_info.flags;
641
642 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
643 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
644 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
645 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]646 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]647 }
648
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]649 rv = init_user_test_token(slot);
650 if (!ADBG_EXPECT_CK_OK(c, rv))
651 goto out;
652
653 rv = C_GetTokenInfo(slot, &token_info);
654 if (!ADBG_EXPECT_CK_OK(c, rv))
655 goto out;
656
657 flags = token_info.flags;
658
659 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
660 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
661 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
662 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
663 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
664 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
665 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)))
666 rv = CKR_GENERAL_ERROR;
667
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]668out:
669 Do_ADBG_EndSubCase(c, "C_InitToken() on uninitialized token");
670
671 return rv;
672}
673
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]674static CK_RV test_login_logout(ADBG_Case_t *c, CK_SLOT_ID slot)
675{
676 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
677 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
678 CK_RV rv = CKR_GENERAL_ERROR;
679
680 Do_ADBG_BeginSubCase(c, "Test C_Login()/C_Logout()");
681
682 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
683 if (!ADBG_EXPECT_CK_OK(c, rv))
684 goto out;
685
686 /* Logout: should fail as we did not log in yet */
687 rv = C_Logout(session);
688 ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv);
689
690 /* Login/re-log/logout user */
691 rv = C_Login(session, CKU_USER, test_token_user_pin,
692 sizeof(test_token_user_pin));
693 if (!ADBG_EXPECT_CK_OK(c, rv))
694 goto out;
695
696 rv = C_Login(session, CKU_USER, test_token_user_pin,
697 sizeof(test_token_user_pin));
698 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
699
700 rv = C_Logout(session);
701 if (!ADBG_EXPECT_CK_OK(c, rv))
702 goto out;
703
704 /* Login/re-log/logout security officer */
705 rv = C_Login(session, CKU_SO, test_token_so_pin,
706 sizeof(test_token_so_pin));
707 if (!ADBG_EXPECT_CK_OK(c, rv))
708 goto out;
709
710 rv = C_Login(session, CKU_SO, test_token_so_pin,
711 sizeof(test_token_so_pin));
712 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
713
714 rv = C_Logout(session);
715 if (!ADBG_EXPECT_CK_OK(c, rv))
716 goto out;
717
718 /* Login user then SO and reverse */
719 rv = C_Login(session, CKU_SO, test_token_so_pin,
720 sizeof(test_token_so_pin));
721 ADBG_EXPECT_CK_OK(c, rv);
722
723 rv = C_Login(session, CKU_USER, test_token_user_pin,
724 sizeof(test_token_user_pin));
725 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
726
727 rv = C_Logout(session);
728 if (!ADBG_EXPECT_CK_OK(c, rv))
729 goto out;
730
731 rv = C_Login(session, CKU_USER, test_token_user_pin,
732 sizeof(test_token_user_pin));
733 ADBG_EXPECT_CK_OK(c, rv);
734
735 rv = C_Login(session, CKU_SO, test_token_so_pin,
736 sizeof(test_token_so_pin));
737 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
738
739 rv = C_Logout(session);
740 ADBG_EXPECT_CK_OK(c, rv);
741
742 /* Login context specifc, in an invalid case (need an operation) */
743 rv = C_Login(session, CKU_CONTEXT_SPECIFIC, test_token_user_pin,
744 sizeof(test_token_user_pin));
745 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
746
747 rv = C_CloseSession(session);
748 ADBG_EXPECT_CK_OK(c, rv);
749
750out:
751 Do_ADBG_EndSubCase(c, "Test C_Login()/C_Logout()");
752 return rv;
753}
754
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]755static CK_RV test_set_pin(ADBG_Case_t *c, CK_SLOT_ID slot,
756 CK_USER_TYPE user_type)
757{
758 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
759 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
760 CK_UTF8CHAR some_pin[] = { 7, 6, 5, 4, 3, 2, 1, 2, 3, 4, 5, 6, 7 };
761 CK_UTF8CHAR_PTR old_pin = NULL;
762 CK_USER_TYPE ut = user_type;
763 size_t old_pin_sz = 0;
764 CK_RV rv2 = CKR_OK;
765 CK_RV rv = CKR_OK;
766
767 Do_ADBG_BeginSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
768
769 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
770 if (!ADBG_EXPECT_CK_OK(c, rv))
771 goto out;
772
773 if (user_type == CKU_SO) {
774 old_pin = (CK_UTF8CHAR_PTR)test_token_so_pin;
775 old_pin_sz = sizeof(test_token_so_pin);
776 } else {
777 old_pin = (CK_UTF8CHAR_PTR)test_token_user_pin;
778 old_pin_sz = sizeof(test_token_user_pin);
779 ut = CKU_USER;
780 }
781
782 if (ut == user_type) {
783 rv = C_Login(session, ut, old_pin, old_pin_sz);
784 if (!ADBG_EXPECT_CK_OK(c, rv))
785 goto out_session;
786 }
787
788 rv = C_SetPIN(session, old_pin, old_pin_sz, some_pin, sizeof(some_pin));
789 if (!ADBG_EXPECT_CK_OK(c, rv)) {
790 if (ut == user_type)
791 goto out_logout;
792 else
793 goto out_session;
794 }
795
796 if (ut == user_type) {
797 rv = C_Logout(session);
798 if (!ADBG_EXPECT_CK_OK(c, rv))
799 goto out_session;
800 }
801
802 rv = C_Login(session, ut, some_pin, sizeof(some_pin));
803 if (!ADBG_EXPECT_CK_OK(c, rv))
804 goto out_session;
805
806 rv = C_SetPIN(session, some_pin, sizeof(some_pin), old_pin, old_pin_sz);
807 ADBG_EXPECT_CK_OK(c, rv);
808
809out_logout:
810 rv2 = C_Logout(session);
811 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
812 rv = rv2;
813out_session:
814 rv2 = C_CloseSession(session);
815 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
816 rv = rv2;
817out:
818 Do_ADBG_EndSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
819
820 return rv;
821}
822
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]823static void xtest_pkcs11_test_1003(ADBG_Case_t *c)
824{
825 CK_RV rv = CKR_GENERAL_ERROR;
826 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
827 CK_SLOT_ID slot = 0;
828 CK_TOKEN_INFO token_info = { };
829
830 rv = C_GetFunctionList(&ckfunc_list);
831 if (!ADBG_EXPECT_CK_OK(c, rv) ||
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]832 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitToken) ||
833 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitPIN) ||
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]834 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_SetPIN) ||
835 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Login) ||
836 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Logout))
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]837 goto out;
838
839 rv = init_lib_and_find_token_slot(&slot);
840 if (!ADBG_EXPECT_CK_OK(c, rv))
841 return;
842
843 rv = C_GetTokenInfo(slot, &token_info);
844 if (!ADBG_EXPECT_CK_OK(c, rv))
845 goto out;
846
847 /* Abort test if token is about to lock */
848 if (!ADBG_EXPECT_TRUE(c, !(token_info.flags & CKF_SO_PIN_FINAL_TRY)))
849 goto out;
850
851 if (!(token_info.flags & CKF_TOKEN_INITIALIZED)) {
852 rv = test_uninitialized_token(c, slot);
853 if (rv != CKR_OK)
854 goto out;
855 }
856
857 rv = test_already_initialized_token(c, slot);
858 if (rv != CKR_OK)
859 goto out;
860
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]861 rv = test_login_logout(c, slot);
862 if (rv != CKR_OK)
863 goto out;
864
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]865 rv = test_set_pin(c, slot, CKU_USER);
866 if (rv != CKR_OK)
867 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]868
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]869 rv = test_set_pin(c, slot, CKU_SO);
870 if (rv != CKR_OK)
871 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]872
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]873 /*
874 * CKU_CONTEXT_SPECIFIC is anything not CKU_USER or CKU_SO in order
875 * to skip the initial login.
876 */
877 test_set_pin(c, slot, CKU_CONTEXT_SPECIFIC);
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]878out:
879 rv = close_lib();
880 ADBG_EXPECT_CK_OK(c, rv);
881}
882
883ADBG_CASE_DEFINE(pkcs11, 1003, xtest_pkcs11_test_1003,
884 "PKCS11: Login to PKCS#11 token");
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]885
886static CK_ATTRIBUTE cktest_token_object[] = {
887 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
888 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
889 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
890 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
891 sizeof(CK_OBJECT_CLASS) },
892 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
893 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
894};
895
896static CK_ATTRIBUTE cktest_session_object[] = {
897 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
898 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
899 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
900 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
901 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
902 sizeof(CK_OBJECT_CLASS) },
903 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
904};
905
906/* Create session object and token object from a session */
907static void test_create_destroy_single_object(ADBG_Case_t *c, bool persistent)
908{
909 CK_RV rv = CKR_GENERAL_ERROR;
910 CK_SLOT_ID slot = 0;
911 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
912 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
913 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
914
915 rv = init_lib_and_find_token_slot(&slot);
916 if (!ADBG_EXPECT_CK_OK(c, rv))
917 return;
918
919 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
920 if (!ADBG_EXPECT_CK_OK(c, rv))
921 goto out;
922
923 if (persistent) {
924 rv = C_CreateObject(session, cktest_token_object,
925 ARRAY_SIZE(cktest_token_object),
926 &obj_hdl);
927 } else {
928 rv = C_CreateObject(session, cktest_session_object,
929 ARRAY_SIZE(cktest_session_object),
930 &obj_hdl);
931 }
932
933 if (!ADBG_EXPECT_CK_OK(c, rv))
934 goto out;
935
936 rv = C_DestroyObject(session, obj_hdl);
937 ADBG_EXPECT_CK_OK(c, rv);
938out:
939 rv = C_CloseSession(session);
940 ADBG_EXPECT_CK_OK(c, rv);
941
942 rv = close_lib();
943 ADBG_EXPECT_CK_OK(c, rv);
944}
945
946static void test_create_destroy_session_objects(ADBG_Case_t *c)
947{
948 CK_RV rv = CKR_GENERAL_ERROR;
949 CK_SLOT_ID slot = 0;
950 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
951 CK_OBJECT_HANDLE obj_hdl[512] = { 0 };
952 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
953 size_t n = 0;
954
955 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
956 obj_hdl[n] = CK_INVALID_HANDLE;
957
958 rv = init_lib_and_find_token_slot(&slot);
959 if (!ADBG_EXPECT_CK_OK(c, rv))
960 return;
961
962 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
963 if (!ADBG_EXPECT_CK_OK(c, rv))
964 goto out;
965
966 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++) {
967 rv = C_CreateObject(session, cktest_session_object,
968 ARRAY_SIZE(cktest_session_object),
969 obj_hdl + n);
970
971 if (rv == CKR_DEVICE_MEMORY || !ADBG_EXPECT_CK_OK(c, rv))
972 break;
973 }
974
975 Do_ADBG_Log(" created object count: %zu", n);
976
977 rv = C_CloseSession(session);
978 ADBG_EXPECT_CK_OK(c, rv);
979
980 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
981 if (!ADBG_EXPECT_CK_OK(c, rv))
982 goto out;
983
984 rv = C_CreateObject(session, cktest_session_object,
985 ARRAY_SIZE(cktest_session_object),
986 obj_hdl);
987
988 ADBG_EXPECT_CK_OK(c, rv);
989
990out:
991 rv = C_CloseSession(session);
992 ADBG_EXPECT_CK_OK(c, rv);
993
994 rv = close_lib();
995 ADBG_EXPECT_CK_OK(c, rv);
996}
997
998/* Create session object and token object from a session */
999static void test_create_objects_in_session(ADBG_Case_t *c, bool readwrite)
1000{
1001 CK_RV rv = CKR_GENERAL_ERROR;
1002 CK_SLOT_ID slot = 0;
1003 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1004 CK_OBJECT_HANDLE token_obj_hld = CK_INVALID_HANDLE;
1005 CK_OBJECT_HANDLE session_obj_hld = CK_INVALID_HANDLE;
1006 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1007
1008 rv = init_lib_and_find_token_slot(&slot);
1009 if (!ADBG_EXPECT_CK_OK(c, rv))
1010 return;
1011
1012 if (readwrite)
1013 session_flags |= CKF_RW_SESSION;
1014
1015 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1016 if (!ADBG_EXPECT_CK_OK(c, rv))
1017 goto out;
1018
1019 rv = C_CreateObject(session, cktest_token_object,
1020 ARRAY_SIZE(cktest_token_object),
1021 &token_obj_hld);
1022
1023 if (readwrite) {
1024 if (!ADBG_EXPECT_CK_OK(c, rv))
1025 goto out;
1026 } else {
1027 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
1028 goto out;
1029 }
1030
1031 rv = C_CreateObject(session, cktest_session_object,
1032 ARRAY_SIZE(cktest_session_object),
1033 &session_obj_hld);
1034
1035 if (!ADBG_EXPECT_CK_OK(c, rv))
1036 goto out_tobj;
1037
1038 rv = C_DestroyObject(session, session_obj_hld);
1039 ADBG_EXPECT_CK_OK(c, rv);
1040
1041out_tobj:
1042 if (readwrite) {
1043 rv = C_DestroyObject(session, token_obj_hld);
1044 ADBG_EXPECT_CK_OK(c, rv);
1045 }
1046out:
1047 rv = C_CloseSession(session);
1048 ADBG_EXPECT_CK_OK(c, rv);
1049
1050 rv = close_lib();
1051 ADBG_EXPECT_CK_OK(c, rv);
1052}
1053
1054static void xtest_pkcs11_test_1004(ADBG_Case_t *c)
1055{
1056 Do_ADBG_BeginSubCase(c, "Create and destroy a volatile object");
1057 test_create_destroy_single_object(c, false /*!persistent*/);
1058 Do_ADBG_EndSubCase(c, "Create and destroy a volatile object");
1059
1060 Do_ADBG_BeginSubCase(c, "Create and destroy a persistent object");
1061 test_create_destroy_single_object(c, true /*persistent*/);
1062 Do_ADBG_EndSubCase(c, "Create and destroy a persistent object");
1063
1064 Do_ADBG_BeginSubCase(c, "Create and destroy many session objects");
1065 test_create_destroy_session_objects(c);
1066 Do_ADBG_EndSubCase(c, "Create and destroy many session objects");
1067
1068 Do_ADBG_BeginSubCase(c, "Create objects in a read-only session");
1069 test_create_objects_in_session(c, false /*!readwrite*/);
1070 Do_ADBG_EndSubCase(c, "Create objects in a read-only session");
1071
1072 Do_ADBG_BeginSubCase(c, "Create objects in a read/write session");
1073 test_create_objects_in_session(c, true /*readwrite*/);
1074 Do_ADBG_EndSubCase(c, "Create objects in a read/write session");
1075}
1076
1077ADBG_CASE_DEFINE(pkcs11, 1004, xtest_pkcs11_test_1004,
1078 "PKCS11: create/destroy PKCS#11 simple objects");
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]1079
1080
1081static const CK_MECHANISM_TYPE allowed_only_aes_ecb[] = {
1082 CKM_AES_ECB,
1083};
1084static const CK_MECHANISM_TYPE allowed_not_aes_ecb[] = {
1085 CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1086 CKM_AES_GCM, CKM_AES_CCM,
1087};
1088static const CK_MECHANISM_TYPE allowed_only_aes_cbcnopad[] = {
1089 CKM_AES_CBC,
1090};
1091static const CK_MECHANISM_TYPE allowed_not_aes_cbcnopad[] = {
1092 CKM_AES_ECB, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1093 CKM_AES_GCM, CKM_AES_CCM,
1094};
1095static const CK_MECHANISM_TYPE allowed_only_aes_ctr[] = {
1096 CKM_AES_CTR,
1097};
1098static const CK_MECHANISM_TYPE allowed_not_aes_ctr[] = {
1099 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTS,
1100 CKM_AES_GCM, CKM_AES_CCM,
1101};
1102static const CK_MECHANISM_TYPE allowed_only_aes_cts[] = {
1103 CKM_AES_CTS,
1104};
1105static const CK_MECHANISM_TYPE allowed_not_aes_cts[] = {
1106 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR,
1107 CKM_AES_GCM, CKM_AES_CCM,
1108};
1109
1110#define CKTEST_AES_KEY \
1111 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1112 sizeof(CK_OBJECT_CLASS) }, \
1113 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, \
1114 sizeof(CK_KEY_TYPE) }, \
1115 { CKA_VALUE, (void *)cktest_aes128_key, \
1116 sizeof(cktest_aes128_key) }
1117
1118#define CKTEST_AES_ALLOWED_KEY(_allowed) \
1119 { CKA_ALLOWED_MECHANISMS, (void *)_allowed, sizeof(_allowed), }
1120
1121#define CK_KEY_ALLOWED_AES_TEST(_label, _allowed) \
1122 static CK_ATTRIBUTE _label[] = { \
1123 CKTEST_AES_KEY, \
1124 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1125 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1126 CKTEST_AES_ALLOWED_KEY(_allowed), \
1127 }
1128
1129#define CK_KEY_ALLOWED_AES_ENC_TEST(_label, _allowed) \
1130 static CK_ATTRIBUTE _label[] = { \
1131 CKTEST_AES_KEY, \
1132 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1133 CKTEST_AES_ALLOWED_KEY(_allowed), \
1134 }
1135#define CK_KEY_ALLOWED_AES_DEC_TEST(_label, _allowed) \
1136 static CK_ATTRIBUTE _label[] = { \
1137 CKTEST_AES_KEY, \
1138 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1139 CKTEST_AES_ALLOWED_KEY(_allowed), \
1140 }
1141
1142CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ecb, allowed_only_aes_ecb);
1143CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ecb, allowed_not_aes_ecb);
1144CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cbcnopad, allowed_only_aes_cbcnopad);
1145CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cbcnopad, allowed_not_aes_cbcnopad);
1146CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cts, allowed_only_aes_cts);
1147CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cts, allowed_not_aes_cts);
1148CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ctr, allowed_only_aes_ctr);
1149CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ctr, allowed_not_aes_ctr);
1150
1151struct cktest_allowed_test {
1152 CK_ATTRIBUTE_PTR attr_key;
1153 CK_ULONG attr_count;
1154 CK_MECHANISM_PTR mechanism;
1155};
1156
1157#define CKTEST_KEY_MECHA(key, mecha) { \
1158 .attr_key = key, \
1159 .attr_count = ARRAY_SIZE(key), \
1160 .mechanism = mecha, \
1161 }
1162
1163static const struct cktest_allowed_test cktest_allowed_valid[] = {
1164 CKTEST_KEY_MECHA(cktest_aes_only_ecb, &cktest_aes_ecb_mechanism),
1165 CKTEST_KEY_MECHA(cktest_aes_only_cbcnopad, &cktest_aes_cbc_mechanism),
1166 CKTEST_KEY_MECHA(cktest_aes_only_cts, &cktest_aes_cts_mechanism),
1167 CKTEST_KEY_MECHA(cktest_aes_only_ctr, &cktest_aes_ctr_mechanism),
1168};
1169
1170static const struct cktest_allowed_test cktest_allowed_invalid[] = {
1171 CKTEST_KEY_MECHA(cktest_aes_not_ecb, &cktest_aes_ecb_mechanism),
1172 CKTEST_KEY_MECHA(cktest_aes_not_cbcnopad, &cktest_aes_cbc_mechanism),
1173 CKTEST_KEY_MECHA(cktest_aes_not_cts, &cktest_aes_cts_mechanism),
1174 CKTEST_KEY_MECHA(cktest_aes_not_ctr, &cktest_aes_ctr_mechanism),
1175};
1176
1177/* Create session object and token object from a session */
1178static CK_RV cipher_init_final(ADBG_Case_t *c, CK_SESSION_HANDLE session,
1179 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1180 CK_MECHANISM_PTR mechanism, uint32_t mode,
1181 CK_RV expected_rc)
1182{
1183 CK_RV rv2 = CKR_GENERAL_ERROR;
1184 CK_RV rv = CKR_GENERAL_ERROR;
1185 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1186
1187 switch (mode) {
1188 case TEE_MODE_ENCRYPT:
1189 case TEE_MODE_DECRYPT:
1190 break;
1191 default:
1192 ADBG_EXPECT_TRUE(c, false);
1193 }
1194
1195 rv = C_CreateObject(session, attr_key, attr_count, &object);
1196 if (!ADBG_EXPECT_CK_OK(c, rv))
1197 return rv;
1198
1199 if (mode == TEE_MODE_ENCRYPT)
1200 rv = C_EncryptInit(session, mechanism, object);
1201 if (mode == TEE_MODE_DECRYPT)
1202 rv = C_DecryptInit(session, mechanism, object);
1203
1204 if (!ADBG_EXPECT_CK_RESULT(c, expected_rc, rv)) {
1205 rv = CKR_GENERAL_ERROR;
1206 goto out;
1207 }
1208
1209 if (rv) {
1210 /*
1211 * If we're here it was the expected error code above and
1212 * we're supposed to return OK below.
1213 */
1214 rv = CKR_OK;
1215 } else {
1216 if (mode == TEE_MODE_ENCRYPT)
1217 rv = C_EncryptFinal(session, NULL, NULL);
1218 if (mode == TEE_MODE_DECRYPT)
1219 rv = C_DecryptFinal(session, NULL, NULL);
1220
1221 /* Only check that the operation is no more active */
1222 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
1223 rv = CKR_GENERAL_ERROR;
1224 }
1225
1226out:
1227 rv2 = C_DestroyObject(session, object);
1228 ADBG_EXPECT_CK_OK(c, rv2);
1229
1230 if (rv)
1231 return rv;
1232 else
1233 return rv2;
1234}
1235
1236CK_KEY_ALLOWED_AES_ENC_TEST(cktest_aes_enc_only_cts, allowed_only_aes_cts);
1237
1238CK_KEY_ALLOWED_AES_DEC_TEST(cktest_aes_dec_only_ctr, allowed_only_aes_ctr);
1239
1240static void xtest_pkcs11_test_1005(ADBG_Case_t *c)
1241{
1242 CK_RV rv = CKR_GENERAL_ERROR;
1243 CK_SLOT_ID slot = 0;
1244 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1245 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1246 size_t n = 0;
1247
1248 rv = init_lib_and_find_token_slot(&slot);
1249 if (!ADBG_EXPECT_CK_OK(c, rv))
1250 return;
1251
1252 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1253 if (!ADBG_EXPECT_CK_OK(c, rv))
1254 goto out;
1255
1256 for (n = 0; n < ARRAY_SIZE(cktest_allowed_valid); n++) {
1257
1258 Do_ADBG_BeginSubCase(c, "valid usage #%zu", n);
1259
1260 rv = cipher_init_final(c, session,
1261 cktest_allowed_valid[n].attr_key,
1262 cktest_allowed_valid[n].attr_count,
1263 cktest_allowed_valid[n].mechanism,
1264 TEE_MODE_ENCRYPT,
1265 CKR_OK);
1266
1267 ADBG_EXPECT_CK_OK(c, rv);
1268
1269 Do_ADBG_EndSubCase(c, NULL);
1270 if (rv)
1271 goto out;
1272
1273 }
1274
1275 for (n = 0; n < ARRAY_SIZE(cktest_allowed_invalid); n++) {
1276 Do_ADBG_BeginSubCase(c, "invalid usage #%zu", n);
1277
1278 rv = cipher_init_final(c, session,
1279 cktest_allowed_invalid[n].attr_key,
1280 cktest_allowed_invalid[n].attr_count,
1281 cktest_allowed_invalid[n].mechanism,
1282 TEE_MODE_ENCRYPT,
1283 CKR_KEY_FUNCTION_NOT_PERMITTED);
1284
1285 ADBG_EXPECT_CK_OK(c, rv);
1286
1287 Do_ADBG_EndSubCase(c, NULL);
1288 if (rv)
1289 goto out;
1290
1291 }
1292
1293out:
1294 rv = C_CloseSession(session);
1295 ADBG_EXPECT_CK_OK(c, rv);
1296
1297 rv = close_lib();
1298 ADBG_EXPECT_CK_OK(c, rv);
1299}
1300
1301
1302ADBG_CASE_DEFINE(pkcs11, 1005, xtest_pkcs11_test_1005,
1303 "PKCS11: Check ciphering with valid and invalid keys #1");
1304
1305static void xtest_pkcs11_test_1006(ADBG_Case_t *c)
1306{
1307 CK_RV rv = CKR_GENERAL_ERROR;
1308 CK_SLOT_ID slot = 0;
1309 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1310 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1311
1312 rv = init_lib_and_find_token_slot(&slot);
1313 if (!ADBG_EXPECT_CK_OK(c, rv))
1314 return;
1315
1316 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1317 if (!ADBG_EXPECT_CK_OK(c, rv))
1318 goto out;
1319
1320 /* Encrypt only AES CTS key */
1321 rv = cipher_init_final(c, session,
1322 cktest_aes_enc_only_cts,
1323 ARRAY_SIZE(cktest_aes_enc_only_cts),
1324 &cktest_aes_cts_mechanism,
1325 TEE_MODE_ENCRYPT,
1326 CKR_OK);
1327 if (!ADBG_EXPECT_CK_OK(c, rv))
1328 goto out;
1329
1330 rv = cipher_init_final(c, session,
1331 cktest_aes_enc_only_cts,
1332 ARRAY_SIZE(cktest_aes_enc_only_cts),
1333 &cktest_aes_cts_mechanism,
1334 TEE_MODE_DECRYPT,
1335 CKR_KEY_FUNCTION_NOT_PERMITTED);
1336 if (!ADBG_EXPECT_CK_OK(c, rv))
1337 goto out;
1338
1339 /* Decrypt only AES CTR key */
1340 rv = cipher_init_final(c, session,
1341 cktest_aes_dec_only_ctr,
1342 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1343 &cktest_aes_ctr_mechanism,
1344 TEE_MODE_ENCRYPT,
1345 CKR_KEY_FUNCTION_NOT_PERMITTED);
1346 if (!ADBG_EXPECT_CK_OK(c, rv))
1347 goto out;
1348
1349 rv = cipher_init_final(c, session,
1350 cktest_aes_dec_only_ctr,
1351 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1352 &cktest_aes_ctr_mechanism,
1353 TEE_MODE_ENCRYPT,
1354 CKR_KEY_FUNCTION_NOT_PERMITTED);
1355 if (!ADBG_EXPECT_CK_OK(c, rv))
1356 goto out;
1357
1358out:
1359 rv = C_CloseSession(session);
1360 ADBG_EXPECT_CK_OK(c, rv);
1361
1362 rv = close_lib();
1363 ADBG_EXPECT_CK_OK(c, rv);
1364}
1365ADBG_CASE_DEFINE(pkcs11, 1006, xtest_pkcs11_test_1006,
1366 "PKCS11: Check ciphering with valid and invalid keys #2");
1367
1368static CK_RV open_cipher_session(ADBG_Case_t *c,
1369 CK_SLOT_ID slot, CK_SESSION_HANDLE_PTR session,
1370 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1371 CK_MECHANISM_PTR mechanism, uint32_t mode)
1372{
1373 CK_RV rv = CKR_GENERAL_ERROR;
1374 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1375 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1376
1377 switch (mode) {
1378 case TEE_MODE_ENCRYPT:
1379 case TEE_MODE_DECRYPT:
1380 break;
1381 default:
1382 ADBG_EXPECT_TRUE(c, false);
1383 return CKR_GENERAL_ERROR;
1384 }
1385
1386 rv = C_OpenSession(slot, session_flags, NULL, 0, session);
1387 if (rv == CKR_DEVICE_MEMORY)
1388 return rv;
1389 if (!ADBG_EXPECT_CK_OK(c, rv))
1390 return rv;
1391
1392 rv = C_CreateObject(*session, attr_key, attr_count, &object);
1393 if (rv == CKR_DEVICE_MEMORY)
1394 return rv;
1395 if (!ADBG_EXPECT_CK_OK(c, rv))
1396 return rv;
1397
1398 if (mode == TEE_MODE_ENCRYPT)
1399 rv = C_EncryptInit(*session, mechanism, object);
1400 if (mode == TEE_MODE_DECRYPT)
1401 rv = C_DecryptInit(*session, mechanism, object);
1402
1403 if (rv == CKR_DEVICE_MEMORY)
1404 return rv;
1405 if (!ADBG_EXPECT_CK_OK(c, rv))
1406 return CKR_GENERAL_ERROR;
1407
1408 return rv;
1409}
1410
1411static void xtest_pkcs11_test_1007(ADBG_Case_t *c)
1412{
1413 CK_RV rv = CKR_GENERAL_ERROR;
1414 CK_SLOT_ID slot = 0;
1415 CK_SESSION_HANDLE sessions[128];
1416 size_t n = 0;
1417
1418 for (n = 0; n < ARRAY_SIZE(sessions); n++)
1419 sessions[n] = CK_INVALID_HANDLE;
1420
1421 rv = init_lib_and_find_token_slot(&slot);
1422 if (!ADBG_EXPECT_CK_OK(c, rv))
1423 return;
1424
1425 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1426
1427 rv = open_cipher_session(c, slot, &sessions[n],
1428 cktest_allowed_valid[0].attr_key,
1429 cktest_allowed_valid[0].attr_count,
1430 cktest_allowed_valid[0].mechanism,
1431 TEE_MODE_ENCRYPT);
1432
1433 /* Failure due to memory allocation is not a error case */
1434 if (rv == CKR_DEVICE_MEMORY)
1435 break;
1436
1437 if (!ADBG_EXPECT_CK_OK(c, rv))
1438 goto out;
1439 }
1440
1441 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, >, 0))
1442 goto out;
1443
1444 Do_ADBG_Log(" created sessions count: %zu", n);
1445
1446 /* Closing session with out bound and invalid IDs (or negative ID) */
1447 rv = C_CloseSession(sessions[n - 1] + 1024);
1448 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1449 rv = C_CloseSession(CK_INVALID_HANDLE);
1450 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1451 rv = C_CloseSession(~0);
1452 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1453
1454 /* Closing each session: all related resources shall be free */
1455 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1456 if (sessions[n] == CK_INVALID_HANDLE)
1457 continue;
1458
1459 rv = C_CloseSession(sessions[n]);
1460 ADBG_EXPECT_CK_OK(c, rv);
1461 sessions[n] = CK_INVALID_HANDLE;
1462 }
1463
1464 /* Open and close another session */
1465 rv = open_cipher_session(c, slot, &sessions[0],
1466 cktest_allowed_valid[0].attr_key,
1467 cktest_allowed_valid[0].attr_count,
1468 cktest_allowed_valid[0].mechanism,
1469 TEE_MODE_ENCRYPT);
1470
1471 if (!ADBG_EXPECT_CK_OK(c, rv))
1472 goto out;
1473
1474 rv = C_CloseSession(sessions[0]);
1475 ADBG_EXPECT_CK_OK(c, rv);
1476 sessions[0] = CK_INVALID_HANDLE;
1477
1478out:
1479 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1480 if (sessions[n] == CK_INVALID_HANDLE)
1481 continue;
1482
1483 rv = C_CloseSession(sessions[n]);
1484 ADBG_EXPECT_CK_OK(c, rv);
1485 }
1486
1487 rv = close_lib();
1488 ADBG_EXPECT_CK_OK(c, rv);
1489}
1490ADBG_CASE_DEFINE(pkcs11, 1007, xtest_pkcs11_test_1007,
1491 "PKCS11: Check operations release at session closure");
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1492
1493#define CK_MAC_KEY_HMAC(_type, _key_array) \
1494 { \
1495 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, \
1496 sizeof(CK_BBOOL) }, \
1497 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, \
1498 sizeof(CK_BBOOL) }, \
1499 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1500 sizeof(CK_OBJECT_CLASS) }, \
1501 { CKA_KEY_TYPE, &(CK_KEY_TYPE){_type}, \
1502 sizeof(CK_KEY_TYPE) }, \
1503 { CKA_VALUE, (void *)(_key_array), \
1504 sizeof(_key_array) } \
1505 }
1506
1507static CK_ATTRIBUTE cktest_hmac_md5_key[] =
1508 CK_MAC_KEY_HMAC(CKK_MD5_HMAC, mac_data_md5_key1);
1509
1510static CK_ATTRIBUTE cktest_hmac_sha1_key[] =
1511 CK_MAC_KEY_HMAC(CKK_SHA_1_HMAC, mac_data_sha1_key1);
1512
1513static CK_ATTRIBUTE cktest_hmac_sha224_key[] =
1514 CK_MAC_KEY_HMAC(CKK_SHA224_HMAC, mac_data_sha224_key1);
1515
1516static CK_ATTRIBUTE cktest_hmac_sha256_key1[] =
1517 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key1);
1518
1519static CK_ATTRIBUTE cktest_hmac_sha256_key2[] =
1520 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key2);
1521
1522static CK_ATTRIBUTE cktest_hmac_sha384_key[] =
1523 CK_MAC_KEY_HMAC(CKK_SHA384_HMAC, mac_data_sha384_key1);
1524
1525static CK_ATTRIBUTE cktest_hmac_sha512_key[] =
1526 CK_MAC_KEY_HMAC(CKK_SHA512_HMAC, mac_data_sha512_key1);
1527
1528struct mac_test {
1529 CK_ATTRIBUTE_PTR attr_key;
1530 CK_ULONG attr_count;
1531 CK_MECHANISM_PTR mechanism;
1532 size_t in_incr;
1533 const uint8_t *in;
1534 size_t in_len;
1535 const uint8_t *out;
1536 size_t out_len;
1537 bool multiple_incr;
1538};
1539
1540#define CKTEST_MAC_TEST(key, mecha, input_incr, input, output, incr) { \
1541 .attr_key = key, \
1542 .attr_count = ARRAY_SIZE(key), \
1543 .mechanism = mecha, \
1544 .in_incr = input_incr, \
1545 .in = input, \
1546 .in_len = ARRAY_SIZE(input), \
1547 .out = output, \
1548 .out_len = ARRAY_SIZE(output), \
1549 .multiple_incr = incr \
1550 }
1551
1552static const struct mac_test cktest_mac_cases[] = {
1553 CKTEST_MAC_TEST(cktest_hmac_md5_key, &cktest_hmac_md5_mechanism,
1554 4, mac_data_md5_in1, mac_data_md5_out1, false),
1555 CKTEST_MAC_TEST(cktest_hmac_sha1_key, &cktest_hmac_sha1_mechanism,
1556 5, mac_data_sha1_in1, mac_data_sha1_out1, false),
1557 CKTEST_MAC_TEST(cktest_hmac_sha224_key, &cktest_hmac_sha224_mechanism,
1558 8, mac_data_sha224_in1, mac_data_sha224_out1, false),
1559 CKTEST_MAC_TEST(cktest_hmac_sha256_key1, &cktest_hmac_sha256_mechanism,
1560 1, mac_data_sha256_in1, mac_data_sha256_out1, false),
1561 CKTEST_MAC_TEST(cktest_hmac_sha256_key2, &cktest_hmac_sha256_mechanism,
1562 7, mac_data_sha256_in2, mac_data_sha256_out2, false),
1563 CKTEST_MAC_TEST(cktest_hmac_sha384_key, &cktest_hmac_sha384_mechanism,
1564 11, mac_data_sha384_in1, mac_data_sha384_out1, false),
1565 CKTEST_MAC_TEST(cktest_hmac_sha512_key, &cktest_hmac_sha512_mechanism,
1566 13, mac_data_sha512_in1, mac_data_sha512_out1, false),
1567};
1568
1569static void xtest_pkcs11_test_1008(ADBG_Case_t *c)
1570{
1571 CK_RV rv = CKR_GENERAL_ERROR;
1572 CK_SLOT_ID slot = 0;
1573 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1574 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1575 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1576 uint8_t out[512] = { 0 };
1577 CK_ULONG out_size = 0;
1578 struct mac_test const *test = NULL;
1579 size_t n = 0;
1580
1581 rv = init_lib_and_find_token_slot(&slot);
1582 if (!ADBG_EXPECT_CK_OK(c, rv))
1583 return;
1584
1585 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1586 if (!ADBG_EXPECT_CK_OK(c, rv))
1587 goto err_close_lib;
1588
1589 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1590
1591 test = &cktest_mac_cases[n];
1592 Do_ADBG_BeginSubCase(c, "Sign case %zu algo (%s)", n,
1593 ckm2str(test->mechanism->mechanism));
1594
1595 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1596 &key_handle);
1597 if (!ADBG_EXPECT_CK_OK(c, rv))
1598 goto err;
1599
1600 /* Test signature in 1 step */
1601 if (test->in != NULL) {
1602 rv = C_SignInit(session, test->mechanism, key_handle);
1603 if (!ADBG_EXPECT_CK_OK(c, rv))
1604 goto err_destr_obj;
1605
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame]1606 /* Pass input buffer of size 0 */
1607 rv = C_SignUpdate(session,
1608 (void *)test->in, 0);
1609 if (!ADBG_EXPECT_CK_OK(c, rv))
1610 goto err_destr_obj;
1611
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1612 rv = C_SignUpdate(session,
1613 (void *)test->in, test->in_len);
1614 if (!ADBG_EXPECT_CK_OK(c, rv))
1615 goto err_destr_obj;
1616
1617 /* Test too short buffer case */
1618 out_size = 1;
1619 rv = C_SignFinal(session, out, &out_size);
1620 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1621 goto err_destr_obj;
1622
1623 /*
1624 * Test NULL buffer case with size as 0
1625 * to get the out_size
1626 */
1627 out_size = 0;
1628 rv = C_SignFinal(session, NULL, &out_size);
1629 if (!ADBG_EXPECT_CK_OK(c, rv))
1630 goto err_destr_obj;
1631
1632 /* Get to full output */
1633 memset(out, 0, out_size);
1634 rv = C_SignFinal(session, out, &out_size);
1635 if (!ADBG_EXPECT_CK_OK(c, rv))
1636 goto err_destr_obj;
1637
1638 (void)ADBG_EXPECT_BUFFER(c, test->out,
1639 test->out_len,
1640 out, out_size);
1641 }
1642
1643 /* Test 2 step update signature */
1644 rv = C_SignInit(session, test->mechanism, key_handle);
1645 if (!ADBG_EXPECT_CK_OK(c, rv))
1646 goto err_destr_obj;
1647
1648 if (test->in != NULL) {
1649 rv = C_SignUpdate(session,
1650 (void *)test->in, test->in_incr);
1651 if (!ADBG_EXPECT_CK_OK(c, rv))
1652 goto err_destr_obj;
1653
1654 rv = C_SignUpdate(session,
1655 (void *)(test->in + test->in_incr),
1656 test->in_len - test->in_incr);
1657 if (!ADBG_EXPECT_CK_OK(c, rv))
1658 goto err_destr_obj;
1659 }
1660
1661 out_size = sizeof(out);
1662 memset(out, 0, sizeof(out));
1663
1664 rv = C_SignFinal(session, out, &out_size);
1665 if (!ADBG_EXPECT_CK_OK(c, rv))
1666 goto err_destr_obj;
1667
1668 (void)ADBG_EXPECT_BUFFER(c, test->out,
1669 test->out_len, out, out_size);
1670
1671 /* Test 3 signature in one shot */
1672 if (test->in != NULL) {
1673 rv = C_SignInit(session, test->mechanism, key_handle);
1674 if (!ADBG_EXPECT_CK_OK(c, rv))
1675 goto err_destr_obj;
1676
1677 /* Test too short buffer case */
1678 out_size = 1;
1679 rv = C_Sign(session,(void *)test->in, test->in_len,
1680 out, &out_size);
1681 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1682 goto err_destr_obj;
1683
1684 /*
1685 * Test NULL buffer case with size as 0
1686 * to get the out_size
1687 */
1688 out_size = 0;
1689 rv = C_Sign(session, (void *)test->in, test->in_len,
1690 NULL, &out_size);
1691 if (!ADBG_EXPECT_CK_OK(c, rv))
1692 goto err_destr_obj;
1693
1694 /* Get to full output */
1695 memset(out, 0, out_size);
1696 rv = C_Sign(session,(void *)test->in, test->in_len,
1697 out, &out_size);
1698 if (!ADBG_EXPECT_CK_OK(c, rv))
1699 goto err_destr_obj;
1700
1701 (void)ADBG_EXPECT_BUFFER(c, test->out,
1702 test->out_len,
1703 out, out_size);
1704 }
1705
1706 rv = C_DestroyObject(session, key_handle);
1707 if (!ADBG_EXPECT_CK_OK(c, rv))
1708 goto err;
1709
1710 Do_ADBG_EndSubCase(c, NULL);
1711 }
1712 goto out;
1713
1714err_destr_obj:
1715 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1716err:
1717 Do_ADBG_EndSubCase(c, NULL);
1718out:
1719 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1720err_close_lib:
1721 ADBG_EXPECT_CK_OK(c, close_lib());
1722}
1723ADBG_CASE_DEFINE(pkcs11, 1008, xtest_pkcs11_test_1008,
1724 "PKCS11: Check Compliance of C_Sign - HMAC algorithms");
1725
1726static void xtest_pkcs11_test_1009(ADBG_Case_t *c)
1727{
1728 CK_RV rv = CKR_GENERAL_ERROR;
1729 CK_SLOT_ID slot = 0;
1730 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1731 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1732 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1733 struct mac_test const *test = NULL;
1734 size_t n = 0;
1735
1736 rv = init_lib_and_find_token_slot(&slot);
1737 if (!ADBG_EXPECT_CK_OK(c, rv))
1738 return;
1739
1740 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1741 if (!ADBG_EXPECT_CK_OK(c, rv))
1742 goto err_close_lib;
1743
1744 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1745
1746 test = &cktest_mac_cases[n];
1747 Do_ADBG_BeginSubCase(c, "Verify case %zu algo (%s)", n,
1748 ckm2str(test->mechanism->mechanism));
1749
1750 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1751 &key_handle);
1752 if (!ADBG_EXPECT_CK_OK(c, rv))
1753 goto err;
1754
1755 /* Test Verification in 1 step */
1756 if (test->in != NULL) {
1757 rv = C_VerifyInit(session, test->mechanism, key_handle);
1758 if (!ADBG_EXPECT_CK_OK(c, rv))
1759 goto err_destr_obj;
1760
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame]1761 /* Pass input buffer with size 0 - No affect */
1762 rv = C_VerifyUpdate(session, (void *)test->in, 0);
1763 if (!ADBG_EXPECT_CK_OK(c, rv))
1764 goto err_destr_obj;
1765
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1766 rv = C_VerifyUpdate(session, (void *)test->in,
1767 test->in_len);
1768 if (!ADBG_EXPECT_CK_OK(c, rv))
1769 goto err_destr_obj;
1770
1771 rv = C_VerifyFinal(session,
1772 (void *)test->out, test->out_len);
1773 if (!ADBG_EXPECT_CK_OK(c, rv))
1774 goto err_destr_obj;
1775
1776 }
1777
1778 /* Test 2 step update verification*/
1779 rv = C_VerifyInit(session, test->mechanism, key_handle);
1780 if (!ADBG_EXPECT_CK_OK(c, rv))
1781 goto err_destr_obj;
1782
1783 if (test->in != NULL) {
1784 rv = C_VerifyUpdate(session,
1785 (void *)test->in, test->in_incr);
1786 if (!ADBG_EXPECT_CK_OK(c, rv))
1787 goto err_destr_obj;
1788
1789 rv = C_VerifyUpdate(session,
1790 (void *)(test->in + test->in_incr),
1791 test->in_len - test->in_incr);
1792 if (!ADBG_EXPECT_CK_OK(c, rv))
1793 goto err_destr_obj;
1794 }
1795
1796 rv = C_VerifyFinal(session, (void *)test->out, test->out_len);
1797 if (!ADBG_EXPECT_CK_OK(c, rv))
1798 goto err_destr_obj;
1799
1800 /* Error as Operation has already completed */
1801 rv = C_Verify(session,
1802 (void *)test->in, test->in_len,
1803 (void *)test->out, test->out_len);
1804 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED,
1805 rv))
1806 goto err_destr_obj;
1807
1808 /* Test 3 verification in one shot */
1809 if (test->in != NULL) {
1810 rv = C_VerifyInit(session, test->mechanism, key_handle);
1811 if (!ADBG_EXPECT_CK_OK(c, rv))
1812 goto err_destr_obj;
1813
1814 rv = C_Verify(session,
1815 (void *)test->in, test->in_len,
1816 (void *)test->out, test->out_len);
1817 if (!ADBG_EXPECT_CK_OK(c, rv))
1818 goto err_destr_obj;
1819
1820 /* Try calling Verify again */
1821 rv = C_Verify(session,
1822 (void *)test->in, test->in_len,
1823 (void *)test->out, test->out_len);
1824 if (!ADBG_EXPECT_CK_RESULT(c,
1825 CKR_OPERATION_NOT_INITIALIZED,
1826 rv))
1827 goto err_destr_obj;
1828 }
1829
1830 /*
1831 * Test 4 verification
1832 * Error - Signature Length Range with C_VerifyFinal
1833 */
1834 if (test->in != NULL) {
1835 rv = C_VerifyInit(session, test->mechanism, key_handle);
1836 if (!ADBG_EXPECT_CK_OK(c, rv))
1837 goto err_destr_obj;
1838
1839 rv = C_VerifyUpdate(session, (void *)test->in,
1840 test->in_len);
1841 if (!ADBG_EXPECT_CK_OK(c, rv))
1842 goto err_destr_obj;
1843
1844 rv = C_VerifyFinal(session, (void *)test->out, 3);
1845 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1846 rv))
1847 goto err_destr_obj;
1848 }
1849
1850 /*
1851 * Test 5 verification
1852 * Error - Signature Length Range with C_Verify
1853 */
1854 if (test->in != NULL) {
1855 rv = C_VerifyInit(session, test->mechanism, key_handle);
1856 if (!ADBG_EXPECT_CK_OK(c, rv))
1857 goto err_destr_obj;
1858
1859 rv = C_Verify(session,
1860 (void *)test->in, test->in_len,
1861 (void *)test->out, 0);
1862 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1863 rv))
1864 goto err_destr_obj;
1865 }
1866
1867 /* Test 6 verification - Invalid Operation sequence */
1868 if (test->in != NULL) {
1869 rv = C_VerifyInit(session, test->mechanism, key_handle);
1870 if (!ADBG_EXPECT_CK_OK(c, rv))
1871 goto err_destr_obj;
1872
1873 rv = C_Verify(session,
1874 (void *)test->in, test->in_len,
1875 (void *)test->out, test->out_len);
1876 if (!ADBG_EXPECT_CK_OK(c, rv))
1877 goto err_destr_obj;
1878
1879 /* Init session has already terminated with C_Verify */
1880 rv = C_VerifyUpdate(session, (void *)test->in,
1881 test->in_len);
1882 if (!ADBG_EXPECT_CK_RESULT(c,
1883 CKR_OPERATION_NOT_INITIALIZED,
1884 rv))
1885 goto err_destr_obj;
1886 }
1887
1888 rv = C_DestroyObject(session, key_handle);
1889 if (!ADBG_EXPECT_CK_OK(c, rv))
1890 goto err;
1891
1892 Do_ADBG_EndSubCase(c, NULL);
1893 }
1894 goto out;
1895
1896err_destr_obj:
1897 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1898err:
1899 Do_ADBG_EndSubCase(c, NULL);
1900out:
1901 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1902err_close_lib:
1903 ADBG_EXPECT_CK_OK(c, close_lib());
1904}
1905ADBG_CASE_DEFINE(pkcs11, 1009, xtest_pkcs11_test_1009,
1906 "PKCS11: Check Compliance of C_Verify - HMAC Algorithms");
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame^]1907
1908/* Bad key type */
1909static CK_ATTRIBUTE cktest_generate_gensecret_object_error1[] = {
1910 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1911 sizeof(CK_OBJECT_CLASS) },
1912 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
1913 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
1914};
1915
1916/* Missing VALUE_LEN */
1917static CK_ATTRIBUTE cktest_generate_gensecret_object_error2[] = {
1918 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1919 sizeof(CK_OBJECT_CLASS) },
1920 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1921 sizeof(CK_KEY_TYPE) },
1922};
1923
1924/* Bad object class */
1925static CK_ATTRIBUTE cktest_generate_gensecret_object_error3[] = {
1926 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA}, sizeof(CK_OBJECT_CLASS) },
1927 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1928 sizeof(CK_KEY_TYPE) },
1929 { CKA_VALUE_LEN, &(CK_ULONG){16 * 8}, sizeof(CK_ULONG) },
1930};
1931
1932/* Invalid template with CKA_LOCAL */
1933static CK_ATTRIBUTE cktest_generate_gensecret_object_error4[] = {
1934 { CKA_VALUE_LEN, &(CK_ULONG){16 * 8}, sizeof(CK_ULONG) },
1935 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1936};
1937
1938/* Valid template to generate a generic secret */
1939static CK_ATTRIBUTE cktest_generate_gensecret_object_valid1[] = {
1940 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1941 sizeof(CK_OBJECT_CLASS) },
1942 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1943 sizeof(CK_KEY_TYPE) },
1944 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1945 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1946 { CKA_VALUE_LEN, &(CK_ULONG){16 * 8}, sizeof(CK_ULONG) },
1947};
1948
1949/* Valid template to generate a generic secret with only VALUE_LEN */
1950static CK_ATTRIBUTE cktest_generate_gensecret_object_valid2[] = {
1951 { CKA_VALUE_LEN, &(CK_ULONG){16 * 8}, sizeof(CK_ULONG) },
1952 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1953};
1954
1955
1956/* Valid template to generate an all AES purpose key */
1957static CK_ATTRIBUTE cktest_generate_aes_object[] = {
1958 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1959 sizeof(CK_OBJECT_CLASS) },
1960 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
1961 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1962 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1963 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
1964};
1965
1966static void xtest_pkcs11_test_1010(ADBG_Case_t *c)
1967{
1968 CK_RV rv = CKR_GENERAL_ERROR;
1969 CK_SLOT_ID slot = 0;
1970 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1971 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
1972 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1973 struct mac_test const *test = &cktest_mac_cases[0];
1974 uint8_t out[512] = { 0 };
1975 CK_ULONG out_len = 512;
1976
1977 rv = init_lib_and_find_token_slot(&slot);
1978 if (!ADBG_EXPECT_CK_OK(c, rv))
1979 return;
1980
1981 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1982 if (!ADBG_EXPECT_CK_OK(c, rv))
1983 goto close_lib;
1984
1985 /*
1986 * Generate Generic Secret key using invalid templates
1987 */
1988 Do_ADBG_BeginSubCase(c, "Generate Secret Key with Invalid Templates");
1989
1990 /* NULL Template with !null template length */
1991 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism, NULL,
1992 3, &key_handle);
1993 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
1994 goto err;
1995
1996 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
1997 cktest_generate_gensecret_object_error1,
1998 ARRAY_SIZE(cktest_generate_gensecret_object_error1),
1999 &key_handle);
2000 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2001 goto err;
2002
2003 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2004 cktest_generate_gensecret_object_error2,
2005 ARRAY_SIZE(cktest_generate_gensecret_object_error2),
2006 &key_handle);
2007 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCOMPLETE, rv))
2008 goto err;
2009
2010 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2011 cktest_generate_gensecret_object_error3,
2012 ARRAY_SIZE(cktest_generate_gensecret_object_error3),
2013 &key_handle);
2014 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2015 goto err;
2016
2017 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2018 cktest_generate_gensecret_object_error4,
2019 ARRAY_SIZE(cktest_generate_gensecret_object_error4),
2020 &key_handle);
2021 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2022 goto err;
2023
2024 Do_ADBG_EndSubCase(c, NULL);
2025
2026 /*
2027 * Generate a Generic Secret object.
2028 * Try to encrypt with, it should fail...
2029 */
2030 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Encrypting");
2031
2032 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2033 cktest_generate_gensecret_object_valid1,
2034 ARRAY_SIZE(cktest_generate_gensecret_object_valid1),
2035 &key_handle);
2036 if (!ADBG_EXPECT_CK_OK(c, rv))
2037 goto err;
2038
2039 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2040 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_FUNCTION_NOT_PERMITTED, rv))
2041 goto err_destr_obj;
2042
2043 rv = C_DestroyObject(session, key_handle);
2044 if (!ADBG_EXPECT_CK_OK(c, rv))
2045 goto err;
2046
2047 Do_ADBG_EndSubCase(c, NULL);
2048
2049 /*
2050 * Generate a Generic Secret object.
2051 * Try to sign with it, it should pass...
2052 */
2053 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Signing");
2054 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2055 cktest_generate_gensecret_object_valid2,
2056 ARRAY_SIZE(cktest_generate_gensecret_object_valid2),
2057 &key_handle);
2058 if (!ADBG_EXPECT_CK_OK(c, rv))
2059 goto err;
2060
2061 rv = C_SignInit(session, test->mechanism, key_handle);
2062 if (!ADBG_EXPECT_CK_OK(c, rv))
2063 goto err_destr_obj;
2064
2065 rv = C_Sign(session, (void *)test->in, test->in_len,
2066 (void *)out, &out_len);
2067 if (!ADBG_EXPECT_CK_OK(c, rv))
2068 goto err_destr_obj;
2069
2070 rv = C_DestroyObject(session, key_handle);
2071 if (!ADBG_EXPECT_CK_OK(c, rv))
2072 goto err;
2073
2074 Do_ADBG_EndSubCase(c, NULL);
2075
2076 /*
2077 * Generate a 128 bit AES Secret Key.
2078 * Try to encrypt with, it should pass...
2079 */
2080 Do_ADBG_BeginSubCase(c, "Generate AES Key - Try Encrypting");
2081
2082 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
2083 cktest_generate_aes_object,
2084 ARRAY_SIZE(cktest_generate_aes_object),
2085 &key_handle);
2086 if (!ADBG_EXPECT_CK_OK(c, rv))
2087 goto err;
2088
2089 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2090 if (!ADBG_EXPECT_CK_OK(c, rv))
2091 goto err_destr_obj;
2092
2093 rv = C_EncryptFinal(session, NULL, NULL);
2094 /* Only check that the operation is no more active */
2095 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
2096 goto err;
2097
2098 rv = C_DestroyObject(session, key_handle);
2099 if (!ADBG_EXPECT_CK_OK(c, rv))
2100 goto err;
2101
2102 Do_ADBG_EndSubCase(c, NULL);
2103
2104 goto out;
2105
2106err_destr_obj:
2107 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
2108err:
2109 Do_ADBG_EndSubCase(c, NULL);
2110out:
2111 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2112close_lib:
2113 ADBG_EXPECT_CK_OK(c, close_lib());
2114}
2115ADBG_CASE_DEFINE(pkcs11, 1010, xtest_pkcs11_test_1010,
2116 "PKCS11: Key Generation");