TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / 9e5867b788cc4d11c0526001915a9d7c487b5b0c / . / host / xtest / pkcs11_1000.c
blob: b4ed6f4d1286a2301a6e88121e8941f0e4d1ae1e [file] [log] [blame]
Etienne Carriere9b7b70d2020-05-16 10:27:23 +0200[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]2/*
3 * Copyright (c) 2018, Linaro Limited
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]4 */
5
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]6#include <ck_debug.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]7#include <inttypes.h>
Vesa Jääskeläinenc95ee1e2021-03-06 12:20:12 +0200[diff] [blame]8#ifdef OPENSSL_FOUND
9#include <openssl/evp.h>
10#endif
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]11#include <pkcs11.h>
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]12#include <stdio.h>
13#include <stdlib.h>
14#include <string.h>
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]15#include <util.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]16
17#include "xtest_test.h"
18#include "xtest_helpers.h"
19
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]20#include <regression_4000_data.h>
21
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]22/*
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]23 * Some PKCS#11 object resources used in the tests
24 */
25static const CK_BYTE cktest_aes128_key[16];
26
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]27static const CK_BYTE cktest_aes128_iv[16];
28
29static const CK_AES_CTR_PARAMS cktest_aes_ctr_params = {
30 .ulCounterBits = 1,
31};
32
33static CK_MECHANISM cktest_aes_ecb_mechanism = {
34 CKM_AES_ECB,
35 NULL, 0,
36};
37static CK_MECHANISM cktest_aes_cbc_mechanism = {
38 CKM_AES_CBC,
39 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
40};
41static CK_MECHANISM cktest_aes_ctr_mechanism = {
42 CKM_AES_CTR,
43 (CK_BYTE_PTR)&cktest_aes_ctr_params, sizeof(cktest_aes_ctr_params),
44};
45static CK_MECHANISM cktest_aes_cts_mechanism = {
46 CKM_AES_CTS,
47 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
48};
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]49static CK_MECHANISM cktest_hmac_md5_mechanism = {
50 CKM_MD5_HMAC, NULL, 0,
51};
52static CK_MECHANISM cktest_hmac_sha1_mechanism = {
53 CKM_SHA_1_HMAC, NULL, 0,
54};
55static CK_MECHANISM cktest_hmac_sha224_mechanism = {
56 CKM_SHA224_HMAC, NULL, 0,
57};
58static CK_MECHANISM cktest_hmac_sha256_mechanism = {
59 CKM_SHA256_HMAC, NULL, 0,
60};
61static CK_MECHANISM cktest_hmac_sha384_mechanism = {
62 CKM_SHA384_HMAC, NULL, 0,
63};
64static CK_MECHANISM cktest_hmac_sha512_mechanism = {
65 CKM_SHA512_HMAC, NULL, 0,
66};
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]67static CK_MECHANISM cktest_gensecret_keygen_mechanism = {
68 CKM_GENERIC_SECRET_KEY_GEN, NULL, 0,
69};
70static CK_MECHANISM cktest_aes_keygen_mechanism = {
71 CKM_AES_KEY_GEN, NULL, 0,
72};
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]73
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]74/*
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]75 * Util to find a slot on which to open a session
76 */
77static CK_RV close_lib(void)
78{
79 return C_Finalize(0);
80}
81
82static CK_RV init_lib_and_find_token_slot(CK_SLOT_ID *slot)
83{
84 CK_RV rv = CKR_GENERAL_ERROR;
85 CK_SLOT_ID_PTR slots = NULL;
86 CK_ULONG count = 0;
87
88 rv = C_Initialize(0);
89 if (rv)
90 return rv;
91
92 rv = C_GetSlotList(CK_TRUE, NULL, &count);
93 if (rv != CKR_OK)
94 goto bail;
95
96 if (count < 1) {
97 rv = CKR_GENERAL_ERROR;
98 goto bail;
99 }
100
101 slots = malloc(count * sizeof(CK_SLOT_ID));
102 if (!slots) {
103 rv = CKR_HOST_MEMORY;
104 goto bail;
105 }
106
107 rv = C_GetSlotList(CK_TRUE, slots, &count);
108 if (rv)
109 goto bail;
110
111 /* Use the last slot */
112 *slot = slots[count - 1];
113
114bail:
115 free(slots);
116 if (rv)
117 close_lib();
118
119 return rv;
120}
121
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]122static void xtest_pkcs11_test_1000(ADBG_Case_t *c)
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]123{
124 CK_RV rv;
125
126 rv = C_Initialize(NULL);
127 if (!ADBG_EXPECT_CK_OK(c, rv))
128 return;
129
130 rv = C_Finalize(NULL);
131 if (!ADBG_EXPECT_CK_OK(c, rv))
132 return;
133
134 rv = C_Initialize(NULL);
135 if (!ADBG_EXPECT_CK_OK(c, rv))
136 return;
137
138 rv = C_Initialize(NULL);
139 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_ALREADY_INITIALIZED, rv);
140
141 rv = C_Finalize(NULL);
142 ADBG_EXPECT_CK_OK(c, rv);
Etienne Carriere21f4e3c2020-02-05 15:40:24 +0100[diff] [blame]143
144 rv = C_Finalize(NULL);
145 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_NOT_INITIALIZED, rv);
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]146}
147
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]148ADBG_CASE_DEFINE(pkcs11, 1000, xtest_pkcs11_test_1000,
149 "Initialize and close Cryptoki library");
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]150
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]151static void xtest_pkcs11_test_1001(ADBG_Case_t *c)
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]152{
153 CK_RV rv = CKR_GENERAL_ERROR;
154 CK_SLOT_ID_PTR slot_ids = NULL;
155 CK_ULONG slot_count = 0;
156 CK_ULONG present_slot_count = 0;
157 CK_INFO lib_info = { };
158 CK_SLOT_INFO slot_info = { };
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]159 CK_TOKEN_INFO token_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]160 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
161 size_t i = 0;
162 CK_SLOT_ID max_slot_id = 0;
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]163 CK_MECHANISM_TYPE_PTR mecha_types = NULL;
164 CK_ULONG mecha_count = 0;
165 CK_MECHANISM_INFO mecha_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]166
167 rv = C_Initialize(NULL);
168 if (!ADBG_EXPECT_CK_OK(c, rv))
169 return;
170
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]171 Do_ADBG_BeginSubCase(c, "Test C_GetFunctionList()");
172
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]173 rv = C_GetFunctionList(&ckfunc_list);
174 if (!ADBG_EXPECT_CK_OK(c, rv))
175 goto out;
176
177 if (!ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetInfo) ||
178 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotList) ||
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]179 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotInfo) ||
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]180 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetTokenInfo) ||
181 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismList) ||
182 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismInfo))
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]183 goto out;
184
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]185 Do_ADBG_EndSubCase(c, "Test C_GetFunctionList()");
186 Do_ADBG_BeginSubCase(c, "Test C_GetInfo()");
187
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]188 rv = C_GetInfo(&lib_info);
189 if (!ADBG_EXPECT_CK_OK(c, rv))
190 goto out;
191
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]192 Do_ADBG_EndSubCase(c, "Test C_GetInfo()");
193 Do_ADBG_BeginSubCase(c, "Test C_GetSlotList()");
194
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]195 rv = C_GetSlotList(0, NULL, &slot_count);
196 if (!ADBG_EXPECT_CK_OK(c, rv))
197 goto out;
198
199 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, !=, 0))
200 goto out;
201
Etienne Carrierede746332020-03-04 19:43:53 +0100[diff] [blame]202 if (slot_count > 1) {
203 /* Ensure case non-NULL-buffer and zero-count is tested */
204 CK_SLOT_ID id = 0;
205
206 slot_count = 0;
207 rv = C_GetSlotList(0, &id, &slot_count);
208 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
209 goto out;
210 }
211
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]212 rv = C_GetSlotList(1, NULL, &present_slot_count);
213 if (!ADBG_EXPECT_CK_OK(c, rv))
214 goto out;
215
216 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, ==,
217 present_slot_count))
218 goto out;
219
220 slot_ids = calloc(slot_count, sizeof(CK_SLOT_ID));
221 if (!ADBG_EXPECT_NOT_NULL(c, slot_ids))
222 goto out;
223
224 slot_count--;
225 rv = C_GetSlotList(1, slot_ids, &slot_count);
226 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
227 goto out;
228
229 rv = C_GetSlotList(1, slot_ids, &slot_count);
230 if (!ADBG_EXPECT_CK_OK(c, rv))
231 goto out;
232
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]233 Do_ADBG_EndSubCase(c, "Test C_GetSlotList()");
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]234 Do_ADBG_BeginSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]235
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]236 for (i = 0; i < slot_count; i++) {
237 CK_SLOT_ID slot = slot_ids[i];
238
239 rv = C_GetSlotInfo(slot, &slot_info);
240 if (!ADBG_EXPECT_CK_OK(c, rv))
241 goto out;
242
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]243 rv = C_GetTokenInfo(slot, &token_info);
244 if (!ADBG_EXPECT_CK_OK(c, rv))
245 goto out;
246
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]247 if (max_slot_id < slot)
248 max_slot_id = slot;
249 }
250
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]251 Do_ADBG_EndSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]252 Do_ADBG_BeginSubCase(c, "Test C_GetMechanism{List|Info}()");
253
254 for (i = 0; i < slot_count; i++) {
255 CK_SLOT_ID slot = slot_ids[i];
256 size_t j = 0;
257
258 mecha_count = 0;
259 rv = C_GetMechanismList(slot, NULL, &mecha_count);
260 if (!ADBG_EXPECT_CK_OK(c, rv))
261 goto out;
262
263 if (mecha_count == 0)
264 continue;
265
266 free(mecha_types);
267 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
268 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
269 goto out;
270
271 /* Test specific case: valid buffer reference with 0 count */
272 mecha_count = 0;
273 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
274 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
275 goto out;
276
277 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
278 if (!ADBG_EXPECT_CK_OK(c, rv))
279 goto out;
280
281 for (j = 0; j < mecha_count; j++) {
282 rv = C_GetMechanismInfo(slot, mecha_types[j],
283 &mecha_info);
284 if (!ADBG_EXPECT_CK_OK(c, rv))
285 goto out;
286 }
287 }
288
289 Do_ADBG_EndSubCase(c, "Test C_GetMechanism{List|Info}()");
Vesa Jääskeläinen60298cc2021-01-19 09:06:00 +0200[diff] [blame]290 Do_ADBG_BeginSubCase(c, "Test C_GetMechanismList() with larger result buffer");
291
292 for (i = 0; i < slot_count; i++) {
293 CK_SLOT_ID slot = slot_ids[i];
294 CK_ULONG real_mecha_count = 0;
295 CK_ULONG alloc_mecha_count = 0;
296 uint8_t *data_ptr = NULL;
297 size_t j = 0;
298
299 rv = C_GetMechanismList(slot, NULL, &real_mecha_count);
300 if (!ADBG_EXPECT_CK_OK(c, rv))
301 goto out;
302
303 if (real_mecha_count == 0)
304 continue;
305
306 /* Allocate more memory for mechanisms than required */
307 alloc_mecha_count = real_mecha_count + 16;
308 mecha_count = alloc_mecha_count;
309
310 free(mecha_types);
311 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
312 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
313 goto out;
314 memset(mecha_types, 0xCC,
315 alloc_mecha_count * sizeof(*mecha_types));
316
317 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
318 if (!ADBG_EXPECT_CK_OK(c, rv))
319 goto out;
320
321 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, mecha_count, ==,
322 real_mecha_count))
323 goto out;
324
325 data_ptr = (uint8_t *)mecha_types;
326 for (j = real_mecha_count * sizeof(*mecha_types);
327 j < alloc_mecha_count * sizeof(*mecha_types); j++)
328 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, data_ptr[j], ==,
329 0xCC))
330 break;
331 }
332
333 Do_ADBG_EndSubCase(c, "Test C_GetMechanismList() with larger result buffer");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]334 Do_ADBG_BeginSubCase(c, "Test C_Get*Info() with invalid reference");
335
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]336 rv = C_GetSlotInfo(max_slot_id + 1, &slot_info);
337 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
338 goto out;
339
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]340 rv = C_GetTokenInfo(max_slot_id + 1, &token_info);
341 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
342 goto out;
343
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]344 mecha_count = 1;
345 if (!mecha_types)
346 mecha_types = malloc(sizeof(*mecha_types));
347 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
348 goto out;
349
350 rv = C_GetMechanismList(max_slot_id + 1, mecha_types, &mecha_count);
351 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
352 goto out;
353
354 rv = C_GetMechanismInfo(max_slot_id + 1, CKM_AES_KEY_GEN, &mecha_info);
355 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
356 goto out;
357
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]358 rv = C_GetSlotInfo(ULONG_MAX, &slot_info);
359 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
360 goto out;
361
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]362 rv = C_GetTokenInfo(ULONG_MAX, &token_info);
363 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
364 goto out;
365
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]366 mecha_count = 1;
367 rv = C_GetMechanismList(ULONG_MAX, mecha_types, &mecha_count);
368 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
369 goto out;
370
371 rv = C_GetMechanismInfo(ULONG_MAX, CKM_AES_KEY_GEN, &mecha_info);
372 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
373 goto out;
374
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]375out:
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]376 Do_ADBG_EndSubCase(c, NULL);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]377 free(slot_ids);
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]378 free(mecha_types);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]379
380 rv = C_Finalize(NULL);
381 ADBG_EXPECT_CK_OK(c, rv);
382}
383
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]384ADBG_CASE_DEFINE(pkcs11, 1001, xtest_pkcs11_test_1001,
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]385 "PKCS11: List PKCS#11 slots and get information from");
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]386
387static void xtest_pkcs11_test_1002(ADBG_Case_t *c)
388{
389 CK_RV rv = CKR_GENERAL_ERROR;
390 CK_SLOT_ID slot = 0;
391 CK_SESSION_HANDLE session[3] = { 0 };
392 CK_FLAGS session_flags = 0;
393 CK_SESSION_INFO session_info = { };
394 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
395
396 rv = init_lib_and_find_token_slot(&slot);
397 if (!ADBG_EXPECT_CK_OK(c, rv))
398 return;
399
400 rv = C_GetFunctionList(&ckfunc_list);
401 if (!ADBG_EXPECT_CK_OK(c, rv) ||
402 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_OpenSession) ||
403 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseSession) ||
404 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseAllSessions) ||
405 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSessionInfo))
406 goto bail;
407
408 Do_ADBG_BeginSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
409
410 session_flags = CKF_RW_SESSION;
411
412 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
Vesa Jääskeläinenc1378d92020-12-31 12:53:10 +0200[diff] [blame]413 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_PARALLEL_NOT_SUPPORTED, rv))
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]414 goto bail;
415
416 session_flags = CKF_SERIAL_SESSION;
417
418 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
419 if (!ADBG_EXPECT_CK_OK(c, rv))
420 goto bail;
421
422 rv = C_GetSessionInfo(session[0], &session_info);
423 if (!ADBG_EXPECT_CK_OK(c, rv) ||
424 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
425 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
426 session_flags) ||
427 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
428 CKS_RO_PUBLIC_SESSION) ||
429 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
430 goto bail;
431
432 session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
433
434 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[1]);
435 if (!ADBG_EXPECT_CK_OK(c, rv))
436 goto bail;
437
438 rv = C_GetSessionInfo(session[1], &session_info);
439 if (!ADBG_EXPECT_CK_OK(c, rv) ||
440 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
441 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
442 session_flags) ||
443 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
444 CKS_RW_PUBLIC_SESSION) ||
445 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
446 goto bail;
447
448 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[2]);
449 if (!ADBG_EXPECT_CK_OK(c, rv))
450 goto bail;
451
452 rv = C_GetSessionInfo(session[2], &session_info);
453 if (!ADBG_EXPECT_CK_OK(c, rv) ||
454 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
455 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
456 session_flags) ||
457 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
458 CKS_RW_PUBLIC_SESSION) ||
459 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
460 goto bail;
461
462 Do_ADBG_EndSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
463 Do_ADBG_BeginSubCase(c, "Test C_CloseSession()");
464
465 /* Close 2 of them */
466 rv = C_CloseSession(session[0]);
467 if (!ADBG_EXPECT_CK_OK(c, rv))
468 goto bail;
469
470 rv = C_GetSessionInfo(session[0], &session_info);
471 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
472 goto bail;
473
474 rv = C_GetSessionInfo(session[1], &session_info);
475 if (!ADBG_EXPECT_CK_OK(c, rv))
476 goto bail;
477
478 rv = C_GetSessionInfo(session[2], &session_info);
479 if (!ADBG_EXPECT_CK_OK(c, rv))
480 goto bail;
481
482 /* Close all remaining sessions, later calls should failed on session */
483 rv = C_CloseAllSessions(slot);
484 if (!ADBG_EXPECT_CK_OK(c, rv))
485 goto bail;
486
487 rv = C_CloseSession(session[1]);
488 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
489 goto bail;
490
491 rv = C_CloseSession(session[2]);
492 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
493 goto bail;
494
495 rv = C_GetSessionInfo(session[1], &session_info);
496 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
497 goto bail;
498
499 rv = C_GetSessionInfo(session[2], &session_info);
500 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
501 goto bail;
502
503 /* Open a session, should be closed from library closure */
504 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
505 if (!ADBG_EXPECT_CK_OK(c, rv))
506 goto bail;
507
508bail:
509 Do_ADBG_EndSubCase(c, NULL);
510 rv = close_lib();
511 ADBG_EXPECT_CK_OK(c, rv);
512}
513
514ADBG_CASE_DEFINE(pkcs11, 1002, xtest_pkcs11_test_1002,
515 "PKCS11: Open and close PKCS#11 sessions");
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]516
517/*
518 * Helpers for tests where we must log into the token.
519 * These define the genuine PINs and label to be used with the test token.
520 */
521static CK_UTF8CHAR test_token_so_pin[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 , 9, 10, };
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]522static CK_UTF8CHAR test_token_user_pin[] = {
523 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
524};
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]525static CK_UTF8CHAR test_token_label[] = "PKCS11 TA test token";
526
527static CK_RV init_test_token(CK_SLOT_ID slot)
528{
529 return C_InitToken(slot, test_token_so_pin, sizeof(test_token_so_pin),
530 test_token_label);
531}
532
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]533/* Login as user, eventually reset user PIN if needed */
534static CK_RV init_user_test_token(CK_SLOT_ID slot)
535{
536 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
537 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
538 CK_RV rv = CKR_GENERAL_ERROR;
539
540 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
541 if (rv)
542 return rv;
543
544 rv = C_Login(session, CKU_USER, test_token_user_pin,
545 sizeof(test_token_user_pin));
546 if (rv == CKR_OK) {
547 C_Logout(session);
548 C_CloseSession(session);
549 return rv;
550 }
551
552 rv = C_Login(session, CKU_SO, test_token_so_pin,
553 sizeof(test_token_so_pin));
554 if (rv) {
555 C_CloseSession(session);
556
557 rv = init_test_token(slot);
558 if (rv)
559 return rv;
560
561 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
562 if (rv)
563 return rv;
564
565 rv = C_Login(session, CKU_SO, test_token_so_pin,
566 sizeof(test_token_so_pin));
567 if (rv) {
568 C_CloseSession(session);
569 return rv;
570 }
571 }
572
573 rv = C_InitPIN(session, test_token_user_pin,
574 sizeof(test_token_user_pin));
575
576 C_Logout(session);
577 C_CloseSession(session);
578
579 return rv;
580}
581
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]582static CK_RV test_already_initialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
583{
584 CK_RV rv = CKR_GENERAL_ERROR;
585 CK_TOKEN_INFO token_info = { };
586 /* Same content as test_token_so_pin[] but 1 more byte */
587 CK_UTF8CHAR pin1[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, };
588 /* Same content as test_token_so_pin[] but 1 different byte */
589 CK_UTF8CHAR pin2[] = { 0, 1, 2, 3, 4, 5, 6, 6, 8, 9, 10, };
590 CK_FLAGS flags = 0;
591
592 Do_ADBG_BeginSubCase(c, "C_InitToken() on initialized token");
593
594 rv = C_GetTokenInfo(slot, &token_info);
595 if (!ADBG_EXPECT_CK_OK(c, rv))
596 goto out;
597
598 rv = C_InitToken(slot, test_token_so_pin,
599 sizeof(test_token_so_pin) - 1, test_token_label);
600 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
601 goto out;
602
603 rv = C_InitToken(slot, pin1, sizeof(pin1), test_token_label);
604 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
605 goto out;
606
607 rv = C_InitToken(slot, pin2, sizeof(pin2), test_token_label);
608 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
609 goto out;
610
611 rv = C_GetTokenInfo(slot, &token_info);
612 if (!ADBG_EXPECT_CK_OK(c, rv))
613 goto out;
614
615 flags = token_info.flags;
616
617 /* Token should have set CKF_SO_PIN_COUNT_LOW to 1 */
618 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_SO_PIN_COUNT_LOW))) {
619 rv = CKR_GENERAL_ERROR;
620 goto out;
621 }
622
623 rv = init_test_token(slot);
624 if (!ADBG_EXPECT_CK_OK(c, rv))
625 goto out;
626
627 rv = C_GetTokenInfo(slot, &token_info);
628 if (!ADBG_EXPECT_CK_OK(c, rv))
629 goto out;
630
631 flags = token_info.flags;
632
633 /*
634 * Token should have reset CKF_SO_PIN_COUNT_LOW to 0.
635 * Other flags should show a sane initialized state.
636 */
637 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_SO_PIN_COUNT_LOW)) ||
638 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
639 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
640 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
641 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]642 goto out;
643 }
644
645 rv = init_user_test_token(slot);
646 if (!ADBG_EXPECT_CK_OK(c, rv))
647 goto out;
648
649 rv = C_GetTokenInfo(slot, &token_info);
650 if (!ADBG_EXPECT_CK_OK(c, rv))
651 goto out;
652
653 flags = token_info.flags;
654
655 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
656 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
657 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
658 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
659 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
660 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE))) {
661 rv = CKR_GENERAL_ERROR;
662 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]663 }
664
665out:
666 Do_ADBG_EndSubCase(c, "C_InitToken() on initialized token");
667
668 return rv;
669}
670
671static CK_RV test_uninitialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
672{
673 CK_RV rv = CKR_GENERAL_ERROR;
674 CK_TOKEN_INFO token_info = { };
675 CK_FLAGS flags = 0;
676
677 Do_ADBG_BeginSubCase(c, "C_InitToken() on uninitialized token");
678
679 rv = init_test_token(slot);
680 if (!ADBG_EXPECT_CK_OK(c, rv))
681 goto out;
682
683 rv = C_GetTokenInfo(slot, &token_info);
684 if (!ADBG_EXPECT_CK_OK(c, rv))
685 goto out;
686
687 flags = token_info.flags;
688
689 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
690 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
691 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
692 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]693 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]694 }
695
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]696 rv = init_user_test_token(slot);
697 if (!ADBG_EXPECT_CK_OK(c, rv))
698 goto out;
699
700 rv = C_GetTokenInfo(slot, &token_info);
701 if (!ADBG_EXPECT_CK_OK(c, rv))
702 goto out;
703
704 flags = token_info.flags;
705
706 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
707 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
708 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
709 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
710 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
711 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
712 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)))
713 rv = CKR_GENERAL_ERROR;
714
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]715out:
716 Do_ADBG_EndSubCase(c, "C_InitToken() on uninitialized token");
717
718 return rv;
719}
720
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]721static CK_RV test_login_logout(ADBG_Case_t *c, CK_SLOT_ID slot)
722{
723 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
724 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
725 CK_RV rv = CKR_GENERAL_ERROR;
726
727 Do_ADBG_BeginSubCase(c, "Test C_Login()/C_Logout()");
728
729 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
730 if (!ADBG_EXPECT_CK_OK(c, rv))
731 goto out;
732
733 /* Logout: should fail as we did not log in yet */
734 rv = C_Logout(session);
735 ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv);
736
737 /* Login/re-log/logout user */
738 rv = C_Login(session, CKU_USER, test_token_user_pin,
739 sizeof(test_token_user_pin));
740 if (!ADBG_EXPECT_CK_OK(c, rv))
741 goto out;
742
743 rv = C_Login(session, CKU_USER, test_token_user_pin,
744 sizeof(test_token_user_pin));
745 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
746
747 rv = C_Logout(session);
748 if (!ADBG_EXPECT_CK_OK(c, rv))
749 goto out;
750
751 /* Login/re-log/logout security officer */
752 rv = C_Login(session, CKU_SO, test_token_so_pin,
753 sizeof(test_token_so_pin));
754 if (!ADBG_EXPECT_CK_OK(c, rv))
755 goto out;
756
757 rv = C_Login(session, CKU_SO, test_token_so_pin,
758 sizeof(test_token_so_pin));
759 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
760
761 rv = C_Logout(session);
762 if (!ADBG_EXPECT_CK_OK(c, rv))
763 goto out;
764
765 /* Login user then SO and reverse */
766 rv = C_Login(session, CKU_SO, test_token_so_pin,
767 sizeof(test_token_so_pin));
768 ADBG_EXPECT_CK_OK(c, rv);
769
770 rv = C_Login(session, CKU_USER, test_token_user_pin,
771 sizeof(test_token_user_pin));
772 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
773
774 rv = C_Logout(session);
775 if (!ADBG_EXPECT_CK_OK(c, rv))
776 goto out;
777
778 rv = C_Login(session, CKU_USER, test_token_user_pin,
779 sizeof(test_token_user_pin));
780 ADBG_EXPECT_CK_OK(c, rv);
781
782 rv = C_Login(session, CKU_SO, test_token_so_pin,
783 sizeof(test_token_so_pin));
784 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
785
786 rv = C_Logout(session);
787 ADBG_EXPECT_CK_OK(c, rv);
788
789 /* Login context specifc, in an invalid case (need an operation) */
790 rv = C_Login(session, CKU_CONTEXT_SPECIFIC, test_token_user_pin,
791 sizeof(test_token_user_pin));
792 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
793
794 rv = C_CloseSession(session);
795 ADBG_EXPECT_CK_OK(c, rv);
796
797out:
798 Do_ADBG_EndSubCase(c, "Test C_Login()/C_Logout()");
799 return rv;
800}
801
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]802static CK_RV test_set_pin(ADBG_Case_t *c, CK_SLOT_ID slot,
803 CK_USER_TYPE user_type)
804{
805 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
806 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
807 CK_UTF8CHAR some_pin[] = { 7, 6, 5, 4, 3, 2, 1, 2, 3, 4, 5, 6, 7 };
808 CK_UTF8CHAR_PTR old_pin = NULL;
809 CK_USER_TYPE ut = user_type;
810 size_t old_pin_sz = 0;
811 CK_RV rv2 = CKR_OK;
812 CK_RV rv = CKR_OK;
813
814 Do_ADBG_BeginSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
815
816 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
817 if (!ADBG_EXPECT_CK_OK(c, rv))
818 goto out;
819
820 if (user_type == CKU_SO) {
821 old_pin = (CK_UTF8CHAR_PTR)test_token_so_pin;
822 old_pin_sz = sizeof(test_token_so_pin);
823 } else {
824 old_pin = (CK_UTF8CHAR_PTR)test_token_user_pin;
825 old_pin_sz = sizeof(test_token_user_pin);
826 ut = CKU_USER;
827 }
828
829 if (ut == user_type) {
830 rv = C_Login(session, ut, old_pin, old_pin_sz);
831 if (!ADBG_EXPECT_CK_OK(c, rv))
832 goto out_session;
833 }
834
835 rv = C_SetPIN(session, old_pin, old_pin_sz, some_pin, sizeof(some_pin));
836 if (!ADBG_EXPECT_CK_OK(c, rv)) {
837 if (ut == user_type)
838 goto out_logout;
839 else
840 goto out_session;
841 }
842
843 if (ut == user_type) {
844 rv = C_Logout(session);
845 if (!ADBG_EXPECT_CK_OK(c, rv))
846 goto out_session;
847 }
848
849 rv = C_Login(session, ut, some_pin, sizeof(some_pin));
850 if (!ADBG_EXPECT_CK_OK(c, rv))
851 goto out_session;
852
853 rv = C_SetPIN(session, some_pin, sizeof(some_pin), old_pin, old_pin_sz);
854 ADBG_EXPECT_CK_OK(c, rv);
855
856out_logout:
857 rv2 = C_Logout(session);
858 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
859 rv = rv2;
860out_session:
861 rv2 = C_CloseSession(session);
862 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
863 rv = rv2;
864out:
865 Do_ADBG_EndSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
866
867 return rv;
868}
869
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]870static void xtest_pkcs11_test_1003(ADBG_Case_t *c)
871{
872 CK_RV rv = CKR_GENERAL_ERROR;
873 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
874 CK_SLOT_ID slot = 0;
875 CK_TOKEN_INFO token_info = { };
876
877 rv = C_GetFunctionList(&ckfunc_list);
878 if (!ADBG_EXPECT_CK_OK(c, rv) ||
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]879 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitToken) ||
880 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitPIN) ||
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]881 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_SetPIN) ||
882 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Login) ||
883 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Logout))
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]884 goto out;
885
886 rv = init_lib_and_find_token_slot(&slot);
887 if (!ADBG_EXPECT_CK_OK(c, rv))
888 return;
889
890 rv = C_GetTokenInfo(slot, &token_info);
891 if (!ADBG_EXPECT_CK_OK(c, rv))
892 goto out;
893
894 /* Abort test if token is about to lock */
895 if (!ADBG_EXPECT_TRUE(c, !(token_info.flags & CKF_SO_PIN_FINAL_TRY)))
896 goto out;
897
898 if (!(token_info.flags & CKF_TOKEN_INITIALIZED)) {
899 rv = test_uninitialized_token(c, slot);
900 if (rv != CKR_OK)
901 goto out;
902 }
903
904 rv = test_already_initialized_token(c, slot);
905 if (rv != CKR_OK)
906 goto out;
907
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]908 rv = test_login_logout(c, slot);
909 if (rv != CKR_OK)
910 goto out;
911
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]912 rv = test_set_pin(c, slot, CKU_USER);
913 if (rv != CKR_OK)
914 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]915
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]916 rv = test_set_pin(c, slot, CKU_SO);
917 if (rv != CKR_OK)
918 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]919
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]920 /*
921 * CKU_CONTEXT_SPECIFIC is anything not CKU_USER or CKU_SO in order
922 * to skip the initial login.
923 */
924 test_set_pin(c, slot, CKU_CONTEXT_SPECIFIC);
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]925out:
926 rv = close_lib();
927 ADBG_EXPECT_CK_OK(c, rv);
928}
929
930ADBG_CASE_DEFINE(pkcs11, 1003, xtest_pkcs11_test_1003,
931 "PKCS11: Login to PKCS#11 token");
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]932
933static CK_ATTRIBUTE cktest_token_object[] = {
934 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
935 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
936 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
937 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
938 sizeof(CK_OBJECT_CLASS) },
939 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
940 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
941};
942
943static CK_ATTRIBUTE cktest_session_object[] = {
944 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
945 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
946 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
947 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
948 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
949 sizeof(CK_OBJECT_CLASS) },
950 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
951};
952
953/* Create session object and token object from a session */
954static void test_create_destroy_single_object(ADBG_Case_t *c, bool persistent)
955{
956 CK_RV rv = CKR_GENERAL_ERROR;
957 CK_SLOT_ID slot = 0;
958 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
959 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
960 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
961
962 rv = init_lib_and_find_token_slot(&slot);
963 if (!ADBG_EXPECT_CK_OK(c, rv))
964 return;
965
966 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
967 if (!ADBG_EXPECT_CK_OK(c, rv))
968 goto out;
969
970 if (persistent) {
971 rv = C_CreateObject(session, cktest_token_object,
972 ARRAY_SIZE(cktest_token_object),
973 &obj_hdl);
974 } else {
975 rv = C_CreateObject(session, cktest_session_object,
976 ARRAY_SIZE(cktest_session_object),
977 &obj_hdl);
978 }
979
980 if (!ADBG_EXPECT_CK_OK(c, rv))
981 goto out;
982
983 rv = C_DestroyObject(session, obj_hdl);
984 ADBG_EXPECT_CK_OK(c, rv);
985out:
986 rv = C_CloseSession(session);
987 ADBG_EXPECT_CK_OK(c, rv);
988
989 rv = close_lib();
990 ADBG_EXPECT_CK_OK(c, rv);
991}
992
993static void test_create_destroy_session_objects(ADBG_Case_t *c)
994{
995 CK_RV rv = CKR_GENERAL_ERROR;
996 CK_SLOT_ID slot = 0;
997 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
998 CK_OBJECT_HANDLE obj_hdl[512] = { 0 };
999 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
1000 size_t n = 0;
1001
1002 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
1003 obj_hdl[n] = CK_INVALID_HANDLE;
1004
1005 rv = init_lib_and_find_token_slot(&slot);
1006 if (!ADBG_EXPECT_CK_OK(c, rv))
1007 return;
1008
1009 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1010 if (!ADBG_EXPECT_CK_OK(c, rv))
1011 goto out;
1012
1013 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++) {
1014 rv = C_CreateObject(session, cktest_session_object,
1015 ARRAY_SIZE(cktest_session_object),
1016 obj_hdl + n);
1017
1018 if (rv == CKR_DEVICE_MEMORY || !ADBG_EXPECT_CK_OK(c, rv))
1019 break;
1020 }
1021
1022 Do_ADBG_Log(" created object count: %zu", n);
1023
1024 rv = C_CloseSession(session);
1025 ADBG_EXPECT_CK_OK(c, rv);
1026
1027 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1028 if (!ADBG_EXPECT_CK_OK(c, rv))
1029 goto out;
1030
1031 rv = C_CreateObject(session, cktest_session_object,
1032 ARRAY_SIZE(cktest_session_object),
1033 obj_hdl);
1034
1035 ADBG_EXPECT_CK_OK(c, rv);
1036
1037out:
1038 rv = C_CloseSession(session);
1039 ADBG_EXPECT_CK_OK(c, rv);
1040
1041 rv = close_lib();
1042 ADBG_EXPECT_CK_OK(c, rv);
1043}
1044
1045/* Create session object and token object from a session */
1046static void test_create_objects_in_session(ADBG_Case_t *c, bool readwrite)
1047{
1048 CK_RV rv = CKR_GENERAL_ERROR;
1049 CK_SLOT_ID slot = 0;
1050 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1051 CK_OBJECT_HANDLE token_obj_hld = CK_INVALID_HANDLE;
1052 CK_OBJECT_HANDLE session_obj_hld = CK_INVALID_HANDLE;
1053 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1054
1055 rv = init_lib_and_find_token_slot(&slot);
1056 if (!ADBG_EXPECT_CK_OK(c, rv))
1057 return;
1058
1059 if (readwrite)
1060 session_flags |= CKF_RW_SESSION;
1061
1062 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1063 if (!ADBG_EXPECT_CK_OK(c, rv))
1064 goto out;
1065
1066 rv = C_CreateObject(session, cktest_token_object,
1067 ARRAY_SIZE(cktest_token_object),
1068 &token_obj_hld);
1069
1070 if (readwrite) {
1071 if (!ADBG_EXPECT_CK_OK(c, rv))
1072 goto out;
1073 } else {
1074 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
1075 goto out;
1076 }
1077
1078 rv = C_CreateObject(session, cktest_session_object,
1079 ARRAY_SIZE(cktest_session_object),
1080 &session_obj_hld);
1081
1082 if (!ADBG_EXPECT_CK_OK(c, rv))
1083 goto out_tobj;
1084
1085 rv = C_DestroyObject(session, session_obj_hld);
1086 ADBG_EXPECT_CK_OK(c, rv);
1087
1088out_tobj:
1089 if (readwrite) {
1090 rv = C_DestroyObject(session, token_obj_hld);
1091 ADBG_EXPECT_CK_OK(c, rv);
1092 }
1093out:
1094 rv = C_CloseSession(session);
1095 ADBG_EXPECT_CK_OK(c, rv);
1096
1097 rv = close_lib();
1098 ADBG_EXPECT_CK_OK(c, rv);
1099}
1100
1101static void xtest_pkcs11_test_1004(ADBG_Case_t *c)
1102{
1103 Do_ADBG_BeginSubCase(c, "Create and destroy a volatile object");
1104 test_create_destroy_single_object(c, false /*!persistent*/);
1105 Do_ADBG_EndSubCase(c, "Create and destroy a volatile object");
1106
1107 Do_ADBG_BeginSubCase(c, "Create and destroy a persistent object");
1108 test_create_destroy_single_object(c, true /*persistent*/);
1109 Do_ADBG_EndSubCase(c, "Create and destroy a persistent object");
1110
1111 Do_ADBG_BeginSubCase(c, "Create and destroy many session objects");
1112 test_create_destroy_session_objects(c);
1113 Do_ADBG_EndSubCase(c, "Create and destroy many session objects");
1114
1115 Do_ADBG_BeginSubCase(c, "Create objects in a read-only session");
1116 test_create_objects_in_session(c, false /*!readwrite*/);
1117 Do_ADBG_EndSubCase(c, "Create objects in a read-only session");
1118
1119 Do_ADBG_BeginSubCase(c, "Create objects in a read/write session");
1120 test_create_objects_in_session(c, true /*readwrite*/);
1121 Do_ADBG_EndSubCase(c, "Create objects in a read/write session");
1122}
1123
1124ADBG_CASE_DEFINE(pkcs11, 1004, xtest_pkcs11_test_1004,
1125 "PKCS11: create/destroy PKCS#11 simple objects");
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]1126
1127
1128static const CK_MECHANISM_TYPE allowed_only_aes_ecb[] = {
1129 CKM_AES_ECB,
1130};
1131static const CK_MECHANISM_TYPE allowed_not_aes_ecb[] = {
1132 CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1133 CKM_AES_GCM, CKM_AES_CCM,
1134};
1135static const CK_MECHANISM_TYPE allowed_only_aes_cbcnopad[] = {
1136 CKM_AES_CBC,
1137};
1138static const CK_MECHANISM_TYPE allowed_not_aes_cbcnopad[] = {
1139 CKM_AES_ECB, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1140 CKM_AES_GCM, CKM_AES_CCM,
1141};
1142static const CK_MECHANISM_TYPE allowed_only_aes_ctr[] = {
1143 CKM_AES_CTR,
1144};
1145static const CK_MECHANISM_TYPE allowed_not_aes_ctr[] = {
1146 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTS,
1147 CKM_AES_GCM, CKM_AES_CCM,
1148};
1149static const CK_MECHANISM_TYPE allowed_only_aes_cts[] = {
1150 CKM_AES_CTS,
1151};
1152static const CK_MECHANISM_TYPE allowed_not_aes_cts[] = {
1153 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR,
1154 CKM_AES_GCM, CKM_AES_CCM,
1155};
1156
1157#define CKTEST_AES_KEY \
1158 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1159 sizeof(CK_OBJECT_CLASS) }, \
1160 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, \
1161 sizeof(CK_KEY_TYPE) }, \
1162 { CKA_VALUE, (void *)cktest_aes128_key, \
1163 sizeof(cktest_aes128_key) }
1164
1165#define CKTEST_AES_ALLOWED_KEY(_allowed) \
1166 { CKA_ALLOWED_MECHANISMS, (void *)_allowed, sizeof(_allowed), }
1167
1168#define CK_KEY_ALLOWED_AES_TEST(_label, _allowed) \
1169 static CK_ATTRIBUTE _label[] = { \
1170 CKTEST_AES_KEY, \
1171 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1172 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1173 CKTEST_AES_ALLOWED_KEY(_allowed), \
1174 }
1175
1176#define CK_KEY_ALLOWED_AES_ENC_TEST(_label, _allowed) \
1177 static CK_ATTRIBUTE _label[] = { \
1178 CKTEST_AES_KEY, \
1179 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1180 CKTEST_AES_ALLOWED_KEY(_allowed), \
1181 }
1182#define CK_KEY_ALLOWED_AES_DEC_TEST(_label, _allowed) \
1183 static CK_ATTRIBUTE _label[] = { \
1184 CKTEST_AES_KEY, \
1185 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1186 CKTEST_AES_ALLOWED_KEY(_allowed), \
1187 }
1188
1189CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ecb, allowed_only_aes_ecb);
1190CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ecb, allowed_not_aes_ecb);
1191CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cbcnopad, allowed_only_aes_cbcnopad);
1192CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cbcnopad, allowed_not_aes_cbcnopad);
1193CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cts, allowed_only_aes_cts);
1194CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cts, allowed_not_aes_cts);
1195CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ctr, allowed_only_aes_ctr);
1196CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ctr, allowed_not_aes_ctr);
1197
1198struct cktest_allowed_test {
1199 CK_ATTRIBUTE_PTR attr_key;
1200 CK_ULONG attr_count;
1201 CK_MECHANISM_PTR mechanism;
1202};
1203
1204#define CKTEST_KEY_MECHA(key, mecha) { \
1205 .attr_key = key, \
1206 .attr_count = ARRAY_SIZE(key), \
1207 .mechanism = mecha, \
1208 }
1209
1210static const struct cktest_allowed_test cktest_allowed_valid[] = {
1211 CKTEST_KEY_MECHA(cktest_aes_only_ecb, &cktest_aes_ecb_mechanism),
1212 CKTEST_KEY_MECHA(cktest_aes_only_cbcnopad, &cktest_aes_cbc_mechanism),
1213 CKTEST_KEY_MECHA(cktest_aes_only_cts, &cktest_aes_cts_mechanism),
1214 CKTEST_KEY_MECHA(cktest_aes_only_ctr, &cktest_aes_ctr_mechanism),
1215};
1216
1217static const struct cktest_allowed_test cktest_allowed_invalid[] = {
1218 CKTEST_KEY_MECHA(cktest_aes_not_ecb, &cktest_aes_ecb_mechanism),
1219 CKTEST_KEY_MECHA(cktest_aes_not_cbcnopad, &cktest_aes_cbc_mechanism),
1220 CKTEST_KEY_MECHA(cktest_aes_not_cts, &cktest_aes_cts_mechanism),
1221 CKTEST_KEY_MECHA(cktest_aes_not_ctr, &cktest_aes_ctr_mechanism),
1222};
1223
1224/* Create session object and token object from a session */
1225static CK_RV cipher_init_final(ADBG_Case_t *c, CK_SESSION_HANDLE session,
1226 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1227 CK_MECHANISM_PTR mechanism, uint32_t mode,
1228 CK_RV expected_rc)
1229{
1230 CK_RV rv2 = CKR_GENERAL_ERROR;
1231 CK_RV rv = CKR_GENERAL_ERROR;
1232 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1233
1234 switch (mode) {
1235 case TEE_MODE_ENCRYPT:
1236 case TEE_MODE_DECRYPT:
1237 break;
1238 default:
1239 ADBG_EXPECT_TRUE(c, false);
1240 }
1241
1242 rv = C_CreateObject(session, attr_key, attr_count, &object);
1243 if (!ADBG_EXPECT_CK_OK(c, rv))
1244 return rv;
1245
1246 if (mode == TEE_MODE_ENCRYPT)
1247 rv = C_EncryptInit(session, mechanism, object);
1248 if (mode == TEE_MODE_DECRYPT)
1249 rv = C_DecryptInit(session, mechanism, object);
1250
1251 if (!ADBG_EXPECT_CK_RESULT(c, expected_rc, rv)) {
1252 rv = CKR_GENERAL_ERROR;
1253 goto out;
1254 }
1255
1256 if (rv) {
1257 /*
1258 * If we're here it was the expected error code above and
1259 * we're supposed to return OK below.
1260 */
1261 rv = CKR_OK;
1262 } else {
1263 if (mode == TEE_MODE_ENCRYPT)
1264 rv = C_EncryptFinal(session, NULL, NULL);
1265 if (mode == TEE_MODE_DECRYPT)
1266 rv = C_DecryptFinal(session, NULL, NULL);
1267
Vesa Jääskeläinen9e5867b2021-07-01 08:42:46 +0300[diff] [blame^]1268 /*
1269 * Check that return value is expected so that operation is
1270 * released
1271 */
1272 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv)) {
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]1273 rv = CKR_GENERAL_ERROR;
Vesa Jääskeläinen9e5867b2021-07-01 08:42:46 +0300[diff] [blame^]1274 goto out;
1275 }
1276
1277 rv = CKR_OK;
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]1278 }
1279
1280out:
1281 rv2 = C_DestroyObject(session, object);
1282 ADBG_EXPECT_CK_OK(c, rv2);
1283
1284 if (rv)
1285 return rv;
1286 else
1287 return rv2;
1288}
1289
1290CK_KEY_ALLOWED_AES_ENC_TEST(cktest_aes_enc_only_cts, allowed_only_aes_cts);
1291
1292CK_KEY_ALLOWED_AES_DEC_TEST(cktest_aes_dec_only_ctr, allowed_only_aes_ctr);
1293
1294static void xtest_pkcs11_test_1005(ADBG_Case_t *c)
1295{
1296 CK_RV rv = CKR_GENERAL_ERROR;
1297 CK_SLOT_ID slot = 0;
1298 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1299 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1300 size_t n = 0;
1301
1302 rv = init_lib_and_find_token_slot(&slot);
1303 if (!ADBG_EXPECT_CK_OK(c, rv))
1304 return;
1305
1306 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1307 if (!ADBG_EXPECT_CK_OK(c, rv))
1308 goto out;
1309
1310 for (n = 0; n < ARRAY_SIZE(cktest_allowed_valid); n++) {
1311
1312 Do_ADBG_BeginSubCase(c, "valid usage #%zu", n);
1313
1314 rv = cipher_init_final(c, session,
1315 cktest_allowed_valid[n].attr_key,
1316 cktest_allowed_valid[n].attr_count,
1317 cktest_allowed_valid[n].mechanism,
1318 TEE_MODE_ENCRYPT,
1319 CKR_OK);
1320
1321 ADBG_EXPECT_CK_OK(c, rv);
1322
1323 Do_ADBG_EndSubCase(c, NULL);
1324 if (rv)
1325 goto out;
1326
1327 }
1328
1329 for (n = 0; n < ARRAY_SIZE(cktest_allowed_invalid); n++) {
1330 Do_ADBG_BeginSubCase(c, "invalid usage #%zu", n);
1331
1332 rv = cipher_init_final(c, session,
1333 cktest_allowed_invalid[n].attr_key,
1334 cktest_allowed_invalid[n].attr_count,
1335 cktest_allowed_invalid[n].mechanism,
1336 TEE_MODE_ENCRYPT,
1337 CKR_KEY_FUNCTION_NOT_PERMITTED);
1338
1339 ADBG_EXPECT_CK_OK(c, rv);
1340
1341 Do_ADBG_EndSubCase(c, NULL);
1342 if (rv)
1343 goto out;
1344
1345 }
1346
1347out:
1348 rv = C_CloseSession(session);
1349 ADBG_EXPECT_CK_OK(c, rv);
1350
1351 rv = close_lib();
1352 ADBG_EXPECT_CK_OK(c, rv);
1353}
1354
1355
1356ADBG_CASE_DEFINE(pkcs11, 1005, xtest_pkcs11_test_1005,
1357 "PKCS11: Check ciphering with valid and invalid keys #1");
1358
1359static void xtest_pkcs11_test_1006(ADBG_Case_t *c)
1360{
1361 CK_RV rv = CKR_GENERAL_ERROR;
1362 CK_SLOT_ID slot = 0;
1363 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1364 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1365
1366 rv = init_lib_and_find_token_slot(&slot);
1367 if (!ADBG_EXPECT_CK_OK(c, rv))
1368 return;
1369
1370 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1371 if (!ADBG_EXPECT_CK_OK(c, rv))
1372 goto out;
1373
1374 /* Encrypt only AES CTS key */
1375 rv = cipher_init_final(c, session,
1376 cktest_aes_enc_only_cts,
1377 ARRAY_SIZE(cktest_aes_enc_only_cts),
1378 &cktest_aes_cts_mechanism,
1379 TEE_MODE_ENCRYPT,
1380 CKR_OK);
1381 if (!ADBG_EXPECT_CK_OK(c, rv))
1382 goto out;
1383
1384 rv = cipher_init_final(c, session,
1385 cktest_aes_enc_only_cts,
1386 ARRAY_SIZE(cktest_aes_enc_only_cts),
1387 &cktest_aes_cts_mechanism,
1388 TEE_MODE_DECRYPT,
1389 CKR_KEY_FUNCTION_NOT_PERMITTED);
1390 if (!ADBG_EXPECT_CK_OK(c, rv))
1391 goto out;
1392
1393 /* Decrypt only AES CTR key */
1394 rv = cipher_init_final(c, session,
1395 cktest_aes_dec_only_ctr,
1396 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1397 &cktest_aes_ctr_mechanism,
1398 TEE_MODE_ENCRYPT,
1399 CKR_KEY_FUNCTION_NOT_PERMITTED);
1400 if (!ADBG_EXPECT_CK_OK(c, rv))
1401 goto out;
1402
1403 rv = cipher_init_final(c, session,
1404 cktest_aes_dec_only_ctr,
1405 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1406 &cktest_aes_ctr_mechanism,
1407 TEE_MODE_ENCRYPT,
1408 CKR_KEY_FUNCTION_NOT_PERMITTED);
1409 if (!ADBG_EXPECT_CK_OK(c, rv))
1410 goto out;
1411
1412out:
1413 rv = C_CloseSession(session);
1414 ADBG_EXPECT_CK_OK(c, rv);
1415
1416 rv = close_lib();
1417 ADBG_EXPECT_CK_OK(c, rv);
1418}
1419ADBG_CASE_DEFINE(pkcs11, 1006, xtest_pkcs11_test_1006,
1420 "PKCS11: Check ciphering with valid and invalid keys #2");
1421
1422static CK_RV open_cipher_session(ADBG_Case_t *c,
1423 CK_SLOT_ID slot, CK_SESSION_HANDLE_PTR session,
1424 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1425 CK_MECHANISM_PTR mechanism, uint32_t mode)
1426{
1427 CK_RV rv = CKR_GENERAL_ERROR;
1428 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1429 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1430
1431 switch (mode) {
1432 case TEE_MODE_ENCRYPT:
1433 case TEE_MODE_DECRYPT:
1434 break;
1435 default:
1436 ADBG_EXPECT_TRUE(c, false);
1437 return CKR_GENERAL_ERROR;
1438 }
1439
1440 rv = C_OpenSession(slot, session_flags, NULL, 0, session);
1441 if (rv == CKR_DEVICE_MEMORY)
1442 return rv;
1443 if (!ADBG_EXPECT_CK_OK(c, rv))
1444 return rv;
1445
1446 rv = C_CreateObject(*session, attr_key, attr_count, &object);
1447 if (rv == CKR_DEVICE_MEMORY)
1448 return rv;
1449 if (!ADBG_EXPECT_CK_OK(c, rv))
1450 return rv;
1451
1452 if (mode == TEE_MODE_ENCRYPT)
1453 rv = C_EncryptInit(*session, mechanism, object);
1454 if (mode == TEE_MODE_DECRYPT)
1455 rv = C_DecryptInit(*session, mechanism, object);
1456
1457 if (rv == CKR_DEVICE_MEMORY)
1458 return rv;
1459 if (!ADBG_EXPECT_CK_OK(c, rv))
1460 return CKR_GENERAL_ERROR;
1461
1462 return rv;
1463}
1464
1465static void xtest_pkcs11_test_1007(ADBG_Case_t *c)
1466{
1467 CK_RV rv = CKR_GENERAL_ERROR;
1468 CK_SLOT_ID slot = 0;
1469 CK_SESSION_HANDLE sessions[128];
1470 size_t n = 0;
1471
1472 for (n = 0; n < ARRAY_SIZE(sessions); n++)
1473 sessions[n] = CK_INVALID_HANDLE;
1474
1475 rv = init_lib_and_find_token_slot(&slot);
1476 if (!ADBG_EXPECT_CK_OK(c, rv))
1477 return;
1478
1479 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1480
1481 rv = open_cipher_session(c, slot, &sessions[n],
1482 cktest_allowed_valid[0].attr_key,
1483 cktest_allowed_valid[0].attr_count,
1484 cktest_allowed_valid[0].mechanism,
1485 TEE_MODE_ENCRYPT);
1486
1487 /* Failure due to memory allocation is not a error case */
1488 if (rv == CKR_DEVICE_MEMORY)
1489 break;
1490
1491 if (!ADBG_EXPECT_CK_OK(c, rv))
1492 goto out;
1493 }
1494
1495 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, >, 0))
1496 goto out;
1497
1498 Do_ADBG_Log(" created sessions count: %zu", n);
1499
1500 /* Closing session with out bound and invalid IDs (or negative ID) */
1501 rv = C_CloseSession(sessions[n - 1] + 1024);
1502 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1503 rv = C_CloseSession(CK_INVALID_HANDLE);
1504 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1505 rv = C_CloseSession(~0);
1506 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1507
1508 /* Closing each session: all related resources shall be free */
1509 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1510 if (sessions[n] == CK_INVALID_HANDLE)
1511 continue;
1512
1513 rv = C_CloseSession(sessions[n]);
1514 ADBG_EXPECT_CK_OK(c, rv);
1515 sessions[n] = CK_INVALID_HANDLE;
1516 }
1517
1518 /* Open and close another session */
1519 rv = open_cipher_session(c, slot, &sessions[0],
1520 cktest_allowed_valid[0].attr_key,
1521 cktest_allowed_valid[0].attr_count,
1522 cktest_allowed_valid[0].mechanism,
1523 TEE_MODE_ENCRYPT);
1524
1525 if (!ADBG_EXPECT_CK_OK(c, rv))
1526 goto out;
1527
1528 rv = C_CloseSession(sessions[0]);
1529 ADBG_EXPECT_CK_OK(c, rv);
1530 sessions[0] = CK_INVALID_HANDLE;
1531
1532out:
1533 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1534 if (sessions[n] == CK_INVALID_HANDLE)
1535 continue;
1536
1537 rv = C_CloseSession(sessions[n]);
1538 ADBG_EXPECT_CK_OK(c, rv);
1539 }
1540
1541 rv = close_lib();
1542 ADBG_EXPECT_CK_OK(c, rv);
1543}
1544ADBG_CASE_DEFINE(pkcs11, 1007, xtest_pkcs11_test_1007,
1545 "PKCS11: Check operations release at session closure");
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1546
1547#define CK_MAC_KEY_HMAC(_type, _key_array) \
1548 { \
1549 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, \
1550 sizeof(CK_BBOOL) }, \
1551 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, \
1552 sizeof(CK_BBOOL) }, \
1553 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1554 sizeof(CK_OBJECT_CLASS) }, \
1555 { CKA_KEY_TYPE, &(CK_KEY_TYPE){_type}, \
1556 sizeof(CK_KEY_TYPE) }, \
1557 { CKA_VALUE, (void *)(_key_array), \
1558 sizeof(_key_array) } \
1559 }
1560
1561static CK_ATTRIBUTE cktest_hmac_md5_key[] =
1562 CK_MAC_KEY_HMAC(CKK_MD5_HMAC, mac_data_md5_key1);
1563
1564static CK_ATTRIBUTE cktest_hmac_sha1_key[] =
1565 CK_MAC_KEY_HMAC(CKK_SHA_1_HMAC, mac_data_sha1_key1);
1566
1567static CK_ATTRIBUTE cktest_hmac_sha224_key[] =
1568 CK_MAC_KEY_HMAC(CKK_SHA224_HMAC, mac_data_sha224_key1);
1569
1570static CK_ATTRIBUTE cktest_hmac_sha256_key1[] =
1571 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key1);
1572
1573static CK_ATTRIBUTE cktest_hmac_sha256_key2[] =
1574 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key2);
1575
1576static CK_ATTRIBUTE cktest_hmac_sha384_key[] =
1577 CK_MAC_KEY_HMAC(CKK_SHA384_HMAC, mac_data_sha384_key1);
1578
1579static CK_ATTRIBUTE cktest_hmac_sha512_key[] =
1580 CK_MAC_KEY_HMAC(CKK_SHA512_HMAC, mac_data_sha512_key1);
1581
1582struct mac_test {
1583 CK_ATTRIBUTE_PTR attr_key;
1584 CK_ULONG attr_count;
1585 CK_MECHANISM_PTR mechanism;
1586 size_t in_incr;
1587 const uint8_t *in;
1588 size_t in_len;
1589 const uint8_t *out;
1590 size_t out_len;
1591 bool multiple_incr;
1592};
1593
1594#define CKTEST_MAC_TEST(key, mecha, input_incr, input, output, incr) { \
1595 .attr_key = key, \
1596 .attr_count = ARRAY_SIZE(key), \
1597 .mechanism = mecha, \
1598 .in_incr = input_incr, \
1599 .in = input, \
1600 .in_len = ARRAY_SIZE(input), \
1601 .out = output, \
1602 .out_len = ARRAY_SIZE(output), \
1603 .multiple_incr = incr \
1604 }
1605
1606static const struct mac_test cktest_mac_cases[] = {
1607 CKTEST_MAC_TEST(cktest_hmac_md5_key, &cktest_hmac_md5_mechanism,
1608 4, mac_data_md5_in1, mac_data_md5_out1, false),
1609 CKTEST_MAC_TEST(cktest_hmac_sha1_key, &cktest_hmac_sha1_mechanism,
1610 5, mac_data_sha1_in1, mac_data_sha1_out1, false),
1611 CKTEST_MAC_TEST(cktest_hmac_sha224_key, &cktest_hmac_sha224_mechanism,
1612 8, mac_data_sha224_in1, mac_data_sha224_out1, false),
1613 CKTEST_MAC_TEST(cktest_hmac_sha256_key1, &cktest_hmac_sha256_mechanism,
1614 1, mac_data_sha256_in1, mac_data_sha256_out1, false),
1615 CKTEST_MAC_TEST(cktest_hmac_sha256_key2, &cktest_hmac_sha256_mechanism,
1616 7, mac_data_sha256_in2, mac_data_sha256_out2, false),
1617 CKTEST_MAC_TEST(cktest_hmac_sha384_key, &cktest_hmac_sha384_mechanism,
1618 11, mac_data_sha384_in1, mac_data_sha384_out1, false),
1619 CKTEST_MAC_TEST(cktest_hmac_sha512_key, &cktest_hmac_sha512_mechanism,
1620 13, mac_data_sha512_in1, mac_data_sha512_out1, false),
1621};
1622
1623static void xtest_pkcs11_test_1008(ADBG_Case_t *c)
1624{
1625 CK_RV rv = CKR_GENERAL_ERROR;
1626 CK_SLOT_ID slot = 0;
1627 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1628 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1629 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1630 uint8_t out[512] = { 0 };
1631 CK_ULONG out_size = 0;
1632 struct mac_test const *test = NULL;
1633 size_t n = 0;
1634
1635 rv = init_lib_and_find_token_slot(&slot);
1636 if (!ADBG_EXPECT_CK_OK(c, rv))
1637 return;
1638
1639 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1640 if (!ADBG_EXPECT_CK_OK(c, rv))
1641 goto err_close_lib;
1642
1643 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1644
1645 test = &cktest_mac_cases[n];
1646 Do_ADBG_BeginSubCase(c, "Sign case %zu algo (%s)", n,
1647 ckm2str(test->mechanism->mechanism));
1648
1649 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1650 &key_handle);
1651 if (!ADBG_EXPECT_CK_OK(c, rv))
1652 goto err;
1653
1654 /* Test signature in 1 step */
1655 if (test->in != NULL) {
1656 rv = C_SignInit(session, test->mechanism, key_handle);
1657 if (!ADBG_EXPECT_CK_OK(c, rv))
1658 goto err_destr_obj;
1659
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame]1660 /* Pass input buffer of size 0 */
1661 rv = C_SignUpdate(session,
1662 (void *)test->in, 0);
1663 if (!ADBG_EXPECT_CK_OK(c, rv))
1664 goto err_destr_obj;
1665
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1666 rv = C_SignUpdate(session,
1667 (void *)test->in, test->in_len);
1668 if (!ADBG_EXPECT_CK_OK(c, rv))
1669 goto err_destr_obj;
1670
1671 /* Test too short buffer case */
1672 out_size = 1;
1673 rv = C_SignFinal(session, out, &out_size);
1674 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1675 goto err_destr_obj;
1676
1677 /*
1678 * Test NULL buffer case with size as 0
1679 * to get the out_size
1680 */
1681 out_size = 0;
1682 rv = C_SignFinal(session, NULL, &out_size);
1683 if (!ADBG_EXPECT_CK_OK(c, rv))
1684 goto err_destr_obj;
1685
Vesa Jääskeläinenbbe78622021-06-27 16:03:13 +0300[diff] [blame]1686 /*
1687 * Test NULL buffer case with size as non-zero
1688 * to get the out_size
1689 */
1690 out_size = 42;
1691 rv = C_SignFinal(session, NULL, &out_size);
1692 if (!ADBG_EXPECT_CK_OK(c, rv))
1693 goto err_destr_obj;
1694
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1695 /* Get to full output */
1696 memset(out, 0, out_size);
1697 rv = C_SignFinal(session, out, &out_size);
1698 if (!ADBG_EXPECT_CK_OK(c, rv))
1699 goto err_destr_obj;
1700
1701 (void)ADBG_EXPECT_BUFFER(c, test->out,
1702 test->out_len,
1703 out, out_size);
1704 }
1705
1706 /* Test 2 step update signature */
1707 rv = C_SignInit(session, test->mechanism, key_handle);
1708 if (!ADBG_EXPECT_CK_OK(c, rv))
1709 goto err_destr_obj;
1710
1711 if (test->in != NULL) {
1712 rv = C_SignUpdate(session,
1713 (void *)test->in, test->in_incr);
1714 if (!ADBG_EXPECT_CK_OK(c, rv))
1715 goto err_destr_obj;
1716
1717 rv = C_SignUpdate(session,
1718 (void *)(test->in + test->in_incr),
1719 test->in_len - test->in_incr);
1720 if (!ADBG_EXPECT_CK_OK(c, rv))
1721 goto err_destr_obj;
1722 }
1723
1724 out_size = sizeof(out);
1725 memset(out, 0, sizeof(out));
1726
1727 rv = C_SignFinal(session, out, &out_size);
1728 if (!ADBG_EXPECT_CK_OK(c, rv))
1729 goto err_destr_obj;
1730
1731 (void)ADBG_EXPECT_BUFFER(c, test->out,
1732 test->out_len, out, out_size);
1733
1734 /* Test 3 signature in one shot */
1735 if (test->in != NULL) {
1736 rv = C_SignInit(session, test->mechanism, key_handle);
1737 if (!ADBG_EXPECT_CK_OK(c, rv))
1738 goto err_destr_obj;
1739
1740 /* Test too short buffer case */
1741 out_size = 1;
1742 rv = C_Sign(session,(void *)test->in, test->in_len,
1743 out, &out_size);
1744 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1745 goto err_destr_obj;
1746
1747 /*
1748 * Test NULL buffer case with size as 0
1749 * to get the out_size
1750 */
1751 out_size = 0;
1752 rv = C_Sign(session, (void *)test->in, test->in_len,
1753 NULL, &out_size);
1754 if (!ADBG_EXPECT_CK_OK(c, rv))
1755 goto err_destr_obj;
1756
Vesa Jääskeläinenbbe78622021-06-27 16:03:13 +0300[diff] [blame]1757 /*
1758 * Test NULL buffer case with size as non-zero
1759 * to get the out_size
1760 */
1761 out_size = 42;
1762 rv = C_Sign(session, (void *)test->in, test->in_len,
1763 NULL, &out_size);
1764 if (!ADBG_EXPECT_CK_OK(c, rv))
1765 goto err_destr_obj;
1766
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1767 /* Get to full output */
1768 memset(out, 0, out_size);
1769 rv = C_Sign(session,(void *)test->in, test->in_len,
1770 out, &out_size);
1771 if (!ADBG_EXPECT_CK_OK(c, rv))
1772 goto err_destr_obj;
1773
1774 (void)ADBG_EXPECT_BUFFER(c, test->out,
1775 test->out_len,
1776 out, out_size);
1777 }
1778
1779 rv = C_DestroyObject(session, key_handle);
1780 if (!ADBG_EXPECT_CK_OK(c, rv))
1781 goto err;
1782
1783 Do_ADBG_EndSubCase(c, NULL);
1784 }
1785 goto out;
1786
1787err_destr_obj:
1788 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1789err:
1790 Do_ADBG_EndSubCase(c, NULL);
1791out:
1792 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1793err_close_lib:
1794 ADBG_EXPECT_CK_OK(c, close_lib());
1795}
1796ADBG_CASE_DEFINE(pkcs11, 1008, xtest_pkcs11_test_1008,
1797 "PKCS11: Check Compliance of C_Sign - HMAC algorithms");
1798
1799static void xtest_pkcs11_test_1009(ADBG_Case_t *c)
1800{
1801 CK_RV rv = CKR_GENERAL_ERROR;
1802 CK_SLOT_ID slot = 0;
1803 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1804 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1805 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1806 struct mac_test const *test = NULL;
1807 size_t n = 0;
1808
1809 rv = init_lib_and_find_token_slot(&slot);
1810 if (!ADBG_EXPECT_CK_OK(c, rv))
1811 return;
1812
1813 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1814 if (!ADBG_EXPECT_CK_OK(c, rv))
1815 goto err_close_lib;
1816
1817 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1818
1819 test = &cktest_mac_cases[n];
1820 Do_ADBG_BeginSubCase(c, "Verify case %zu algo (%s)", n,
1821 ckm2str(test->mechanism->mechanism));
1822
1823 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1824 &key_handle);
1825 if (!ADBG_EXPECT_CK_OK(c, rv))
1826 goto err;
1827
1828 /* Test Verification in 1 step */
1829 if (test->in != NULL) {
1830 rv = C_VerifyInit(session, test->mechanism, key_handle);
1831 if (!ADBG_EXPECT_CK_OK(c, rv))
1832 goto err_destr_obj;
1833
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame]1834 /* Pass input buffer with size 0 - No affect */
1835 rv = C_VerifyUpdate(session, (void *)test->in, 0);
1836 if (!ADBG_EXPECT_CK_OK(c, rv))
1837 goto err_destr_obj;
1838
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1839 rv = C_VerifyUpdate(session, (void *)test->in,
1840 test->in_len);
1841 if (!ADBG_EXPECT_CK_OK(c, rv))
1842 goto err_destr_obj;
1843
1844 rv = C_VerifyFinal(session,
1845 (void *)test->out, test->out_len);
1846 if (!ADBG_EXPECT_CK_OK(c, rv))
1847 goto err_destr_obj;
1848
1849 }
1850
1851 /* Test 2 step update verification*/
1852 rv = C_VerifyInit(session, test->mechanism, key_handle);
1853 if (!ADBG_EXPECT_CK_OK(c, rv))
1854 goto err_destr_obj;
1855
1856 if (test->in != NULL) {
1857 rv = C_VerifyUpdate(session,
1858 (void *)test->in, test->in_incr);
1859 if (!ADBG_EXPECT_CK_OK(c, rv))
1860 goto err_destr_obj;
1861
1862 rv = C_VerifyUpdate(session,
1863 (void *)(test->in + test->in_incr),
1864 test->in_len - test->in_incr);
1865 if (!ADBG_EXPECT_CK_OK(c, rv))
1866 goto err_destr_obj;
1867 }
1868
1869 rv = C_VerifyFinal(session, (void *)test->out, test->out_len);
1870 if (!ADBG_EXPECT_CK_OK(c, rv))
1871 goto err_destr_obj;
1872
1873 /* Error as Operation has already completed */
1874 rv = C_Verify(session,
1875 (void *)test->in, test->in_len,
1876 (void *)test->out, test->out_len);
1877 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED,
1878 rv))
1879 goto err_destr_obj;
1880
1881 /* Test 3 verification in one shot */
1882 if (test->in != NULL) {
1883 rv = C_VerifyInit(session, test->mechanism, key_handle);
1884 if (!ADBG_EXPECT_CK_OK(c, rv))
1885 goto err_destr_obj;
1886
1887 rv = C_Verify(session,
1888 (void *)test->in, test->in_len,
1889 (void *)test->out, test->out_len);
1890 if (!ADBG_EXPECT_CK_OK(c, rv))
1891 goto err_destr_obj;
1892
1893 /* Try calling Verify again */
1894 rv = C_Verify(session,
1895 (void *)test->in, test->in_len,
1896 (void *)test->out, test->out_len);
1897 if (!ADBG_EXPECT_CK_RESULT(c,
1898 CKR_OPERATION_NOT_INITIALIZED,
1899 rv))
1900 goto err_destr_obj;
1901 }
1902
1903 /*
1904 * Test 4 verification
1905 * Error - Signature Length Range with C_VerifyFinal
1906 */
1907 if (test->in != NULL) {
1908 rv = C_VerifyInit(session, test->mechanism, key_handle);
1909 if (!ADBG_EXPECT_CK_OK(c, rv))
1910 goto err_destr_obj;
1911
1912 rv = C_VerifyUpdate(session, (void *)test->in,
1913 test->in_len);
1914 if (!ADBG_EXPECT_CK_OK(c, rv))
1915 goto err_destr_obj;
1916
1917 rv = C_VerifyFinal(session, (void *)test->out, 3);
1918 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1919 rv))
1920 goto err_destr_obj;
1921 }
1922
1923 /*
1924 * Test 5 verification
1925 * Error - Signature Length Range with C_Verify
1926 */
1927 if (test->in != NULL) {
1928 rv = C_VerifyInit(session, test->mechanism, key_handle);
1929 if (!ADBG_EXPECT_CK_OK(c, rv))
1930 goto err_destr_obj;
1931
1932 rv = C_Verify(session,
1933 (void *)test->in, test->in_len,
1934 (void *)test->out, 0);
1935 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1936 rv))
1937 goto err_destr_obj;
1938 }
1939
1940 /* Test 6 verification - Invalid Operation sequence */
1941 if (test->in != NULL) {
1942 rv = C_VerifyInit(session, test->mechanism, key_handle);
1943 if (!ADBG_EXPECT_CK_OK(c, rv))
1944 goto err_destr_obj;
1945
1946 rv = C_Verify(session,
1947 (void *)test->in, test->in_len,
1948 (void *)test->out, test->out_len);
1949 if (!ADBG_EXPECT_CK_OK(c, rv))
1950 goto err_destr_obj;
1951
1952 /* Init session has already terminated with C_Verify */
1953 rv = C_VerifyUpdate(session, (void *)test->in,
1954 test->in_len);
1955 if (!ADBG_EXPECT_CK_RESULT(c,
1956 CKR_OPERATION_NOT_INITIALIZED,
1957 rv))
1958 goto err_destr_obj;
1959 }
1960
1961 rv = C_DestroyObject(session, key_handle);
1962 if (!ADBG_EXPECT_CK_OK(c, rv))
1963 goto err;
1964
1965 Do_ADBG_EndSubCase(c, NULL);
1966 }
1967 goto out;
1968
1969err_destr_obj:
1970 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1971err:
1972 Do_ADBG_EndSubCase(c, NULL);
1973out:
1974 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1975err_close_lib:
1976 ADBG_EXPECT_CK_OK(c, close_lib());
1977}
1978ADBG_CASE_DEFINE(pkcs11, 1009, xtest_pkcs11_test_1009,
1979 "PKCS11: Check Compliance of C_Verify - HMAC Algorithms");
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]1980
1981/* Bad key type */
1982static CK_ATTRIBUTE cktest_generate_gensecret_object_error1[] = {
1983 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1984 sizeof(CK_OBJECT_CLASS) },
1985 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
1986 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
1987};
1988
1989/* Missing VALUE_LEN */
1990static CK_ATTRIBUTE cktest_generate_gensecret_object_error2[] = {
1991 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1992 sizeof(CK_OBJECT_CLASS) },
1993 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1994 sizeof(CK_KEY_TYPE) },
1995};
1996
1997/* Bad object class */
1998static CK_ATTRIBUTE cktest_generate_gensecret_object_error3[] = {
1999 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA}, sizeof(CK_OBJECT_CLASS) },
2000 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
2001 sizeof(CK_KEY_TYPE) },
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]2002 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]2003};
2004
2005/* Invalid template with CKA_LOCAL */
2006static CK_ATTRIBUTE cktest_generate_gensecret_object_error4[] = {
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]2007 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]2008 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2009};
2010
2011/* Valid template to generate a generic secret */
2012static CK_ATTRIBUTE cktest_generate_gensecret_object_valid1[] = {
2013 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
2014 sizeof(CK_OBJECT_CLASS) },
2015 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
2016 sizeof(CK_KEY_TYPE) },
2017 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2018 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]2019 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]2020};
2021
2022/* Valid template to generate a generic secret with only VALUE_LEN */
2023static CK_ATTRIBUTE cktest_generate_gensecret_object_valid2[] = {
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]2024 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]2025 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2026};
2027
2028
2029/* Valid template to generate an all AES purpose key */
2030static CK_ATTRIBUTE cktest_generate_aes_object[] = {
2031 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
2032 sizeof(CK_OBJECT_CLASS) },
2033 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
2034 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2035 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2036 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
2037};
2038
2039static void xtest_pkcs11_test_1010(ADBG_Case_t *c)
2040{
2041 CK_RV rv = CKR_GENERAL_ERROR;
2042 CK_SLOT_ID slot = 0;
2043 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2044 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2045 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
2046 struct mac_test const *test = &cktest_mac_cases[0];
2047 uint8_t out[512] = { 0 };
2048 CK_ULONG out_len = 512;
2049
2050 rv = init_lib_and_find_token_slot(&slot);
2051 if (!ADBG_EXPECT_CK_OK(c, rv))
2052 return;
2053
2054 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2055 if (!ADBG_EXPECT_CK_OK(c, rv))
2056 goto close_lib;
2057
2058 /*
2059 * Generate Generic Secret key using invalid templates
2060 */
2061 Do_ADBG_BeginSubCase(c, "Generate Secret Key with Invalid Templates");
2062
2063 /* NULL Template with !null template length */
2064 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism, NULL,
2065 3, &key_handle);
2066 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
2067 goto err;
2068
2069 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2070 cktest_generate_gensecret_object_error1,
2071 ARRAY_SIZE(cktest_generate_gensecret_object_error1),
2072 &key_handle);
2073 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2074 goto err;
2075
2076 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2077 cktest_generate_gensecret_object_error2,
2078 ARRAY_SIZE(cktest_generate_gensecret_object_error2),
2079 &key_handle);
2080 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCOMPLETE, rv))
2081 goto err;
2082
2083 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2084 cktest_generate_gensecret_object_error3,
2085 ARRAY_SIZE(cktest_generate_gensecret_object_error3),
2086 &key_handle);
2087 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2088 goto err;
2089
2090 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2091 cktest_generate_gensecret_object_error4,
2092 ARRAY_SIZE(cktest_generate_gensecret_object_error4),
2093 &key_handle);
2094 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2095 goto err;
2096
2097 Do_ADBG_EndSubCase(c, NULL);
2098
2099 /*
2100 * Generate a Generic Secret object.
2101 * Try to encrypt with, it should fail...
2102 */
2103 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Encrypting");
2104
2105 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2106 cktest_generate_gensecret_object_valid1,
2107 ARRAY_SIZE(cktest_generate_gensecret_object_valid1),
2108 &key_handle);
2109 if (!ADBG_EXPECT_CK_OK(c, rv))
2110 goto err;
2111
2112 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2113 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_FUNCTION_NOT_PERMITTED, rv))
2114 goto err_destr_obj;
2115
2116 rv = C_DestroyObject(session, key_handle);
2117 if (!ADBG_EXPECT_CK_OK(c, rv))
2118 goto err;
2119
2120 Do_ADBG_EndSubCase(c, NULL);
2121
2122 /*
2123 * Generate a Generic Secret object.
2124 * Try to sign with it, it should pass...
2125 */
2126 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Signing");
2127 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2128 cktest_generate_gensecret_object_valid2,
2129 ARRAY_SIZE(cktest_generate_gensecret_object_valid2),
2130 &key_handle);
2131 if (!ADBG_EXPECT_CK_OK(c, rv))
2132 goto err;
2133
2134 rv = C_SignInit(session, test->mechanism, key_handle);
2135 if (!ADBG_EXPECT_CK_OK(c, rv))
2136 goto err_destr_obj;
2137
2138 rv = C_Sign(session, (void *)test->in, test->in_len,
2139 (void *)out, &out_len);
2140 if (!ADBG_EXPECT_CK_OK(c, rv))
2141 goto err_destr_obj;
2142
2143 rv = C_DestroyObject(session, key_handle);
2144 if (!ADBG_EXPECT_CK_OK(c, rv))
2145 goto err;
2146
2147 Do_ADBG_EndSubCase(c, NULL);
2148
2149 /*
2150 * Generate a 128 bit AES Secret Key.
2151 * Try to encrypt with, it should pass...
2152 */
2153 Do_ADBG_BeginSubCase(c, "Generate AES Key - Try Encrypting");
2154
2155 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
2156 cktest_generate_aes_object,
2157 ARRAY_SIZE(cktest_generate_aes_object),
2158 &key_handle);
2159 if (!ADBG_EXPECT_CK_OK(c, rv))
2160 goto err;
2161
2162 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2163 if (!ADBG_EXPECT_CK_OK(c, rv))
2164 goto err_destr_obj;
2165
2166 rv = C_EncryptFinal(session, NULL, NULL);
2167 /* Only check that the operation is no more active */
2168 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
2169 goto err;
2170
2171 rv = C_DestroyObject(session, key_handle);
2172 if (!ADBG_EXPECT_CK_OK(c, rv))
2173 goto err;
2174
2175 Do_ADBG_EndSubCase(c, NULL);
2176
2177 goto out;
2178
2179err_destr_obj:
2180 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
2181err:
2182 Do_ADBG_EndSubCase(c, NULL);
2183out:
2184 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2185close_lib:
2186 ADBG_EXPECT_CK_OK(c, close_lib());
2187}
2188ADBG_CASE_DEFINE(pkcs11, 1010, xtest_pkcs11_test_1010,
2189 "PKCS11: Key Generation");
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2190
2191static CK_RV create_data_object(CK_SESSION_HANDLE session,
2192 CK_OBJECT_HANDLE *obj_handle,
2193 CK_BBOOL token, CK_BBOOL private,
2194 const char *label)
2195{
2196 CK_OBJECT_CLASS class = CKO_DATA;
2197 CK_ATTRIBUTE object_template[] = {
2198 { CKA_CLASS, &class, sizeof(CK_OBJECT_CLASS) },
2199 { CKA_TOKEN, &token, sizeof(CK_BBOOL) },
2200 { CKA_PRIVATE, &private, sizeof(CK_BBOOL) },
2201 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2202 };
2203
2204 return C_CreateObject(session, object_template,
2205 ARRAY_SIZE(object_template), obj_handle);
2206}
2207
2208static CK_RV test_find_objects(ADBG_Case_t *c, CK_SESSION_HANDLE session,
2209 CK_ATTRIBUTE_PTR find_template,
2210 CK_ULONG attr_count,
2211 CK_OBJECT_HANDLE_PTR obj_found,
2212 CK_ULONG obj_count,
2213 CK_ULONG expected_cnt)
2214{
2215 CK_RV rv = CKR_GENERAL_ERROR;
2216 CK_ULONG hdl_count = 0;
2217
2218 rv = C_FindObjectsInit(session, find_template, attr_count);
2219 if (!ADBG_EXPECT_CK_OK(c, rv))
2220 return rv;
2221
2222 rv = C_FindObjects(session, obj_found, obj_count, &hdl_count);
2223 if (!ADBG_EXPECT_CK_OK(c, rv))
2224 return rv;
2225 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, expected_cnt))
2226 return CKR_GENERAL_ERROR;
2227
2228 rv = C_FindObjectsFinal(session);
2229 if (!ADBG_EXPECT_CK_OK(c, rv))
2230 return rv;
2231
2232 return rv;
2233}
2234
2235static void destroy_persistent_objects(ADBG_Case_t *c, CK_SLOT_ID slot)
2236{
2237 uint32_t rv = CKR_GENERAL_ERROR;
2238 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2239 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2240 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2241 CK_ULONG count = 1;
2242 CK_ATTRIBUTE cktest_find_all_token_objs[] = {
2243 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2244 };
2245
2246 rv = init_user_test_token(slot);
2247 if (!ADBG_EXPECT_CK_OK(c, rv))
2248 return;
2249
2250 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2251 if (!ADBG_EXPECT_CK_OK(c, rv))
2252 return;
2253
2254 /* Login to destroy private objects */
2255 rv = C_Login(session, CKU_USER, test_token_user_pin,
2256 sizeof(test_token_user_pin));
2257 if (!ADBG_EXPECT_CK_OK(c, rv))
2258 goto bail;
2259
2260 rv = C_FindObjectsInit(session, cktest_find_all_token_objs,
2261 ARRAY_SIZE(cktest_find_all_token_objs));
2262 if (!ADBG_EXPECT_CK_OK(c, rv))
2263 goto bail;
2264
2265 while (1) {
2266 rv = C_FindObjects(session, &obj_hdl, 1, &count);
2267 if (!ADBG_EXPECT_CK_OK(c, rv))
2268 goto bail;
2269 if (!count)
2270 break;
2271
2272 rv = C_DestroyObject(session, obj_hdl);
2273 ADBG_EXPECT_CK_OK(c, rv);
2274 }
2275
2276 rv = C_FindObjectsFinal(session);
2277 ADBG_EXPECT_CK_OK(c, rv);
2278
2279 rv = C_Logout(session);
2280 ADBG_EXPECT_CK_OK(c, rv);
2281
2282bail:
2283 rv = C_CloseSession(session);
2284 ADBG_EXPECT_CK_OK(c, rv);
2285}
2286
2287static void xtest_pkcs11_test_1011(ADBG_Case_t *c)
2288{
2289 CK_RV rv = CKR_GENERAL_ERROR;
2290 CK_SLOT_ID slot = 0;
2291 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2292 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2293 CK_OBJECT_HANDLE obj_hdl[10] = { };
2294 CK_OBJECT_HANDLE obj_found[10] = { };
2295 const char *label = "Common Label";
2296 CK_ULONG hdl_count = 0;
2297 size_t n = 0;
2298 uint32_t i = 0;
2299 uint32_t object_id = 0;
2300 bool logged_in = false;
2301 CK_ATTRIBUTE find_template[] = {
2302 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2303 };
2304 CK_ATTRIBUTE find_token_template[] = {
2305 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2306 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2307 };
2308 CK_ATTRIBUTE find_session_template[] = {
2309 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2310 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
2311 };
2312 CK_BBOOL bToken = CK_FALSE;
2313 CK_ATTRIBUTE get_attr_template[] = {
2314 { CKA_TOKEN, &bToken, sizeof(bToken) },
2315 };
2316
2317 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
2318 obj_hdl[n] = CK_INVALID_HANDLE;
2319 for (n = 0; n < ARRAY_SIZE(obj_found); n++)
2320 obj_found[n] = CK_INVALID_HANDLE;
2321
2322 rv = init_lib_and_find_token_slot(&slot);
2323 if (!ADBG_EXPECT_CK_OK(c, rv))
2324 return;
2325
2326 rv = init_test_token(slot);
2327 if (!ADBG_EXPECT_CK_OK(c, rv))
2328 return;
2329
2330 rv = init_user_test_token(slot);
2331 if (!ADBG_EXPECT_CK_OK(c, rv))
2332 return;
2333
2334 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2335 if (!ADBG_EXPECT_CK_OK(c, rv))
2336 goto close_lib;
2337
2338 /*
2339 * Sub test: Create Session Public/Private,
2340 * Token Public/Private objects and find them
2341 */
2342 Do_ADBG_BeginSubCase(c, "Find created Data objects when logged in");
2343
2344 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2345 rv = create_data_object(session, &obj_hdl[object_id++], CK_FALSE,
2346 CK_FALSE, label);
2347 if (!ADBG_EXPECT_CK_OK(c, rv))
2348 goto out;
2349
2350 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2351 rv = create_data_object(session, &obj_hdl[object_id++], CK_TRUE,
2352 CK_FALSE, label);
2353 if (!ADBG_EXPECT_CK_OK(c, rv))
2354 goto out;
2355
2356 /*
2357 * Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE
2358 * Expected error as User not logged in
2359 */
2360 rv = create_data_object(session, &obj_hdl[object_id], CK_TRUE,
2361 CK_TRUE, label);
2362 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2363 goto out;
2364
2365 /* Login to Test Token */
2366 rv = C_Login(session, CKU_USER, test_token_user_pin,
2367 sizeof(test_token_user_pin));
2368 if (!ADBG_EXPECT_CK_OK(c, rv))
2369 goto out;
2370
2371 logged_in = true;
2372
2373 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
2374 rv = create_data_object(session, &obj_hdl[object_id++], CK_TRUE,
2375 CK_TRUE, label);
2376 if (!ADBG_EXPECT_CK_OK(c, rv))
2377 goto out;
2378
2379 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2380 rv = create_data_object(session, &obj_hdl[object_id++], CK_FALSE,
2381 CK_TRUE, label);
2382 if (!ADBG_EXPECT_CK_OK(c, rv))
2383 goto out;
2384
2385 rv = test_find_objects(c, session, find_template,
2386 ARRAY_SIZE(find_template),
2387 obj_found, ARRAY_SIZE(obj_found), 4);
2388 if (!ADBG_EXPECT_CK_OK(c, rv))
2389 goto out;
2390
2391 /*
2392 * Check if object handles returned when creating objects with this
2393 * session are still valid
2394 */
2395 for (i = 0; i < object_id; i++) {
2396 rv = C_GetAttributeValue(session, obj_hdl[i], get_attr_template,
2397 ARRAY_SIZE(get_attr_template));
2398 if (!ADBG_EXPECT_CK_OK(c, rv))
2399 goto out;
2400 }
2401
2402 Do_ADBG_EndSubCase(c, NULL);
2403
2404 /*
2405 * Sub test: Pass NULL template with count as 0. All objects should
2406 * get returned
2407 */
2408 Do_ADBG_BeginSubCase(c, "Find all objects by passing NULL template");
2409
2410 rv = test_find_objects(c, session, NULL, 0, obj_found,
2411 ARRAY_SIZE(obj_found), 4);
2412 if (!ADBG_EXPECT_CK_OK(c, rv))
2413 goto out;
2414
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2415 Do_ADBG_EndSubCase(c, NULL);
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2416
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2417 /*
2418 * Sub test: finalize search without getting the handles found
2419 */
2420 Do_ADBG_BeginSubCase(c, "Initiate and finalize straight a search");
2421
2422 rv = C_FindObjectsInit(session, find_template,
2423 ARRAY_SIZE(find_template));
2424 if (!ADBG_EXPECT_CK_OK(c, rv))
2425 goto out;
2426
2427 rv = C_FindObjectsFinal(session);
2428 if (!ADBG_EXPECT_CK_OK(c, rv))
2429 goto out;
2430
2431 /*
2432 * Check if object handles returned when creating objects with this
2433 * session are still valid
2434 */
2435 for (i = 0; i < object_id; i++) {
2436 rv = C_GetAttributeValue(session, obj_hdl[i], get_attr_template,
2437 ARRAY_SIZE(get_attr_template));
2438 if (!ADBG_EXPECT_CK_OK(c, rv))
2439 goto out;
2440 }
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2441 Do_ADBG_EndSubCase(c, NULL);
2442
2443 /*
2444 * Sub test: Logout and find objects. We will find only public
2445 * objects (2)
2446 */
2447 Do_ADBG_BeginSubCase(c, "Find created Data objects when logged out");
2448
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2449 rv = C_Logout(session);
2450 ADBG_EXPECT_CK_OK(c, rv);
2451
2452 logged_in = false;
2453
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2454 rv = test_find_objects(c, session, find_template,
2455 ARRAY_SIZE(find_template),
2456 obj_found, ARRAY_SIZE(obj_found), 2);
2457 if (!ADBG_EXPECT_CK_OK(c, rv))
2458 goto out;
2459
2460 Do_ADBG_EndSubCase(c, NULL);
2461
2462 /*
2463 * Sub test
2464 */
2465 Do_ADBG_BeginSubCase(c, "Find objects 1 by 1 and match handles");
2466
2467 for (n = 0; n < ARRAY_SIZE(obj_found); n++)
2468 obj_found[n] = CK_INVALID_HANDLE;
2469
2470 rv = C_FindObjectsInit(session, find_template,
2471 ARRAY_SIZE(find_template));
2472 if (!ADBG_EXPECT_CK_OK(c, rv))
2473 goto out;
2474
2475 rv = C_FindObjects(session, obj_found, 1, &hdl_count);
2476 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2477 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 1) ||
2478 !ADBG_EXPECT_TRUE(c, (obj_found[0] == obj_hdl[0]) ||
2479 (obj_found[0] == obj_hdl[1])))
2480 goto out;
2481
2482 rv = C_FindObjects(session, &obj_found[1], 1, &hdl_count);
2483 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2484 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 1) ||
2485 !ADBG_EXPECT_TRUE(c, (obj_found[1] == obj_hdl[0]) ||
2486 (obj_found[1] == obj_hdl[1])) ||
2487 !ADBG_EXPECT_TRUE(c, (obj_found[1] != obj_found[0])))
2488 goto out;
2489
2490 rv = C_FindObjects(session, obj_found, 1, &hdl_count);
2491 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2492 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 0))
2493 goto out;
2494
2495 rv = C_FindObjectsFinal(session);
2496 if (!ADBG_EXPECT_CK_OK(c, rv))
2497 goto out;
2498
2499 Do_ADBG_EndSubCase(c, NULL);
2500
2501 /*
2502 * Sub test: Find objects with CKA_TOKEN=TRUE
2503 */
2504 Do_ADBG_BeginSubCase(c, "Find persistent objects");
2505
2506 rv = test_find_objects(c, session, find_token_template,
2507 ARRAY_SIZE(find_token_template),
2508 obj_found, ARRAY_SIZE(obj_found), 1);
2509 if (!ADBG_EXPECT_CK_OK(c, rv))
2510 goto out;
2511
2512 Do_ADBG_EndSubCase(c, NULL);
2513
2514 /*
2515 * Sub test: Find only session objects
2516 */
2517 Do_ADBG_BeginSubCase(c, "Find session objects");
2518
2519 rv = test_find_objects(c, session, find_session_template,
2520 ARRAY_SIZE(find_session_template),
2521 obj_found, ARRAY_SIZE(obj_found), 1);
2522 if (!ADBG_EXPECT_CK_OK(c, rv))
2523 goto out;
2524
2525 Do_ADBG_EndSubCase(c, NULL);
2526
2527 /*
2528 * Sub test:
2529 */
2530 Do_ADBG_BeginSubCase(c, "Login again and find Data objects");
2531
2532 /* Login to Test Token */
2533 rv = C_Login(session, CKU_USER, test_token_user_pin,
2534 sizeof(test_token_user_pin));
2535 if (!ADBG_EXPECT_CK_OK(c, rv))
2536 goto out;
2537
2538 logged_in = true;
2539
2540 rv = test_find_objects(c, session, find_template,
2541 ARRAY_SIZE(find_template),
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2542 obj_found, ARRAY_SIZE(obj_found), 3);
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2543 if (!ADBG_EXPECT_CK_OK(c, rv))
2544 goto out;
2545
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2546 rv = C_Logout(session);
2547 ADBG_EXPECT_CK_OK(c, rv);
2548
2549 logged_in = false;
2550
2551 Do_ADBG_EndSubCase(c, NULL);
2552
2553 /*
2554 * Sub test: Close session and open new session, find objects
2555 * without logging and after logging
2556 */
2557 Do_ADBG_BeginSubCase(c, "Find objects from brand new session");
2558
2559 rv = C_CloseSession(session);
2560 if (!ADBG_EXPECT_CK_OK(c, rv))
2561 goto destr_obj;
2562
2563 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2564 if (!ADBG_EXPECT_CK_OK(c, rv))
2565 goto destr_obj;
2566
2567 rv = test_find_objects(c, session, find_template,
2568 ARRAY_SIZE(find_template),
2569 obj_found, ARRAY_SIZE(obj_found), 1);
2570 if (!ADBG_EXPECT_CK_OK(c, rv))
2571 goto out;
2572
2573 /* Login to Test Token */
2574 rv = C_Login(session, CKU_USER, test_token_user_pin,
2575 sizeof(test_token_user_pin));
2576 if (!ADBG_EXPECT_CK_OK(c, rv))
2577 goto out;
2578
2579 logged_in = true;
2580
2581 rv = test_find_objects(c, session, find_template,
2582 ARRAY_SIZE(find_template),
2583 obj_found, ARRAY_SIZE(obj_found), 2);
2584 if (!ADBG_EXPECT_CK_OK(c, rv))
2585 goto out;
2586
2587 rv = C_Logout(session);
2588 ADBG_EXPECT_CK_OK(c, rv);
2589
2590 logged_in = false;
2591
2592 Do_ADBG_EndSubCase(c, NULL);
2593
2594 /*
2595 * Sub test: invalid call cases
2596 */
2597 Do_ADBG_BeginSubCase(c, "Invalid cases");
2598
2599 rv = C_FindObjectsFinal(session);
2600 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
2601
2602 rv = C_FindObjects(session,
2603 obj_found, ARRAY_SIZE(obj_found), &hdl_count);
2604 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
2605
2606 rv = C_FindObjectsInit(session, find_template,
2607 ARRAY_SIZE(find_template));
2608 if (!ADBG_EXPECT_CK_OK(c, rv))
2609 goto out;
2610
2611 rv = C_FindObjectsInit(session, find_template,
2612 ARRAY_SIZE(find_template));
2613 ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK);
2614
2615 rv = C_FindObjectsFinal(session);
2616 ADBG_EXPECT_CK_OK(c, rv);
2617
2618 rv = C_FindObjectsInit(session, find_template,
2619 ARRAY_SIZE(find_template));
2620 ADBG_EXPECT_CK_OK(c, rv);
2621
2622 /*
2623 * Intentionally do not finalize the active object search. It should be
2624 * released together with the session closure.
2625 */
2626 Do_ADBG_EndSubCase(c, NULL);
2627
2628out:
2629 if (logged_in)
2630 ADBG_EXPECT_CK_OK(c, C_Logout(session));
2631
2632 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2633
2634destr_obj:
2635 destroy_persistent_objects(c, slot);
2636close_lib:
2637 ADBG_EXPECT_CK_OK(c, close_lib());
2638}
2639ADBG_CASE_DEFINE(pkcs11, 1011, xtest_pkcs11_test_1011,
2640 "PKCS11: Test Find Objects");
Vesa Jääskeläinen33ada292021-01-13 23:17:55 +0200[diff] [blame]2641
2642static void xtest_pkcs11_test_1012(ADBG_Case_t *c)
2643{
2644 CK_RV rv = CKR_GENERAL_ERROR;
2645 CK_SLOT_ID slot = 0;
2646 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2647 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2648 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2649 CK_OBJECT_HANDLE key_hdl = CK_INVALID_HANDLE;
2650 size_t i = 0;
2651
2652 CK_OBJECT_CLASS obj_class = CKO_DATA;
2653 CK_BBOOL obj_token = CK_FALSE;
2654 CK_BBOOL obj_private = CK_FALSE;
2655 uint8_t obj_value[5] = { 1, 2, 3, 4, 5 };
2656 const char *obj_label = "Label";
2657
2658 CK_ATTRIBUTE object_template[] = {
2659 { CKA_CLASS, &obj_class, sizeof(obj_class) },
2660 { CKA_TOKEN, &obj_token, sizeof(obj_token) },
2661 { CKA_PRIVATE, &obj_private, sizeof(obj_private) },
2662 { CKA_VALUE, obj_value, sizeof(obj_value) },
2663 { CKA_LABEL, (CK_UTF8CHAR_PTR)obj_label, strlen(obj_label) },
2664 };
2665
2666 CK_OBJECT_CLASS secret_class = CKO_SECRET_KEY;
2667 CK_BBOOL secret_token = CK_FALSE;
2668 CK_BBOOL secret_private = CK_FALSE;
2669 CK_KEY_TYPE secret_key_type = CKK_GENERIC_SECRET;
2670 CK_ULONG secret_len = 32;
2671 CK_MECHANISM_TYPE secret_allowed_mecha[] = { CKM_SHA_1_HMAC,
2672 CKM_SHA224_HMAC,
2673 CKM_SHA256_HMAC };
2674
2675 CK_ATTRIBUTE secret_template[] = {
2676 { CKA_CLASS, &secret_class, sizeof(secret_class) },
2677 { CKA_TOKEN, &secret_token, sizeof(secret_token) },
2678 { CKA_PRIVATE, &secret_private, sizeof(secret_private) },
2679 { CKA_KEY_TYPE, &secret_key_type, sizeof(secret_key_type) },
2680 { CKA_VALUE_LEN, &secret_len, sizeof(secret_len) },
2681 { CKA_ALLOWED_MECHANISMS, secret_allowed_mecha,
2682 sizeof(secret_allowed_mecha) }
2683 };
2684
2685 CK_BBOOL g_token = CK_TRUE;
2686 CK_BBOOL g_private = CK_TRUE;
2687 CK_OBJECT_CLASS g_class = ~0;
2688 uint8_t g_value[128] = { 0 };
2689 CK_MECHANISM_TYPE g_mecha_list[10] = { 0 };
2690
2691 uint8_t *data_ptr = NULL;
2692
2693 CK_ATTRIBUTE get_attr_template_bc[] = {
2694 { CKA_TOKEN, &g_token, sizeof(g_token) },
2695 { CKA_CLASS, &g_class, sizeof(g_class) },
2696 };
2697
2698 CK_ATTRIBUTE get_attr_template_cb[] = {
2699 { CKA_CLASS, &g_class, sizeof(g_class) },
2700 { CKA_TOKEN, &g_token, sizeof(g_token) },
2701 };
2702
Vesa Jääskeläinen2f068b12021-06-27 17:46:53 +0300[diff] [blame]2703 CK_ATTRIBUTE get_attr_template_query_bc[] = {
2704 { CKA_TOKEN, NULL, 0 },
2705 { CKA_CLASS, NULL, 0 },
2706 };
2707
2708 CK_ATTRIBUTE get_attr_template_query_cb[] = {
2709 { CKA_CLASS, NULL, 0 },
2710 { CKA_TOKEN, NULL, 0 },
2711 };
2712
Vesa Jääskeläinen33ada292021-01-13 23:17:55 +0200[diff] [blame]2713 CK_ATTRIBUTE get_attr_template_ve[] = {
2714 { CKA_VALUE, &g_value, sizeof(obj_value) },
2715 };
2716
2717 CK_ATTRIBUTE get_attr_template_vl[] = {
2718 { CKA_VALUE, &g_value, sizeof(g_value) },
2719 };
2720
2721 CK_ATTRIBUTE get_attr_template_bvecb[] = {
2722 { CKA_TOKEN, &g_token, sizeof(g_token) },
2723 { CKA_VALUE, &g_value, sizeof(obj_value) },
2724 { CKA_CLASS, &g_class, sizeof(g_class) },
2725 { CKA_TOKEN, &g_private, sizeof(g_private) },
2726 };
2727
2728 CK_ATTRIBUTE get_attr_template_bvlcb[] = {
2729 { CKA_TOKEN, &g_token, sizeof(g_token) },
2730 { CKA_VALUE, &g_value, sizeof(g_value) },
2731 { CKA_CLASS, &g_class, sizeof(g_class) },
2732 { CKA_TOKEN, &g_private, sizeof(g_private) },
2733 };
2734
2735 CK_ATTRIBUTE get_attr_template_am[] = {
2736 { CKA_ALLOWED_MECHANISMS, &g_mecha_list, sizeof(g_mecha_list) },
2737 };
2738
2739 rv = init_lib_and_find_token_slot(&slot);
2740 if (!ADBG_EXPECT_CK_OK(c, rv))
2741 return;
2742
2743 rv = init_test_token(slot);
2744 if (!ADBG_EXPECT_CK_OK(c, rv))
2745 goto close_lib;
2746
2747 rv = init_user_test_token(slot);
2748 if (!ADBG_EXPECT_CK_OK(c, rv))
2749 goto close_lib;
2750
2751 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2752 if (!ADBG_EXPECT_CK_OK(c, rv))
2753 goto close_lib;
2754
2755 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2756 rv = C_CreateObject(session, object_template,
2757 ARRAY_SIZE(object_template), &obj_hdl);
2758 if (!ADBG_EXPECT_CK_OK(c, rv))
2759 goto out;
2760
2761 /*
2762 * Sub test: Test Boolean (1 byte) + object class (CK_ULONG)
2763 */
2764 Do_ADBG_BeginSubCase(c, "Get Attribute - boolean + class");
2765 g_token = CK_TRUE;
2766 g_class = ~0;
2767
2768 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bc,
2769 ARRAY_SIZE(get_attr_template_bc));
2770 if (!ADBG_EXPECT_CK_OK(c, rv))
2771 goto out;
2772
2773 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2774 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2775
2776 Do_ADBG_EndSubCase(c, NULL);
2777
2778 /*
2779 * Sub test: object class (CK_ULONG) + Test Boolean (1 byte)
2780 */
2781 Do_ADBG_BeginSubCase(c, "Get Attribute - class + boolean");
2782 g_token = CK_TRUE;
2783 g_class = ~0;
2784
2785 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_cb,
2786 ARRAY_SIZE(get_attr_template_cb));
2787 if (!ADBG_EXPECT_CK_OK(c, rv))
2788 goto out;
2789
2790 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2791 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2792
2793 Do_ADBG_EndSubCase(c, NULL);
2794
2795 /*
Vesa Jääskeläinen2f068b12021-06-27 17:46:53 +0300[diff] [blame]2796 * Sub test: Query size boolean (1 byte) + object class (CK_ULONG)
2797 */
2798 Do_ADBG_BeginSubCase(c, "Get Attribute - query size boolean + class");
2799 g_token = CK_TRUE;
2800 g_class = ~0;
2801
2802 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_query_bc,
2803 ARRAY_SIZE(get_attr_template_query_bc));
2804 if (!ADBG_EXPECT_CK_OK(c, rv))
2805 goto out;
2806
2807 ADBG_EXPECT_COMPARE_UNSIGNED(c,
2808 get_attr_template_query_bc[0].ulValueLen, ==, 1);
2809 ADBG_EXPECT_COMPARE_UNSIGNED(c,
2810 get_attr_template_query_bc[1].ulValueLen, ==, sizeof(CK_ULONG));
2811
2812 Do_ADBG_EndSubCase(c, NULL);
2813
2814 /*
2815 * Sub test: Query size object class (CK_ULONG) + boolean (1 byte)
2816 */
2817 Do_ADBG_BeginSubCase(c, "Get Attribute - query size class + boolean");
2818 g_token = CK_TRUE;
2819 g_class = ~0;
2820
2821 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_query_cb,
2822 ARRAY_SIZE(get_attr_template_query_cb));
2823 if (!ADBG_EXPECT_CK_OK(c, rv))
2824 goto out;
2825
2826 ADBG_EXPECT_COMPARE_UNSIGNED(c,
2827 get_attr_template_query_cb[0].ulValueLen, ==, sizeof(CK_ULONG));
2828 ADBG_EXPECT_COMPARE_UNSIGNED(c,
2829 get_attr_template_query_cb[1].ulValueLen, ==, 1);
2830
2831 Do_ADBG_EndSubCase(c, NULL);
2832
2833 /*
Vesa Jääskeläinen33ada292021-01-13 23:17:55 +0200[diff] [blame]2834 * Sub test: value with exact size
2835 */
2836 Do_ADBG_BeginSubCase(c, "Get Attribute - value with exact size buffer");
2837 memset(g_value, 0xCC, sizeof(g_value));
2838
2839 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_ve,
2840 ARRAY_SIZE(get_attr_template_ve));
2841 if (!ADBG_EXPECT_CK_OK(c, rv))
2842 goto out;
2843
2844 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_ve[0].ulValueLen, ==, sizeof(obj_value));
2845 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2846 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2847 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2848 break;
2849
2850 Do_ADBG_EndSubCase(c, NULL);
2851
2852 /*
2853 * Sub test: value with larger buffer
2854 */
2855 Do_ADBG_BeginSubCase(c, "Get Attribute - value with larger buffer");
2856 memset(g_value, 0xCC, sizeof(g_value));
2857
2858 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_vl,
2859 ARRAY_SIZE(get_attr_template_vl));
2860 if (!ADBG_EXPECT_CK_OK(c, rv))
2861 goto out;
2862
2863 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_vl[0].ulValueLen, ==, sizeof(obj_value));
2864 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2865 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2866 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2867 break;
2868
2869 Do_ADBG_EndSubCase(c, NULL);
2870
2871 /*
2872 * Sub test: bool + value with exact size + class + bool
2873 */
2874 Do_ADBG_BeginSubCase(c, "Get Attribute - bool + value with exact size + class + bool");
2875 memset(g_value, 0xCC, sizeof(g_value));
2876 g_token = CK_TRUE;
2877 g_private = CK_TRUE;
2878 g_class = ~0;
2879
2880 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bvecb,
2881 ARRAY_SIZE(get_attr_template_bvecb));
2882 if (!ADBG_EXPECT_CK_OK(c, rv))
2883 goto out;
2884
2885 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_bvecb[1].ulValueLen,
2886 ==, sizeof(obj_value));
2887 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2888 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2889 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2890 break;
2891
2892 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2893 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2894 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE);
2895
2896 Do_ADBG_EndSubCase(c, NULL);
2897
2898 /*
2899 * Sub test: bool + value with larger buffer + class + bool
2900 */
2901 Do_ADBG_BeginSubCase(c, "Get Attribute - bool + value with larger buffer + class + bool");
2902 memset(g_value, 0xCC, sizeof(g_value));
2903 g_token = CK_TRUE;
2904 g_private = CK_TRUE;
2905 g_class = ~0;
2906
2907 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bvlcb,
2908 ARRAY_SIZE(get_attr_template_bvlcb));
2909 if (!ADBG_EXPECT_CK_OK(c, rv))
2910 goto out;
2911
2912 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_bvlcb[1].ulValueLen,
2913 ==, sizeof(obj_value));
2914 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2915 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2916 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2917 break;
2918
2919 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2920 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2921 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE);
2922
2923 Do_ADBG_EndSubCase(c, NULL);
2924
2925 /*
2926 * Sub test: allowed mechanism list
2927 */
2928 Do_ADBG_BeginSubCase(c, "Get Attribute - allowed mechanism list");
2929 memset(g_mecha_list, 0xCC, sizeof(g_mecha_list));
2930
2931 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2932 secret_template, ARRAY_SIZE(secret_template),
2933 &key_hdl);
2934 if (!ADBG_EXPECT_CK_OK(c, rv))
2935 goto out;
2936
2937 rv = C_GetAttributeValue(session, key_hdl, get_attr_template_am,
2938 ARRAY_SIZE(get_attr_template_am));
2939 if (!ADBG_EXPECT_CK_OK(c, rv))
2940 goto out;
2941
2942 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_am[0].ulValueLen, ==,
2943 sizeof(secret_allowed_mecha));
2944
2945 for (i = 0; i < sizeof(secret_allowed_mecha) / sizeof(*secret_allowed_mecha); i++)
2946 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_mecha_list[i], ==, secret_allowed_mecha[i]))
2947 break;
2948
2949 data_ptr = (uint8_t *)g_mecha_list;
2950 for (i = sizeof(secret_allowed_mecha); i < sizeof(g_mecha_list); i++)
2951 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, data_ptr[i], ==, 0xCC))
2952 break;
2953
2954 Do_ADBG_EndSubCase(c, NULL);
2955
2956out:
2957 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2958
2959close_lib:
2960 ADBG_EXPECT_CK_OK(c, close_lib());
2961}
2962ADBG_CASE_DEFINE(pkcs11, 1012, xtest_pkcs11_test_1012,
2963 "PKCS11: Serializer tests");
Ruchika Guptafdabbfa2021-01-25 11:55:18 +0530[diff] [blame]2964
2965static void xtest_pkcs11_test_1013(ADBG_Case_t *c)
2966{
2967 CK_RV rv = CKR_GENERAL_ERROR;
2968 CK_SLOT_ID slot = 0;
2969 CK_SESSION_HANDLE rw_session = CK_INVALID_HANDLE;
2970 CK_SESSION_HANDLE ro_session = CK_INVALID_HANDLE;
2971 CK_FLAGS rw_session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2972 CK_FLAGS ro_session_flags = CKF_SERIAL_SESSION;
2973 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2974 const char *label = "Dummy Objects";
2975 bool ro_logged_in = false;
2976
2977 rv = init_lib_and_find_token_slot(&slot);
2978 if (!ADBG_EXPECT_CK_OK(c, rv))
2979 return;
2980
2981 rv = init_test_token(slot);
2982 if (!ADBG_EXPECT_CK_OK(c, rv))
2983 goto close_lib;
2984
2985 rv = init_user_test_token(slot);
2986 if (!ADBG_EXPECT_CK_OK(c, rv))
2987 goto close_lib;
2988
2989 /* Open a RW session */
2990 rv = C_OpenSession(slot, rw_session_flags, NULL, 0, &rw_session);
2991 if (!ADBG_EXPECT_CK_OK(c, rv))
2992 goto close_lib;
2993
2994 /* Open a RO session */
2995 rv = C_OpenSession(slot, ro_session_flags, NULL, 0, &ro_session);
2996 if (!ADBG_EXPECT_CK_OK(c, rv))
2997 goto close_lib;
2998
2999 /*
3000 * Sub test: Check object creation from a R/O Public session
3001 */
3002 Do_ADBG_BeginSubCase(c, "Create objects in R/O Public Session");
3003
3004 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3005 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3006 CK_FALSE, label);
3007 if (!ADBG_EXPECT_CK_OK(c, rv))
3008 goto out;
3009
3010 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3011 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3012 CK_TRUE, label);
3013 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3014 goto out;
3015
3016 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3017 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3018 CK_FALSE, label);
3019 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3020 goto out;
3021
3022 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3023 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3024 CK_TRUE, label);
3025 /* For Token object creation, SESSION_READ_ONLY will take priority */
3026 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3027 goto out;
3028
3029 Do_ADBG_EndSubCase(c, NULL);
3030
3031 /*
3032 * Sub test: Check access for a R/W Public session
3033 */
3034 Do_ADBG_BeginSubCase(c, "Create objects in R/O Public Session");
3035
3036 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3037 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3038 CK_FALSE, label);
3039 if (!ADBG_EXPECT_CK_OK(c, rv))
3040 goto out;
3041
3042 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3043 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3044 CK_TRUE, label);
3045 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3046 goto out;
3047
3048 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3049 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3050 CK_FALSE, label);
3051 if (!ADBG_EXPECT_CK_OK(c, rv))
3052 goto out;
3053
3054 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3055 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3056 CK_TRUE, label);
3057 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3058 goto out;
3059
3060 Do_ADBG_EndSubCase(c, NULL);
3061
3062 /*
3063 * Sub test: Check access for a R/O User session
3064 */
3065 Do_ADBG_BeginSubCase(c, "Create objects in R/O User Session");
3066
3067 /* Login to Test Token */
3068 rv = C_Login(ro_session, CKU_USER, test_token_user_pin,
3069 sizeof(test_token_user_pin));
3070 if (!ADBG_EXPECT_CK_OK(c, rv))
3071 goto out;
3072
3073 ro_logged_in = true;
3074
3075 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3076 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3077 CK_FALSE, label);
3078 if (!ADBG_EXPECT_CK_OK(c, rv))
3079 goto out;
3080
3081 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3082 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3083 CK_TRUE, label);
3084 if (!ADBG_EXPECT_CK_OK(c, rv))
3085 goto out;
3086
3087 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3088 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3089 CK_FALSE, label);
3090 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3091 goto out;
3092
3093 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3094 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3095 CK_TRUE, label);
3096 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3097 goto out;
3098
3099 Do_ADBG_EndSubCase(c, NULL);
3100
3101 /*
3102 * Sub test: Check access for a R/W User session
3103 */
3104 Do_ADBG_BeginSubCase(c, "Create objects in R/W User Session");
3105
3106 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3107 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3108 CK_FALSE, label);
3109 if (!ADBG_EXPECT_CK_OK(c, rv))
3110 goto out;
3111
3112 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3113 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3114 CK_TRUE, label);
3115 if (!ADBG_EXPECT_CK_OK(c, rv))
3116 goto out;
3117
3118 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3119 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3120 CK_FALSE, label);
3121 if (!ADBG_EXPECT_CK_OK(c, rv))
3122 goto out;
3123
3124 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3125 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3126 CK_TRUE, label);
3127 if (!ADBG_EXPECT_CK_OK(c, rv))
3128 goto out;
3129
3130 /* Log out */
3131 ADBG_EXPECT_CK_OK(c, C_Logout(ro_session));
3132 ro_logged_in = false;
3133
3134 /* Close RO session */
3135 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3136 ro_session = CK_INVALID_HANDLE;
3137
3138 Do_ADBG_EndSubCase(c, NULL);
3139
3140 /*
3141 * Sub test: Check access for a R/W SO session
3142 */
3143 Do_ADBG_BeginSubCase(c, "Create objects in R/W SO Session");
3144
3145 /* Login as security officer in RW session */
3146 rv = C_Login(rw_session, CKU_SO, test_token_so_pin,
3147 sizeof(test_token_so_pin));
3148 if (!ADBG_EXPECT_CK_OK(c, rv))
3149 goto out;
3150
3151 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3152 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3153 CK_FALSE, label);
3154 if (!ADBG_EXPECT_CK_OK(c, rv))
3155 goto logout;
3156
3157 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3158 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3159 CK_TRUE, label);
3160 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3161 goto logout;
3162
3163 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3164 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3165 CK_FALSE, label);
3166 if (!ADBG_EXPECT_CK_OK(c, rv))
3167 goto logout;
3168
3169 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3170 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3171 CK_TRUE, label);
3172 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3173 goto logout;
3174
3175logout:
3176 ADBG_EXPECT_CK_OK(c, C_Logout(rw_session));
3177out:
3178 if (ro_logged_in)
3179 ADBG_EXPECT_CK_OK(c, C_Logout(ro_session));
3180
3181 if (ro_session != CK_INVALID_HANDLE)
3182 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3183
3184 ADBG_EXPECT_CK_OK(c, C_CloseSession(rw_session));
3185
3186 Do_ADBG_EndSubCase(c, NULL);
3187
3188 destroy_persistent_objects(c, slot);
3189close_lib:
3190 ADBG_EXPECT_CK_OK(c, close_lib());
3191
3192}
3193ADBG_CASE_DEFINE(pkcs11, 1013, xtest_pkcs11_test_1013,
3194 "PKCS11: Object creation upon session type");
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3195
3196static void xtest_pkcs11_test_1014(ADBG_Case_t *c)
3197{
3198 CK_RV rv = CKR_GENERAL_ERROR;
3199 CK_SLOT_ID slot = 0;
3200 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3201 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3202 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
3203 const char *id = "1";
3204 const char *label = "Dummy Objects";
3205 const char *new_label = "New Object lable";
3206 size_t n = 0;
3207 char *g_label[100] = { };
3208 char *g_id[100] = { };
3209 CK_MECHANISM_TYPE secret_allowed_mecha[] = { CKM_SHA_1_HMAC,
3210 CKM_SHA224_HMAC,
3211 CKM_SHA256_HMAC };
3212 CK_ATTRIBUTE secret_key_template[] = {
3213 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3214 sizeof(CK_OBJECT_CLASS) },
3215 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3216 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3217 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3218 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3219 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3220 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3221 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
3222 sizeof(CK_KEY_TYPE) },
3223 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3224 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3225 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3226 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3227 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3228 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3229 { CKA_ALLOWED_MECHANISMS, secret_allowed_mecha,
3230 sizeof(secret_allowed_mecha) },
3231 };
3232 CK_BBOOL g_derive = CK_FALSE;
3233 CK_BBOOL g_sign = CK_FALSE;
3234 CK_BBOOL g_verify = CK_FALSE;
3235 CK_BBOOL g_encrypt = CK_FALSE;
3236 CK_BBOOL g_decrypt = CK_FALSE;
3237 CK_BBOOL g_wrap = CK_FALSE;
3238 CK_BBOOL g_unwrap = CK_FALSE;
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3239 uint32_t g_len = 0;
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3240 CK_ATTRIBUTE get_template[] = {
3241 { CKA_LABEL, (CK_UTF8CHAR_PTR)g_label, sizeof(g_label) },
3242 { CKA_ID, (CK_BYTE_PTR)g_id, sizeof(g_id) },
3243 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
3244 { CKA_SIGN, &g_sign, sizeof(CK_BBOOL) },
3245 { CKA_VERIFY, &g_verify, sizeof(CK_BBOOL) },
3246 { CKA_ENCRYPT, &g_encrypt, sizeof(CK_BBOOL) },
3247 { CKA_DECRYPT, &g_decrypt, sizeof(CK_BBOOL) },
3248 { CKA_WRAP, &g_wrap, sizeof(CK_BBOOL) },
3249 { CKA_UNWRAP, &g_unwrap, sizeof(CK_BBOOL) },
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3250 { CKA_VALUE_LEN, &g_len, sizeof(CK_ULONG) },
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3251 };
3252 CK_ATTRIBUTE set_template[] = {
3253 { CKA_LABEL, (CK_UTF8CHAR_PTR)new_label, strlen(new_label) },
3254 { CKA_ID, (CK_BYTE_PTR)id, strlen(id) },
3255 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3256 { CKA_WRAP, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3257 { CKA_UNWRAP, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3258 { CKA_SIGN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3259 { CKA_VERIFY, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3260 { CKA_ENCRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3261 { CKA_DECRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3262 /* CKA_SENSITIVE -> CK_FALSE to CK_TRUE is allowed */
3263 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3264 /* CKA_EXTRACTABLE -> CK_TRUE to CK_FALSE is allowed */
3265 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3266 /* CKA_COPYABLE -> CK_TRUE to CK_FALSE is allowed */
3267 { CKA_COPYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3268 };
3269 CK_ATTRIBUTE set_inv_template1[] = {
3270 /* Attributes Not Modifiable */
3271 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA},
3272 sizeof(CK_OBJECT_CLASS) },
3273 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3274 { CKA_ALWAYS_SENSITIVE, &(CK_BBOOL){CK_FALSE},
3275 sizeof(CK_BBOOL) },
3276 { CKA_NEVER_EXTRACTABLE, &(CK_BBOOL){CK_FALSE},
3277 sizeof(CK_BBOOL) },
3278 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3279 { CKA_PRIVATE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3280 { CKA_MODIFIABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3281 { CKA_DESTROYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3282 /* Change not allowed from CK_TRUE -> CK_FALSE */
3283 { CKA_SENSITIVE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3284 /* Change not allowed from CK_FALSE -> CK_TRUE */
3285 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3286 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3287 };
3288 CK_ATTRIBUTE set_inv_template2[] = {
3289 { CKA_APPLICATION, (CK_UTF8CHAR_PTR)label, sizeof(label) },
3290 };
3291 CK_ATTRIBUTE set_trusted_template[] = {
3292 { CKA_TRUSTED, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3293 };
3294
3295 rv = init_lib_and_find_token_slot(&slot);
3296 if (!ADBG_EXPECT_CK_OK(c, rv))
3297 return;
3298
3299 rv = init_test_token(slot);
3300 if (!ADBG_EXPECT_CK_OK(c, rv))
3301 goto close_lib;
3302
3303 rv = init_user_test_token(slot);
3304 if (!ADBG_EXPECT_CK_OK(c, rv))
3305 goto close_lib;
3306
3307 /* Open a RW session */
3308 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3309 if (!ADBG_EXPECT_CK_OK(c, rv))
3310 goto close_lib;
3311
3312 /* Create a secret key object */
3313 rv = C_CreateObject(session, secret_key_template,
3314 ARRAY_SIZE(secret_key_template), &obj_hdl);
3315 if (!ADBG_EXPECT_CK_OK(c, rv))
3316 goto close_session;
3317
3318 Do_ADBG_BeginSubCase(c, "Set attributes on secret key object");
3319
3320 rv = C_GetAttributeValue(session, obj_hdl, get_template,
3321 ARRAY_SIZE(get_template));
3322 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3323 !ADBG_EXPECT_BUFFER(c, label, strlen(label), g_label,
3324 get_template[0].ulValueLen) ||
3325 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
3326 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_FALSE) ||
3327 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_FALSE) ||
3328 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_TRUE) ||
3329 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_TRUE) ||
3330 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_TRUE) ||
3331 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_TRUE) ||
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3332 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_len, ==, 16) ||
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3333 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_template[1].ulValueLen, ==, 0))
3334 goto out;
3335
3336 rv = C_SetAttributeValue(session, obj_hdl, set_template,
3337 ARRAY_SIZE(set_template));
3338 if (!ADBG_EXPECT_CK_OK(c, rv))
3339 goto out;
3340
3341 get_template[0].ulValueLen = sizeof(g_label);
3342 get_template[1].ulValueLen = sizeof(g_id);
3343 rv = C_GetAttributeValue(session, obj_hdl, get_template,
3344 ARRAY_SIZE(get_template));
3345 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3346 !ADBG_EXPECT_BUFFER(c, new_label, strlen(new_label), g_label,
3347 get_template[0].ulValueLen) ||
3348 !ADBG_EXPECT_BUFFER(c, id, strlen(id), g_id,
3349 get_template[1].ulValueLen) ||
3350 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_TRUE) ||
3351 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_TRUE) ||
3352 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_TRUE) ||
3353 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_FALSE) ||
3354 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_FALSE) ||
3355 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_FALSE) ||
3356 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_FALSE))
3357 goto out;
3358
3359 Do_ADBG_EndSubCase(c, NULL);
3360
3361 Do_ADBG_BeginSubCase(c, "Test Invalid template with R/O Attributes");
3362
3363 for (n = 0; n < ARRAY_SIZE(set_inv_template1); n++) {
3364 rv = C_SetAttributeValue(session, obj_hdl,
3365 &set_inv_template1[n], 1);
3366 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_READ_ONLY, rv))
3367 goto out;
3368 }
3369
3370 Do_ADBG_EndSubCase(c, NULL);
3371
3372 Do_ADBG_BeginSubCase(c, "Test Invalid template with Invalid Attribute");
3373
3374 rv = C_SetAttributeValue(session, obj_hdl, set_inv_template2,
3375 ARRAY_SIZE(set_inv_template2));
3376 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_TYPE_INVALID, rv))
3377 goto out;
3378
3379 Do_ADBG_EndSubCase(c, NULL);
3380
3381 Do_ADBG_BeginSubCase(c, "Set CKA_TRUSTED with and w/o SO Login");
3382
3383 rv = C_SetAttributeValue(session, obj_hdl, set_trusted_template,
3384 ARRAY_SIZE(set_trusted_template));
3385 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_READ_ONLY, rv))
3386 goto out;
3387
3388 /* Login as SO in RW session */
3389 rv = C_Login(session, CKU_SO, test_token_so_pin,
3390 sizeof(test_token_so_pin));
3391 if (!ADBG_EXPECT_CK_OK(c, rv))
3392 goto out;
3393
3394 rv = C_SetAttributeValue(session, obj_hdl, set_trusted_template,
3395 ARRAY_SIZE(set_trusted_template));
3396 ADBG_EXPECT_CK_OK(c, rv);
3397
3398 ADBG_EXPECT_CK_OK(c, C_Logout(session));
3399out:
3400 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, obj_hdl));
3401
3402 Do_ADBG_EndSubCase(c, NULL);
3403
3404close_session:
3405 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
3406
3407close_lib:
3408 ADBG_EXPECT_CK_OK(c, close_lib());
3409}
3410ADBG_CASE_DEFINE(pkcs11, 1014, xtest_pkcs11_test_1014,
3411 "PKCS11: Test C_SetAttributeValue()");
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3412
3413static void xtest_pkcs11_test_1015(ADBG_Case_t *c)
3414{
3415 CK_RV rv = CKR_GENERAL_ERROR;
3416 CK_SLOT_ID slot = 0;
3417 CK_SESSION_HANDLE rw_session = CK_INVALID_HANDLE;
3418 CK_SESSION_HANDLE ro_session = CK_INVALID_HANDLE;
3419 CK_FLAGS rw_session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3420 CK_FLAGS ro_session_flags = CKF_SERIAL_SESSION;
3421 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
3422 CK_OBJECT_HANDLE obj_hdl_ro = CK_INVALID_HANDLE;
3423 CK_OBJECT_HANDLE obj_hdl_cp = CK_INVALID_HANDLE;
3424 const char *label = "Dummy Objects";
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3425 CK_ATTRIBUTE secret_key_create_template[] = {
3426 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3427 sizeof(CK_OBJECT_CLASS) },
3428 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
3429 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3430 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3431 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3432 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3433 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3434 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3435 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
3436 };
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3437 CK_ATTRIBUTE secret_key_template[] = {
3438 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3439 sizeof(CK_OBJECT_CLASS) },
3440 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
3441 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3442 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3443 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3444 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3445 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3446 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3447 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3448 };
3449 CK_BBOOL g_token = CK_FALSE;
3450 CK_BBOOL g_private = CK_FALSE;
3451 CK_BBOOL g_modify = CK_FALSE;
3452 CK_BBOOL g_copy = CK_FALSE;
3453 CK_BBOOL g_destroy = CK_FALSE;
3454 CK_BBOOL g_extract = CK_FALSE;
3455 CK_BBOOL g_sensitive = CK_FALSE;
3456 CK_BBOOL g_nextract = CK_FALSE;
3457 CK_BBOOL g_asensitive = CK_FALSE;
3458 CK_BBOOL g_local = CK_FALSE;
Vesa Jääskeläinen06f428a2021-06-27 20:02:29 +0300[diff] [blame]3459 CK_BYTE g_value[16] = { };
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3460 CK_ATTRIBUTE get_template[] = {
3461 { CKA_TOKEN, &g_token, sizeof(CK_BBOOL) },
3462 { CKA_PRIVATE, &g_private, sizeof(CK_BBOOL) },
3463 { CKA_MODIFIABLE, &g_modify, sizeof(CK_BBOOL) },
3464 { CKA_COPYABLE, &g_copy, sizeof(CK_BBOOL) },
3465 { CKA_DESTROYABLE, &g_destroy, sizeof(CK_BBOOL) },
3466 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
3467 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
3468 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
3469 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
3470 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
3471 };
Vesa Jääskeläinen06f428a2021-06-27 20:02:29 +0300[diff] [blame]3472 CK_ATTRIBUTE get_value_template[] = {
3473 { CKA_VALUE, &g_value, sizeof(g_value) }
3474 };
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3475 CK_ATTRIBUTE copy_template[] = {
3476 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3477 { CKA_MODIFIABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3478 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3479 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3480 };
3481 CK_ATTRIBUTE copy_template_inv[] = {
3482 { CKA_APPLICATION, (CK_UTF8CHAR_PTR)label, sizeof(label) },
3483 };
3484 CK_ATTRIBUTE copy_template_priv[] = {
3485 { CKA_PRIVATE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3486 };
3487 CK_ATTRIBUTE set_template[] = {
3488 { CKA_COPYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3489 };
3490
3491 rv = init_lib_and_find_token_slot(&slot);
3492 if (!ADBG_EXPECT_CK_OK(c, rv))
3493 return;
3494
3495 rv = init_test_token(slot);
3496 if (!ADBG_EXPECT_CK_OK(c, rv))
3497 goto close_lib;
3498
3499 rv = init_user_test_token(slot);
3500 if (!ADBG_EXPECT_CK_OK(c, rv))
3501 goto close_lib;
3502
3503 /* Open a RW session */
3504 rv = C_OpenSession(slot, rw_session_flags, NULL, 0, &rw_session);
3505 if (!ADBG_EXPECT_CK_OK(c, rv))
3506 goto close_lib;
3507
3508 /* Open a RO session */
3509 rv = C_OpenSession(slot, ro_session_flags, NULL, 0, &ro_session);
3510 if (!ADBG_EXPECT_CK_OK(c, rv))
3511 goto close_session;
3512
Ruchika Guptaf2eb88a2021-03-22 19:38:11 +0530[diff] [blame]3513 /*
3514 * All objects in this test are session objects hence released at
3515 * session closure on test completion.
3516 */
3517
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3518 /* Generate a secret key object in rw session */
3519 rv = C_GenerateKey(rw_session, &cktest_aes_keygen_mechanism,
3520 secret_key_template,
3521 ARRAY_SIZE(secret_key_template), &obj_hdl);
3522 if (!ADBG_EXPECT_CK_OK(c, rv))
3523 goto close_session;
3524
3525 /* Check its attribute values */
3526 rv = C_GetAttributeValue(rw_session, obj_hdl, get_template,
3527 ARRAY_SIZE(get_template));
3528 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3529 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3530 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3531 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3532 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3533 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3534 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
3535 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3536 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3537 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3538 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3539 goto close_session;
3540
Vesa Jääskeläinen06f428a2021-06-27 20:02:29 +0300[diff] [blame]3541 /* Check that we can get (secret) CKA_VALUE */
3542 get_value_template[0].ulValueLen = sizeof(g_value);
3543 rv = C_GetAttributeValue(rw_session, obj_hdl, get_value_template,
3544 ARRAY_SIZE(get_value_template));
3545 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3546 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_value_template[0].ulValueLen,
3547 ==, sizeof(g_value)))
3548 goto close_session;
3549
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3550 /* Create a secret key object in ro session*/
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3551 rv = C_CreateObject(ro_session, secret_key_create_template,
3552 ARRAY_SIZE(secret_key_create_template), &obj_hdl_ro);
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3553 if (!ADBG_EXPECT_CK_OK(c, rv))
3554 goto close_session;
3555
3556 /*
3557 * Duplicate the object generated in RW session using C_GenerateKey() to
3558 * another object. Pass Template as NULL and test the attributes of
3559 * new created object.
3560 */
3561 Do_ADBG_BeginSubCase(c, "Copy Local Obj with NULL Template");
3562 rv = C_CopyObject(rw_session, obj_hdl, NULL, 0, &obj_hdl_cp);
3563 if (!ADBG_EXPECT_CK_OK(c, rv))
3564 goto out;
3565
3566 /*
3567 * Check its attribute values, should match the original object.
3568 * CKA_LOCAL shall be TRUE even in copied object as original object
3569 * was generated using C_GenerateKey()
3570 */
3571 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_template,
3572 ARRAY_SIZE(get_template));
3573 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3574 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3575 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3576 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3577 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3578 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3579 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
3580 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3581 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3582 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3583 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3584 goto out;
3585
3586 rv = C_DestroyObject(rw_session, obj_hdl_cp);
3587 if (!ADBG_EXPECT_CK_OK(c, rv))
3588 goto out;
3589
3590 obj_hdl_cp = CK_INVALID_HANDLE;
3591
3592 Do_ADBG_EndSubCase(c, NULL);
3593
3594 /*
3595 * Duplicate the object generated in RO session using C_CreateObject()
3596 * to another object. Pass Template as NULL and test the attributes of
3597 * new created object.
3598 */
3599 Do_ADBG_BeginSubCase(c, "Copy a non-local object with NULL Template");
3600
3601 /* Copy ro session object */
3602 rv = C_CopyObject(ro_session, obj_hdl_ro, NULL, 0, &obj_hdl_cp);
3603 if (!ADBG_EXPECT_CK_OK(c, rv))
3604 goto out;
3605
3606 /*
3607 * Check its attribute values, should match the original object.
3608 * CKA_LOCAL shall be FALSE even in copied object as original object
3609 * was generated using C_CreateObject()
3610 */
3611 rv = C_GetAttributeValue(ro_session, obj_hdl_cp, get_template,
3612 ARRAY_SIZE(get_template));
3613 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3614 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3615 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3616 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3617 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3618 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3619 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
3620 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3621 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3622 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3623 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3624 goto out;
3625
3626 rv = C_DestroyObject(ro_session, obj_hdl_cp);
3627 if (!ADBG_EXPECT_CK_OK(c, rv))
3628 goto out;
3629
3630 obj_hdl_cp = CK_INVALID_HANDLE;
3631
3632 Do_ADBG_EndSubCase(c, NULL);
3633
3634 /*
3635 * Test copying object with a valid template and check if attributes
3636 * get modified as indicated in the template. Checks modification of
3637 * attributes like CKA_TOKEN, CKA_MODIFIABLE which were not modifiable
3638 * via C_SetAttributeValue(). Also modifies the CKA_SENSITIVE,
3639 * CKA_EXTRACTABLE and checks corresponding values of RO attributes
3640 * CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE.
3641 */
3642 Do_ADBG_BeginSubCase(c, "Copy Object with Valid Template");
3643
3644 /*
3645 * Copy Session Object as a Token object
3646 * Properties CKA_MODIFIABLE turned to FALSE
3647 * CKA_EXTRACTABLE changed from TRUE to FALSE
3648 * CKA_NEVER_EXTRACTABLE should be FALSE.
3649 * CKA_SENSITIVE set to TRUE
3650 * However CKA_ALWAYS_SENSITIVE should be FALSE
3651 */
3652 rv = C_CopyObject(rw_session, obj_hdl, copy_template,
3653 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3654 if (!ADBG_EXPECT_CK_OK(c, rv))
3655 goto out;
3656
3657 /* Check the changed attribute values */
3658 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_template,
3659 ARRAY_SIZE(get_template));
3660 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3661 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_TRUE) ||
3662 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_FALSE) ||
3663 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
3664 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3665 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
3666 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3667 goto out;
3668
Vesa Jääskeläinen06f428a2021-06-27 20:02:29 +0300[diff] [blame]3669 /* Check that we cannot anymore get (secret) CKA_VALUE */
3670 get_value_template[0].ulValueLen = sizeof(g_value);
3671 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_value_template,
3672 ARRAY_SIZE(get_value_template));
3673 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_SENSITIVE, rv) ||
3674 !(get_value_template[0].ulValueLen == CK_UNAVAILABLE_INFORMATION))
3675 goto close_session;
3676
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3677 /*
3678 * The copied object has CKA_MODIFIABLE set to FALSE. Check if
3679 * call to C_SetAttributeValue() returns CKR_ACTION_PROHIBITED
3680 */
3681 rv = C_SetAttributeValue(rw_session, obj_hdl_cp, set_template,
3682 ARRAY_SIZE(set_template));
3683 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ACTION_PROHIBITED, rv))
3684 goto out;
3685
3686 rv = C_DestroyObject(rw_session, obj_hdl_cp);
3687 if (!ADBG_EXPECT_CK_OK(c, rv))
3688 goto out;
3689
3690 obj_hdl_cp = CK_INVALID_HANDLE;
3691
3692 Do_ADBG_EndSubCase(c, NULL);
3693
3694 /*
3695 * Test changing the CKA_PRIVATE to TRUE when copying object.
3696 * Fails when user is not logged in. Passes after user logs in
3697 */
3698 Do_ADBG_BeginSubCase(c, "Copy Object as a Private Object");
3699
3700 /* The first attempt will fail as user is not logged in */
3701 rv = C_CopyObject(rw_session, obj_hdl, copy_template_priv,
3702 ARRAY_SIZE(copy_template_priv), &obj_hdl_cp);
3703 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3704 goto out;
3705
3706 /* Login to Test Token and repeat*/
3707 rv = C_Login(rw_session, CKU_USER, test_token_user_pin,
3708 sizeof(test_token_user_pin));
3709 if (!ADBG_EXPECT_CK_OK(c, rv))
3710 goto out;
3711
3712 /* Try copying a public object to a private object - should pass */
3713 rv = C_CopyObject(rw_session, obj_hdl, copy_template_priv,
3714 ARRAY_SIZE(copy_template_priv), &obj_hdl_cp);
3715 if (!ADBG_EXPECT_CK_OK(c, rv)) {
3716 ADBG_EXPECT_CK_OK(c, C_Logout(rw_session));
3717 goto out;
3718 }
3719
3720 if (!ADBG_EXPECT_CK_OK(c, C_Logout(rw_session)))
3721 goto out;
3722
3723 Do_ADBG_EndSubCase(c, NULL);
3724
3725 Do_ADBG_BeginSubCase(c, "Copy Object with Invalid Template");
3726
3727 rv = C_CopyObject(rw_session, obj_hdl, copy_template_inv,
3728 ARRAY_SIZE(copy_template_inv), &obj_hdl_cp);
3729 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_TYPE_INVALID, rv))
3730 goto out;
3731
3732 Do_ADBG_EndSubCase(c, NULL);
3733
3734 Do_ADBG_BeginSubCase(c, "Copy Object with COPYABLE false");
3735
3736 rv = C_SetAttributeValue(rw_session, obj_hdl, set_template,
3737 ARRAY_SIZE(set_template));
3738 if (!ADBG_EXPECT_CK_OK(c, rv))
3739 goto out;
3740
3741 rv = C_CopyObject(rw_session, obj_hdl, copy_template,
3742 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3743 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ACTION_PROHIBITED, rv))
3744 goto out;
3745
3746 Do_ADBG_EndSubCase(c, NULL);
3747
3748 Do_ADBG_BeginSubCase(c, "Copy session object to token in RO session");
3749
3750 rv = C_CopyObject(ro_session, obj_hdl_ro, copy_template,
3751 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3752 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3753 goto out;
3754
3755out:
3756 Do_ADBG_EndSubCase(c, NULL);
3757
3758 /* Destroy any token objects which may have been created */
3759 destroy_persistent_objects(c, slot);
3760
3761close_session:
3762 /* Closing session will also destroy all session objects */
3763 if (ro_session != CK_INVALID_HANDLE)
3764 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3765
3766 ADBG_EXPECT_CK_OK(c, C_CloseSession(rw_session));
3767
3768close_lib:
3769 ADBG_EXPECT_CK_OK(c, close_lib());
3770}
3771ADBG_CASE_DEFINE(pkcs11, 1015, xtest_pkcs11_test_1015,
3772 "PKCS11: Test C_CopyObject()");
Vesa Jääskeläinenf8687fe2021-02-06 20:58:22 +0200[diff] [blame]3773
3774static void xtest_pkcs11_test_1016(ADBG_Case_t *c)
3775{
3776 CK_RV rv = CKR_GENERAL_ERROR;
3777 CK_SLOT_ID slot = 0;
3778 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3779 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3780 uint8_t buffer[64] = { 0 };
3781 size_t i = 0;
3782
3783 rv = init_lib_and_find_token_slot(&slot);
3784 if (!ADBG_EXPECT_CK_OK(c, rv))
3785 return;
3786
3787 rv = init_test_token(slot);
3788 if (!ADBG_EXPECT_CK_OK(c, rv))
3789 goto close_lib;
3790
3791 rv = init_user_test_token(slot);
3792 if (!ADBG_EXPECT_CK_OK(c, rv))
3793 goto close_lib;
3794
3795 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3796 if (!ADBG_EXPECT_CK_OK(c, rv))
3797 goto close_lib;
3798
3799 Do_ADBG_BeginSubCase(c, "Seed random bytes");
3800
3801 memset(buffer, 0xCC, sizeof(buffer));
3802
3803 rv = C_SeedRandom(session, buffer, sizeof(buffer));
3804 if (!ADBG_EXPECT_CK_OK(c, rv))
3805 goto out;
3806
3807 Do_ADBG_EndSubCase(c, NULL);
3808
3809 Do_ADBG_BeginSubCase(c, "Seed random bytes with zero length buffer");
3810
3811 rv = C_SeedRandom(session, buffer, 0);
3812 if (!ADBG_EXPECT_CK_OK(c, rv))
3813 goto out;
3814
3815 rv = C_SeedRandom(session, NULL, 0);
3816 if (!ADBG_EXPECT_CK_OK(c, rv))
3817 goto out;
3818
3819 Do_ADBG_EndSubCase(c, NULL);
3820
3821 Do_ADBG_BeginSubCase(c, "Generate random bytes");
3822
3823 memset(buffer, 0xCC, sizeof(buffer));
3824
3825 rv = C_GenerateRandom(session, buffer, 61);
3826 if (!ADBG_EXPECT_CK_OK(c, rv))
3827 goto out;
3828
3829 /* Verify that end of buffer is still 0xCC */
3830 for (i = 61; i < sizeof(buffer); i++)
3831 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, buffer[i], ==, 0xCC))
3832 break;
3833
3834 Do_ADBG_EndSubCase(c, NULL);
3835
3836 Do_ADBG_BeginSubCase(c, "Generate random bytes with zero length buffer");
3837
3838 memset(buffer, 0xCC, sizeof(buffer));
3839
3840 rv = C_GenerateRandom(session, buffer, 0);
3841 if (!ADBG_EXPECT_CK_OK(c, rv))
3842 goto out;
3843
3844 /* Verify that whole buffer is still 0xCC */
3845 for (i = 0; i < sizeof(buffer); i++)
3846 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, buffer[i], ==, 0xCC))
3847 break;
3848
3849 rv = C_GenerateRandom(session, NULL, 0);
3850 ADBG_EXPECT_CK_OK(c, rv);
3851
3852out:
3853 Do_ADBG_EndSubCase(c, NULL);
3854
3855 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
3856
3857close_lib:
3858 ADBG_EXPECT_CK_OK(c, close_lib());
3859}
3860ADBG_CASE_DEFINE(pkcs11, 1016, xtest_pkcs11_test_1016,
3861 "PKCS11: Random number generator tests");
Ruchika Gupta5f7717a2021-02-17 13:34:24 +0530[diff] [blame]3862
3863static CK_RV derive_sym_key(CK_SESSION_HANDLE session,
3864 CK_OBJECT_HANDLE parent_key,
3865 CK_MECHANISM_TYPE mechanism, size_t data_len,
3866 CK_OBJECT_HANDLE_PTR derv_key_hdl, size_t key_len,
3867 CK_OBJECT_CLASS key_class, CK_KEY_TYPE key_type,
3868 CK_BBOOL sensitive, CK_BBOOL extble)
3869{
3870 CK_RV rv = CKR_GENERAL_ERROR;
3871 uint8_t buffer[512] = { 0 };
3872 uint8_t iv[16] = { 0 };
3873 CK_MECHANISM mech_derive = { 0 };
3874 CK_KEY_DERIVATION_STRING_DATA key_derv_param = { 0 };
Victor Chonge3a876d2021-05-04 18:03:07 +0100[diff] [blame]3875 CK_AES_CBC_ENCRYPT_DATA_PARAMS aes_cbc_param = { };
Ruchika Gupta5f7717a2021-02-17 13:34:24 +0530[diff] [blame]3876 CK_ATTRIBUTE derived_key_template[] = {
3877 { CKA_CLASS, &key_class, sizeof(key_class) },
3878 { CKA_KEY_TYPE, &key_type, sizeof(key_type) },
3879 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3880 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3881 { CKA_SENSITIVE, &sensitive, sizeof(sensitive) },
3882 { CKA_EXTRACTABLE, &extble, sizeof(extble) },
3883 { CKA_VALUE_LEN, &key_len, sizeof(key_len) }
3884 };
3885
3886 if (data_len > sizeof(buffer))
3887 return rv;
3888
3889 switch (mechanism) {
3890 case CKM_AES_ECB_ENCRYPT_DATA:
3891 key_derv_param.pData = buffer;
3892 key_derv_param.ulLen = data_len;
3893 mech_derive.mechanism = mechanism;
3894 mech_derive.pParameter = &key_derv_param;
3895 mech_derive.ulParameterLen = sizeof(key_derv_param);
3896 break;
3897 case CKM_AES_CBC_ENCRYPT_DATA:
3898 memcpy(aes_cbc_param.iv, iv, 16);
3899 aes_cbc_param.pData = buffer;
3900 aes_cbc_param.length = data_len;
3901 mech_derive.mechanism = mechanism;
3902 mech_derive.pParameter = &aes_cbc_param;
3903 mech_derive.ulParameterLen = sizeof(aes_cbc_param);
3904 break;
3905 case CKM_AES_ECB:
3906 /* Not a derivation algorithm */
3907 mech_derive.mechanism = mechanism;
3908 mech_derive.pParameter = NULL;
3909 mech_derive.ulParameterLen = 0;
3910 break;
3911 default:
3912 return rv;
3913 }
3914
3915 /* Don't use VALUE_LEN parameter if key_len passed is 0 */
3916 if (key_len)
3917 rv = C_DeriveKey(session, &mech_derive, parent_key,
3918 derived_key_template,
3919 ARRAY_SIZE(derived_key_template),
3920 derv_key_hdl);
3921 else
3922 /* last attribute in template is the derived key size */
3923 rv = C_DeriveKey(session, &mech_derive, parent_key,
3924 derived_key_template,
3925 ARRAY_SIZE(derived_key_template) - 1,
3926 derv_key_hdl);
3927 return rv;
3928}
3929
3930static void xtest_pkcs11_test_1017(ADBG_Case_t *c)
3931{
3932 CK_RV rv = CKR_GENERAL_ERROR;
3933 CK_SLOT_ID slot = 0;
3934 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3935 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3936 CK_OBJECT_HANDLE derv_key_hdl = CK_INVALID_HANDLE;
3937 CK_OBJECT_HANDLE aes_key1 = CK_INVALID_HANDLE;
3938 CK_OBJECT_HANDLE aes_key2 = CK_INVALID_HANDLE;
3939 CK_OBJECT_HANDLE aes_key_enc = CK_INVALID_HANDLE;
3940 size_t data_len = 0;
3941 size_t key_len = 0;
3942 CK_BBOOL g_extract = CK_FALSE;
3943 CK_BBOOL g_sensitive = CK_FALSE;
3944 CK_BBOOL g_nextract = CK_FALSE;
3945 CK_BBOOL g_asensitive = CK_FALSE;
3946 CK_BBOOL g_local = CK_FALSE;
3947 CK_OBJECT_CLASS g_class = CKO_VENDOR_DEFINED;
3948 CK_KEY_TYPE g_key_type = CKK_VENDOR_DEFINED;
3949 uint8_t g_val[516] = { 0 };
3950 CK_ULONG secret_len = 0;
3951 CK_ATTRIBUTE get_template[] = {
3952 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
3953 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
3954 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
3955 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
3956 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
3957 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
3958 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
3959 { CKA_VALUE_LEN, &secret_len, sizeof(secret_len) },
3960 /*
3961 * CKA_VALUE should remain last attribute in template,
3962 * in this test case as we check the length returned
3963 * from last index of the get_template in this test.
3964 */
3965 { CKA_VALUE, g_val, sizeof(g_val) },
3966 };
3967 uint32_t idx = ARRAY_SIZE(get_template) - 1;
3968 CK_ATTRIBUTE parent_template1[] = {
3969 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3970 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3971 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3972 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3973 };
3974 CK_ATTRIBUTE parent_template2[] = {
3975 { CKA_SENSITIVE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3976 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3977 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3978 { CKA_ENCRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3979 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3980 };
3981 CK_ATTRIBUTE parent_template_wo_derive[] = {
3982 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3983 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3984 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3985 };
3986 CK_ATTRIBUTE parent_template_w_enc_der[] = {
3987 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3988 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3989 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3990 };
3991
3992 rv = init_lib_and_find_token_slot(&slot);
3993 if (!ADBG_EXPECT_CK_OK(c, rv))
3994 return;
3995
3996 rv = init_test_token(slot);
3997 if (!ADBG_EXPECT_CK_OK(c, rv))
3998 goto close_lib;
3999
4000 rv = init_user_test_token(slot);
4001 if (!ADBG_EXPECT_CK_OK(c, rv))
4002 goto close_lib;
4003
4004 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
4005 if (!ADBG_EXPECT_CK_OK(c, rv))
4006 goto close_lib;
4007
4008 /*
4009 * Parent AES Key 1
4010 * SENSITIVE = TRUE, EXTRACTABLE = FALSE
4011 * ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4012 */
4013 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4014 parent_template1, ARRAY_SIZE(parent_template1),
4015 &aes_key1);
4016 if (!ADBG_EXPECT_CK_OK(c, rv))
4017 goto close_session;
4018
4019 /*
4020 * Parent AES Key 2
4021 * SENSITIVE = FALSE, EXTRACTABLE = TRUE
4022 * ALWAYS_SENSITIVE = FALSE, NEVER_EXTRACTABLE = FALSE
4023 */
4024 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4025 parent_template2, ARRAY_SIZE(parent_template2),
4026 &aes_key2);
4027 if (!ADBG_EXPECT_CK_OK(c, rv))
4028 goto close_session;
4029
4030 Do_ADBG_BeginSubCase(c, "Derive Generic secret - AES-ECB Mechanism");
4031
4032 /*
4033 * Use AES key 1 as Parent key
4034 * 1. VALUE_LEN attribute not given in derivation template. Length
4035 * of key should be same as that of data length.
4036 * 2. Derivation template has SENSITIVE = TRUE, EXTRACTABLE = FALSE
4037 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4038 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4039 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4040 * 3. LOCAL should be false
4041 */
4042 data_len = 512;
4043 key_len = 0;
4044 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4045 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4046 CKK_GENERIC_SECRET, CK_TRUE, CK_FALSE);
4047 if (!ADBG_EXPECT_CK_OK(c, rv))
4048 goto out;
4049
4050 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4051 ARRAY_SIZE(get_template) - 1);
4052 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4053 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, data_len) ||
4054 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4055 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==,
4056 CKK_GENERIC_SECRET) ||
4057 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4058 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
4059 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
4060 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_TRUE) ||
4061 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE))
4062 goto out;
4063
4064 rv = C_DestroyObject(session, derv_key_hdl);
4065 if (!ADBG_EXPECT_CK_OK(c, rv))
4066 goto out;
4067
4068 Do_ADBG_EndSubCase(c, NULL);
4069
4070 Do_ADBG_BeginSubCase(c, "Derive AES key using AES-EBC");
4071
4072 /*
4073 * Use AES key 2 as Parent key
4074 * 1. VALUE_LEN < DATA_LEN, Derived key should have VALUE_LEN key size
4075 * 2. Derivation template has SENSITIVE = TRUE, EXTRACTABLE = FALSE
4076 * Parent key has ALWAYS_SENSITIVE = FALSE, NEVER_EXTRACTABLE = FALSE
4077 * So derived key, ALWAYS_SENSITIVE will be FALSE and
4078 * NEVER_EXTRACTABLE will be FALSE
4079 * 3. LOCAL should be false
4080 */
4081 data_len = 32;
4082 key_len = 16;
4083 rv = derive_sym_key(session, aes_key2, CKM_AES_ECB_ENCRYPT_DATA,
4084 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4085 CKK_AES, CK_TRUE, CK_FALSE);
4086 if (!ADBG_EXPECT_CK_OK(c, rv))
4087 goto out;
4088
4089 /* This being a SENSITIVE object, we can't get the VALUE */
4090 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4091 ARRAY_SIZE(get_template) - 1);
4092 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4093 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4094 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4095 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
4096 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4097 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
4098 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
4099 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4100 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
4101 goto out;
4102
4103 rv = C_DestroyObject(session, derv_key_hdl);
4104 if (!ADBG_EXPECT_CK_OK(c, rv))
4105 goto out;
4106
4107 Do_ADBG_EndSubCase(c, NULL);
4108
4109 Do_ADBG_BeginSubCase(c, "Derive AES key using AES-CBC");
4110
4111 /*
4112 * Use AES key 1 as Parent key
4113 * 1. VALUE_LEN = DATA_LEN, Derived key should have VALUE_LEN key size
4114 * 2. Derivation template has SENSITIVE = FALSE, EXTRACTABLE = FALSE
4115 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4116 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4117 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4118 * 3. LOCAL should be false
4119 */
4120 data_len = 32;
4121 key_len = 32;
4122 rv = derive_sym_key(session, aes_key1, CKM_AES_CBC_ENCRYPT_DATA,
4123 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4124 CKK_AES, CK_FALSE, CK_FALSE);
4125 if (!ADBG_EXPECT_CK_OK(c, rv))
4126 goto out;
4127
4128 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4129 ARRAY_SIZE(get_template) - 1);
4130 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4131 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4132 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4133 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
4134 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4135 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
4136 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
4137 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4138 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE))
4139 goto out;
4140
4141 rv = C_DestroyObject(session, derv_key_hdl);
4142 if (!ADBG_EXPECT_CK_OK(c, rv))
4143 goto out;
4144
4145 Do_ADBG_EndSubCase(c, NULL);
4146
4147 Do_ADBG_BeginSubCase(c, "Derive Generic secret key using AES-CBC");
4148 /*
4149 * Use AES key 2 as Parent key
4150 * 1. VALUE_LEN < DATA_LEN, Derived key should have VALUE_LEN key size
4151 * 2. Derivation template has SENSITIVE = FALSE, EXTRACTABLE = TRUE
4152 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4153 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4154 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4155 * 3. LOCAL should be false
4156 */
4157 data_len = 512;
4158 key_len = 256;
4159 rv = derive_sym_key(session, aes_key2, CKM_AES_CBC_ENCRYPT_DATA,
4160 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4161 CKK_GENERIC_SECRET, CK_FALSE, CK_TRUE);
4162 if (!ADBG_EXPECT_CK_OK(c, rv))
4163 goto out;
4164
4165 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4166 ARRAY_SIZE(get_template));
4167 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4168 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_template[idx].ulValueLen, ==,
4169 key_len) ||
4170 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4171 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4172 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==,
4173 CKK_GENERIC_SECRET) ||
4174 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4175 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
4176 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
4177 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4178 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
4179 goto out;
4180
4181 rv = C_DestroyObject(session, derv_key_hdl);
4182 if (!ADBG_EXPECT_CK_OK(c, rv))
4183 goto out;
4184
4185 Do_ADBG_EndSubCase(c, NULL);
4186
4187 Do_ADBG_BeginSubCase(c, "Invalid parameters during derivation");
4188
4189 /* Length of data used for derivation < key length */
4190 data_len = 16;
4191 key_len = 32;
4192 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4193 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4194 CKK_AES, CK_FALSE, CK_TRUE);
4195 if (!ADBG_EXPECT_CK_RESULT(c, CKR_DATA_LEN_RANGE, rv))
4196 goto out;
4197
4198 /* Data is not multiple of 16 */
4199 data_len = 18;
4200 key_len = 32;
4201 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4202 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4203 CKK_AES, CK_FALSE, CK_TRUE);
4204 if (!ADBG_EXPECT_CK_RESULT(c, CKR_DATA_LEN_RANGE, rv))
4205 goto out;
4206
4207 /* Wrong Mechanism */
4208 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB,
4209 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4210 CKK_AES, CK_FALSE, CK_TRUE);
4211 if (!ADBG_EXPECT_CK_RESULT(c, CKR_MECHANISM_INVALID, rv))
4212 goto out;
4213
4214 Do_ADBG_EndSubCase(c, NULL);
4215
4216 Do_ADBG_BeginSubCase(c, "Failure if operation already active");
4217
4218 /* Generate an AES key which can perform Encryption */
4219 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4220 parent_template_w_enc_der,
4221 ARRAY_SIZE(parent_template_w_enc_der),
4222 &aes_key_enc);
4223 if (!ADBG_EXPECT_CK_OK(c, rv))
4224 goto out;
4225
4226 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, aes_key_enc);
4227 if (!ADBG_EXPECT_CK_OK(c, rv))
4228 goto out;
4229
4230 data_len = 32;
4231 key_len = 32;
4232 rv = derive_sym_key(session, aes_key2, CKM_AES_ECB_ENCRYPT_DATA,
4233 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4234 CKK_AES, CK_FALSE, CK_TRUE);
4235 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_ACTIVE, rv))
4236 goto out;
4237
4238 rv = C_EncryptFinal(session, NULL, NULL);
4239 /* Only check that the operation is no more active */
4240 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
4241 goto out;
4242
4243 Do_ADBG_EndSubCase(c, NULL);
4244
4245 Do_ADBG_BeginSubCase(c, "Failure if parent key CKA_ENCRYPT is TRUE");
4246
4247 data_len = 32;
4248 key_len = 32;
4249 rv = derive_sym_key(session, aes_key_enc, CKM_AES_ECB_ENCRYPT_DATA,
4250 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4251 CKK_AES, CK_FALSE, CK_TRUE);
4252 /*
4253 * Not strictly expecting FUNCTION_FAILED but expecting a failure
4254 * as we have added a restriction that keys with attribute CKA_ENCRYPT
4255 * set can't be used for derivation.
4256 */
4257 if (!ADBG_EXPECT_CK_RESULT(c, CKR_FUNCTION_FAILED, rv))
4258 goto out;
4259
4260 Do_ADBG_EndSubCase(c, NULL);
4261
4262 Do_ADBG_BeginSubCase(c, "Failure if parent key CKA_DERIVE is FALSE");
4263
4264 rv = C_DestroyObject(session, aes_key1);
4265 if (!ADBG_EXPECT_CK_OK(c, rv))
4266 goto out;
4267
4268 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4269 parent_template_wo_derive,
4270 ARRAY_SIZE(parent_template_wo_derive),
4271 &aes_key1);
4272 if (!ADBG_EXPECT_CK_OK(c, rv))
4273 goto out;
4274
4275 data_len = 32;
4276 key_len = 32;
4277 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4278 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4279 CKK_AES, CK_FALSE, CK_TRUE);
4280 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_TYPE_INCONSISTENT, rv))
4281 goto out;
4282
4283out:
4284 Do_ADBG_EndSubCase(c, NULL);
4285
4286close_session:
4287 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
4288
4289close_lib:
4290 ADBG_EXPECT_CK_OK(c, close_lib());
4291}
4292ADBG_CASE_DEFINE(pkcs11, 1017, xtest_pkcs11_test_1017,
4293 "PKCS11: AES Key Derivation tests");
Vesa Jääskeläinenc95ee1e2021-03-06 12:20:12 +0200[diff] [blame]4294
4295/* Digest test patterns */
4296static const char digest_test_pattern[] = "The quick brown fox jumps over the lazy dog";
4297static const char digest_test_pattern_empty[] = "";
4298
4299/* MD5 checksums for digest test patterns */
4300static const uint8_t digest_test_pattern_md5[] = {
4301 0x9e, 0x10, 0x7d, 0x9d, 0x37, 0x2b, 0xb6, 0x82, 0x6b, 0xd8, 0x1d, 0x35,
4302 0x42, 0xa4, 0x19, 0xd6
4303};
4304static const uint8_t digest_test_pattern_empty_md5[] = {
4305 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, 0xe9, 0x80, 0x09, 0x98,
4306 0xec, 0xf8, 0x42, 0x7e
4307};
4308
4309/* SHA-1 checksums for digest test patterns */
4310static const uint8_t digest_test_pattern_sha1[] = {
4311 0x2f, 0xd4, 0xe1, 0xc6, 0x7a, 0x2d, 0x28, 0xfc, 0xed, 0x84, 0x9e, 0xe1,
4312 0xbb, 0x76, 0xe7, 0x39, 0x1b, 0x93, 0xeb, 0x12
4313};
4314static const uint8_t digest_test_pattern_empty_sha1[] = {
4315 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55, 0xbf, 0xef,
4316 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09
4317};
4318
4319/* SHA-224 checksums for digest test patterns */
4320static const uint8_t digest_test_pattern_sha224[] = {
4321 0x73, 0x0e, 0x10, 0x9b, 0xd7, 0xa8, 0xa3, 0x2b, 0x1c, 0xb9, 0xd9, 0xa0,
4322 0x9a, 0xa2, 0x32, 0x5d, 0x24, 0x30, 0x58, 0x7d, 0xdb, 0xc0, 0xc3, 0x8b,
4323 0xad, 0x91, 0x15, 0x25
4324};
4325static const uint8_t digest_test_pattern_empty_sha224[] = {
4326 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47, 0x61, 0x02, 0xbb,
4327 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
4328 0xc5, 0xb3, 0xe4, 0x2f
4329};
4330
4331/* SHA-256 checksums for digest test patterns */
4332static const uint8_t digest_test_pattern_sha256[] = {
4333 0xd7, 0xa8, 0xfb, 0xb3, 0x07, 0xd7, 0x80, 0x94, 0x69, 0xca, 0x9a, 0xbc,
4334 0xb0, 0x08, 0x2e, 0x4f, 0x8d, 0x56, 0x51, 0xe4, 0x6d, 0x3c, 0xdb, 0x76,
4335 0x2d, 0x02, 0xd0, 0xbf, 0x37, 0xc9, 0xe5, 0x92
4336};
4337static const uint8_t digest_test_pattern_empty_sha256[] = {
4338 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
4339 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
4340 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
4341};
4342
4343/* SHA-384 checksums for digest test patterns */
4344static const uint8_t digest_test_pattern_sha384[] = {
4345 0xca, 0x73, 0x7f, 0x10, 0x14, 0xa4, 0x8f, 0x4c, 0x0b, 0x6d, 0xd4, 0x3c,
4346 0xb1, 0x77, 0xb0, 0xaf, 0xd9, 0xe5, 0x16, 0x93, 0x67, 0x54, 0x4c, 0x49,
4347 0x40, 0x11, 0xe3, 0x31, 0x7d, 0xbf, 0x9a, 0x50, 0x9c, 0xb1, 0xe5, 0xdc,
4348 0x1e, 0x85, 0xa9, 0x41, 0xbb, 0xee, 0x3d, 0x7f, 0x2a, 0xfb, 0xc9, 0xb1
4349};
4350static const uint8_t digest_test_pattern_empty_sha384[] = {
4351 0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e,
4352 0xb1, 0xb1, 0xe3, 0x6a, 0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43,
4353 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, 0x27, 0x4e, 0xde, 0xbf,
4354 0xe7, 0x6f, 0x65, 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b
4355};
4356
4357/* SHA-512 checksums for digest test patterns */
4358static const uint8_t digest_test_pattern_sha512[] = {
4359 0x07, 0xe5, 0x47, 0xd9, 0x58, 0x6f, 0x6a, 0x73, 0xf7, 0x3f, 0xba, 0xc0,
4360 0x43, 0x5e, 0xd7, 0x69, 0x51, 0x21, 0x8f, 0xb7, 0xd0, 0xc8, 0xd7, 0x88,
4361 0xa3, 0x09, 0xd7, 0x85, 0x43, 0x6b, 0xbb, 0x64, 0x2e, 0x93, 0xa2, 0x52,
4362 0xa9, 0x54, 0xf2, 0x39, 0x12, 0x54, 0x7d, 0x1e, 0x8a, 0x3b, 0x5e, 0xd6,
4363 0xe1, 0xbf, 0xd7, 0x09, 0x78, 0x21, 0x23, 0x3f, 0xa0, 0x53, 0x8f, 0x3d,
4364 0xb8, 0x54, 0xfe, 0xe6
4365};
4366static const uint8_t digest_test_pattern_empty_sha512[] = {
4367 0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, 0xf1, 0x54, 0x28, 0x50,
4368 0xd6, 0x6d, 0x80, 0x07, 0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
4369 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, 0x47, 0xd0, 0xd1, 0x3c,
4370 0x5d, 0x85, 0xf2, 0xb0, 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
4371 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, 0xa5, 0x38, 0x32, 0x7a,
4372 0xf9, 0x27, 0xda, 0x3e
4373};
4374
4375#define DIGEST_TEST(_test_name, _mecha, _data, _digest) \
4376 { \
4377 .test_name = _test_name, \
4378 .mecha = _mecha, \
4379 .data = _data, \
4380 .data_size = sizeof(_data) - 1, \
4381 .digest = _digest, \
4382 .digest_size = sizeof(_digest) \
4383 }
4384
4385/* Digest simple test suite */
4386static struct {
4387 const char *test_name;
4388 CK_MECHANISM_TYPE mecha;
4389 const void *data;
4390 CK_ULONG data_size;
4391 const uint8_t *digest;
4392 CK_ULONG digest_size;
4393} digest_test_patterns[] = {
4394 DIGEST_TEST("CKM_MD5/empty", CKM_MD5, digest_test_pattern_empty,
4395 digest_test_pattern_empty_md5),
4396 DIGEST_TEST("CKM_MD5/test pattern", CKM_MD5, digest_test_pattern,
4397 digest_test_pattern_md5),
4398 DIGEST_TEST("CKM_SHA_1/empty", CKM_SHA_1, digest_test_pattern_empty,
4399 digest_test_pattern_empty_sha1),
4400 DIGEST_TEST("CKM_SHA_1/test pattern", CKM_SHA_1, digest_test_pattern,
4401 digest_test_pattern_sha1),
4402 DIGEST_TEST("CKM_SHA224/empty", CKM_SHA224, digest_test_pattern_empty,
4403 digest_test_pattern_empty_sha224),
4404 DIGEST_TEST("CKM_SHA224/test pattern", CKM_SHA224, digest_test_pattern,
4405 digest_test_pattern_sha224),
4406 DIGEST_TEST("CKM_SHA256/empty", CKM_SHA256, digest_test_pattern_empty,
4407 digest_test_pattern_empty_sha256),
4408 DIGEST_TEST("CKM_SHA256/test pattern", CKM_SHA256, digest_test_pattern,
4409 digest_test_pattern_sha256),
4410 DIGEST_TEST("CKM_SHA384/empty", CKM_SHA384, digest_test_pattern_empty,
4411 digest_test_pattern_empty_sha384),
4412 DIGEST_TEST("CKM_SHA384/test pattern", CKM_SHA384, digest_test_pattern,
4413 digest_test_pattern_sha384),
4414 DIGEST_TEST("CKM_SHA512/empty", CKM_SHA512, digest_test_pattern_empty,
4415 digest_test_pattern_empty_sha512),
4416 DIGEST_TEST("CKM_SHA512/test pattern", CKM_SHA512, digest_test_pattern,
4417 digest_test_pattern_sha512),
4418};
4419
4420static CK_ATTRIBUTE digest_generate_aes_object[] = {
4421 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
4422 sizeof(CK_OBJECT_CLASS) },
4423 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_AES }, sizeof(CK_KEY_TYPE) },
4424 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4425 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4426 { CKA_SENSITIVE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4427 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
4428 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
4429};
4430
4431static CK_ATTRIBUTE digest_generate_gensecret_object[] = {
4432 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
4433 sizeof(CK_OBJECT_CLASS) },
4434 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_GENERIC_SECRET },
4435 sizeof(CK_KEY_TYPE) },
4436 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4437 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4438 { CKA_SENSITIVE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4439 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]4440 { CKA_VALUE_LEN, &(CK_ULONG){ 32 }, sizeof(CK_ULONG) },
Vesa Jääskeläinenc95ee1e2021-03-06 12:20:12 +0200[diff] [blame]4441};
4442
4443static CK_ATTRIBUTE digest_data_object[] = {
4444 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_DATA },
4445 sizeof(CK_OBJECT_CLASS) },
4446 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4447 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4448};
4449
4450static void xtest_pkcs11_test_1018(ADBG_Case_t *c)
4451{
4452 CK_RV rv = CKR_GENERAL_ERROR;
4453 CK_SLOT_ID slot = 0;
4454 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
4455 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
4456 bool logged_in = false;
4457 uint8_t data[128] = { 0 };
4458 CK_ULONG data_size = 0;
4459 uint8_t digest[64] = { 0 };
4460 CK_ULONG digest_size = 0;
4461 const uint8_t *expect_digest = NULL;
4462 CK_ULONG expect_digest_size = 0;
4463 CK_MECHANISM mechanism = { CKM_MD5, NULL, 0 };
4464 uint8_t secret_data[128] = { 0 };
4465 CK_ULONG secret_data_size __maybe_unused = 0;
4466 CK_ATTRIBUTE digest_get_secret_value[] = {
4467 { CKA_VALUE, &secret_data, sizeof(secret_data) },
4468 };
4469 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
4470#ifdef OPENSSL_FOUND
4471 EVP_MD_CTX *mdctx = NULL;
4472 unsigned char hash[EVP_MAX_MD_SIZE] = { 0 };
4473 unsigned int md_len = 0;
4474 int ret = 0;
4475#endif
4476 size_t i = 0;
4477
4478 rv = init_lib_and_find_token_slot(&slot);
4479 if (!ADBG_EXPECT_CK_OK(c, rv))
4480 return;
4481
4482 rv = init_test_token(slot);
4483 if (!ADBG_EXPECT_CK_OK(c, rv))
4484 goto close_lib;
4485
4486 rv = init_user_test_token(slot);
4487 if (!ADBG_EXPECT_CK_OK(c, rv))
4488 goto close_lib;
4489
4490 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
4491 if (!ADBG_EXPECT_CK_OK(c, rv))
4492 goto close_lib;
4493
4494 /* Test out simple successful cases with init+update+final*/
4495 for (i = 0; i < ARRAY_SIZE(digest_test_patterns); i++) {
4496 Do_ADBG_BeginSubCase(c, "Simple digest tests - update - %s",
4497 digest_test_patterns[i].test_name);
4498
4499 mechanism.mechanism = digest_test_patterns[i].mecha;
4500 memset(data, 0xCC, sizeof(data));
4501 memset(digest, 0xCC, sizeof(digest));
4502 digest_size = sizeof(digest);
4503
4504 memcpy(data, digest_test_patterns[i].data,
4505 digest_test_patterns[i].data_size);
4506 data_size = digest_test_patterns[i].data_size;
4507
4508 expect_digest = digest_test_patterns[i].digest;
4509 expect_digest_size = digest_test_patterns[i].digest_size;
4510
4511 rv = C_DigestInit(session, &mechanism);
4512 if (!ADBG_EXPECT_CK_OK(c, rv))
4513 goto out;
4514
4515 rv = C_DigestUpdate(session, data, data_size);
4516 if (!ADBG_EXPECT_CK_OK(c, rv))
4517 goto out;
4518
4519 rv = C_DigestFinal(session, digest, &digest_size);
4520 if (!ADBG_EXPECT_CK_OK(c, rv))
4521 goto out;
4522
4523 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4524 digest, digest_size))
4525 goto out;
4526
4527 /* Verify that end of buffer is still 0xCC */
4528 for (i = expect_digest_size; i < sizeof(digest); i++)
4529 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest[i], ==,
4530 0xCC))
4531 goto out;
4532
4533 Do_ADBG_EndSubCase(c, NULL);
4534 }
4535
4536 /* Test out simple successful cases */
4537 for (i = 0; i < ARRAY_SIZE(digest_test_patterns); i++) {
4538 Do_ADBG_BeginSubCase(c, "Simple digest tests - oneshot - %s",
4539 digest_test_patterns[i].test_name);
4540
4541 mechanism.mechanism = digest_test_patterns[i].mecha;
4542 memset(data, 0xCC, sizeof(data));
4543 memset(digest, 0xCC, sizeof(digest));
4544 digest_size = sizeof(digest);
4545
4546 memcpy(data, digest_test_patterns[i].data,
4547 digest_test_patterns[i].data_size);
4548 data_size = digest_test_patterns[i].data_size;
4549
4550 expect_digest = digest_test_patterns[i].digest;
4551 expect_digest_size = digest_test_patterns[i].digest_size;
4552
4553 rv = C_DigestInit(session, &mechanism);
4554 if (!ADBG_EXPECT_CK_OK(c, rv))
4555 goto out;
4556
4557 rv = C_Digest(session, data, data_size, digest, &digest_size);
4558 if (!ADBG_EXPECT_CK_OK(c, rv))
4559 goto out;
4560
4561 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4562 digest, digest_size))
4563 goto out;
4564
4565 /* Verify that end of buffer is still 0xCC */
4566 for (i = expect_digest_size; i < sizeof(digest); i++)
4567 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest[i], ==,
4568 0xCC))
4569 goto out;
4570
4571 Do_ADBG_EndSubCase(c, NULL);
4572 }
4573
4574 /* Test out key updates */
4575
4576 Do_ADBG_BeginSubCase(c, "Simple digest tests - AES key update - SHA-256");
4577
4578 /* Login to Test Token */
4579 rv = C_Login(session, CKU_USER, test_token_user_pin,
4580 sizeof(test_token_user_pin));
4581 if (!ADBG_EXPECT_CK_OK(c, rv))
4582 goto out;
4583
4584 logged_in = true;
4585
4586 /* Generate AES key */
4587 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4588 digest_generate_aes_object,
4589 ARRAY_SIZE(digest_generate_aes_object),
4590 &key_handle);
4591 if (!ADBG_EXPECT_CK_OK(c, rv))
4592 goto out;
4593
4594 memset(secret_data, 0xCC, sizeof(data));
4595 digest_get_secret_value[0].ulValueLen = sizeof(secret_data);
4596
4597 /* Get value of generated secret for verification purposes */
4598 rv = C_GetAttributeValue(session, key_handle, digest_get_secret_value,
4599 ARRAY_SIZE(digest_get_secret_value));
4600 if (!ADBG_EXPECT_CK_OK(c, rv))
4601 goto out;
4602
4603 secret_data_size = digest_get_secret_value[0].ulValueLen;
4604
4605 /* Calculate digest with PKCS11 */
4606 mechanism.mechanism = CKM_SHA256;
4607
4608 memset(data, 0xCC, sizeof(data));
4609 memset(digest, 0xCC, sizeof(digest));
4610 digest_size = sizeof(digest);
4611
4612 memcpy(data, digest_test_patterns[0].data,
4613 digest_test_patterns[0].data_size);
4614 data_size = digest_test_patterns[0].data_size;
4615
4616 rv = C_DigestInit(session, &mechanism);
4617 if (!ADBG_EXPECT_CK_OK(c, rv))
4618 goto out;
4619
4620 rv = C_DigestUpdate(session, data, data_size);
4621 if (!ADBG_EXPECT_CK_OK(c, rv))
4622 goto out;
4623
4624 rv = C_DigestKey(session, key_handle);
4625 if (!ADBG_EXPECT_CK_OK(c, rv))
4626 goto out;
4627
4628 rv = C_DigestFinal(session, digest, &digest_size);
4629 if (!ADBG_EXPECT_CK_OK(c, rv))
4630 goto out;
4631
4632 /* Verify digest with openssl */
4633#ifdef OPENSSL_FOUND
4634 mdctx = EVP_MD_CTX_create();
4635 if (!ADBG_EXPECT_NOT_NULL(c, mdctx))
4636 goto out;
4637 ret = EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
4638 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4639 goto out;
4640 ret = EVP_DigestUpdate(mdctx, data, data_size);
4641 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4642 goto out;
4643 ret = EVP_DigestUpdate(mdctx, secret_data, secret_data_size);
4644 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4645 goto out;
4646 ret = EVP_DigestFinal_ex(mdctx, hash, &md_len);
4647 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4648 goto out;
4649 EVP_MD_CTX_destroy(mdctx);
4650 mdctx = NULL;
4651
4652 if (!ADBG_EXPECT_BUFFER(c, hash, md_len, digest, digest_size))
4653 goto out;
4654#else
4655 Do_ADBG_Log("OpenSSL not available, skipping C_DigestKey verification");
4656#endif
4657
4658 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4659 key_handle = CK_INVALID_HANDLE;
4660
4661 Do_ADBG_EndSubCase(c, NULL);
4662
4663 Do_ADBG_BeginSubCase(c, "Simple digest tests - generic secret key update - SHA-256");
4664
4665 /* Generate generic secret key */
4666 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
4667 digest_generate_gensecret_object,
4668 ARRAY_SIZE(digest_generate_gensecret_object),
4669 &key_handle);
4670 if (!ADBG_EXPECT_CK_OK(c, rv))
4671 goto out;
4672
4673 memset(secret_data, 0xCC, sizeof(data));
4674 digest_get_secret_value[0].ulValueLen = sizeof(secret_data);
4675
4676 /* Get value of generated secret for verification purposes */
4677 rv = C_GetAttributeValue(session, key_handle, digest_get_secret_value,
4678 ARRAY_SIZE(digest_get_secret_value));
4679 if (!ADBG_EXPECT_CK_OK(c, rv))
4680 goto out;
4681
4682 secret_data_size = digest_get_secret_value[0].ulValueLen;
4683
4684 /* Calculate digest with PKCS11 */
4685 mechanism.mechanism = CKM_SHA256;
4686
4687 memset(data, 0xCC, sizeof(data));
4688 memset(digest, 0xCC, sizeof(digest));
4689 digest_size = sizeof(digest);
4690
4691 memcpy(data, digest_test_patterns[0].data,
4692 digest_test_patterns[0].data_size);
4693 data_size = digest_test_patterns[0].data_size;
4694
4695 rv = C_DigestInit(session, &mechanism);
4696 if (!ADBG_EXPECT_CK_OK(c, rv))
4697 goto out;
4698
4699 rv = C_DigestUpdate(session, data, data_size);
4700 if (!ADBG_EXPECT_CK_OK(c, rv))
4701 goto out;
4702
4703 rv = C_DigestKey(session, key_handle);
4704 if (!ADBG_EXPECT_CK_OK(c, rv))
4705 goto out;
4706
4707 rv = C_DigestFinal(session, digest, &digest_size);
4708 if (!ADBG_EXPECT_CK_OK(c, rv))
4709 goto out;
4710
4711 /* Verify digest with openssl */
4712#ifdef OPENSSL_FOUND
4713 mdctx = EVP_MD_CTX_create();
4714 if (!ADBG_EXPECT_NOT_NULL(c, mdctx))
4715 goto out;
4716 ret = EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
4717 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4718 goto out;
4719 ret = EVP_DigestUpdate(mdctx, data, data_size);
4720 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4721 goto out;
4722 ret = EVP_DigestUpdate(mdctx, secret_data, secret_data_size);
4723 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4724 goto out;
4725 ret = EVP_DigestFinal_ex(mdctx, hash, &md_len);
4726 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4727 goto out;
4728 EVP_MD_CTX_destroy(mdctx);
4729 mdctx = NULL;
4730
4731 if (!ADBG_EXPECT_BUFFER(c, hash, md_len, digest, digest_size))
4732 goto out;
4733#else
4734 Do_ADBG_Log("OpenSSL not available, skipping C_DigestKey verification");
4735#endif
4736
4737 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4738 key_handle = CK_INVALID_HANDLE;
4739
4740 Do_ADBG_EndSubCase(c, NULL);
4741
4742 Do_ADBG_BeginSubCase(c, "Query digest size - C_DigestFinal");
4743
4744 mechanism.mechanism = digest_test_patterns[0].mecha;
4745
4746 memset(data, 0xCC, sizeof(data));
4747 memset(digest, 0xCC, sizeof(digest));
4748 digest_size = 0;
4749
4750 memcpy(data, digest_test_patterns[0].data,
4751 digest_test_patterns[0].data_size);
4752 data_size = digest_test_patterns[0].data_size;
4753
4754 expect_digest = digest_test_patterns[0].digest;
4755 expect_digest_size = digest_test_patterns[0].digest_size;
4756
4757 rv = C_DigestInit(session, &mechanism);
4758 if (!ADBG_EXPECT_CK_OK(c, rv))
4759 goto out;
4760
4761 rv = C_DigestUpdate(session, data, data_size);
4762 if (!ADBG_EXPECT_CK_OK(c, rv))
4763 goto out;
4764
4765 rv = C_DigestFinal(session, NULL, &digest_size);
4766 if (!ADBG_EXPECT_CK_OK(c, rv))
4767 goto out;
4768
4769 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==,
4770 expect_digest_size))
4771 goto out;
4772
4773 rv = C_DigestFinal(session, digest, &digest_size);
4774 if (!ADBG_EXPECT_CK_OK(c, rv))
4775 goto out;
4776
4777 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4778 digest, digest_size))
4779 goto out;
4780
4781 Do_ADBG_EndSubCase(c, NULL);
4782
4783 Do_ADBG_BeginSubCase(c, "Query digest size - C_Digest");
4784
4785 mechanism.mechanism = digest_test_patterns[0].mecha;
4786
4787 memset(data, 0xCC, sizeof(data));
4788 memset(digest, 0xCC, sizeof(digest));
4789 digest_size = 0;
4790
4791 memcpy(data, digest_test_patterns[0].data,
4792 digest_test_patterns[0].data_size);
4793 data_size = digest_test_patterns[0].data_size;
4794
4795 expect_digest = digest_test_patterns[0].digest;
4796 expect_digest_size = digest_test_patterns[0].digest_size;
4797
4798 rv = C_DigestInit(session, &mechanism);
4799 if (!ADBG_EXPECT_CK_OK(c, rv))
4800 goto out;
4801
4802 rv = C_Digest(session, data, data_size, NULL, &digest_size);
4803 if (!ADBG_EXPECT_CK_OK(c, rv))
4804 goto out;
4805
4806 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==,
4807 expect_digest_size))
4808 goto out;
4809
4810 rv = C_Digest(session, data, data_size, digest, &digest_size);
4811 if (!ADBG_EXPECT_CK_OK(c, rv))
4812 goto out;
4813
4814 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4815 digest, digest_size))
4816 goto out;
4817
4818 Do_ADBG_EndSubCase(c, NULL);
4819
4820 Do_ADBG_BeginSubCase(c, "Query digest size - buffer too small");
4821
4822 mechanism.mechanism = CKM_SHA256;
4823
4824 memset(data, 0xCC, sizeof(data));
4825 memset(digest, 0xCC, sizeof(digest));
4826 digest_size = 0;
4827
4828 memcpy(data, digest_test_patterns[0].data,
4829 digest_test_patterns[0].data_size);
4830 data_size = digest_test_patterns[0].data_size;
4831
4832 rv = C_DigestInit(session, &mechanism);
4833 if (!ADBG_EXPECT_CK_OK(c, rv))
4834 goto out;
4835
4836 rv = C_DigestUpdate(session, data, data_size);
4837 if (!ADBG_EXPECT_CK_OK(c, rv))
4838 goto out;
4839
4840 rv = C_DigestFinal(session, digest, &digest_size);
4841 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
4842 goto out;
4843
4844 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==, 32))
4845 goto out;
4846
4847 rv = C_DigestFinal(session, digest, &digest_size);
4848 if (!ADBG_EXPECT_CK_OK(c, rv))
4849 goto out;
4850
4851 Do_ADBG_EndSubCase(c, NULL);
4852
4853 /* Test bad arguments & operation terminations */
4854
4855 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestUpdate");
4856
4857 mechanism.mechanism = CKM_SHA256;
4858
4859 memset(data, 0xCC, sizeof(data));
4860 memset(digest, 0xCC, sizeof(digest));
4861 digest_size = sizeof(digest);
4862
4863 memcpy(data, digest_test_patterns[0].data,
4864 digest_test_patterns[0].data_size);
4865 data_size = digest_test_patterns[0].data_size;
4866
4867 rv = C_DigestInit(session, &mechanism);
4868 if (!ADBG_EXPECT_CK_OK(c, rv))
4869 goto out;
4870
4871 rv = C_DigestUpdate(session, NULL, 10);
4872 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4873 goto out;
4874
4875 rv = C_DigestUpdate(session, data, data_size);
4876 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4877 goto out;
4878
4879 Do_ADBG_EndSubCase(c, NULL);
4880
4881 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with NULL digest");
4882
4883 mechanism.mechanism = CKM_SHA256;
4884
4885 memset(data, 0xCC, sizeof(data));
4886 memset(digest, 0xCC, sizeof(digest));
4887 digest_size = sizeof(digest);
4888
4889 memcpy(data, digest_test_patterns[0].data,
4890 digest_test_patterns[0].data_size);
4891 data_size = digest_test_patterns[0].data_size;
4892
4893 rv = C_DigestInit(session, &mechanism);
4894 if (!ADBG_EXPECT_CK_OK(c, rv))
4895 goto out;
4896
4897 rv = C_DigestUpdate(session, data, data_size);
4898 if (!ADBG_EXPECT_CK_OK(c, rv))
4899 goto out;
4900
4901 rv = C_DigestFinal(session, NULL, NULL);
4902 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4903 goto out;
4904
4905 rv = C_DigestFinal(session, digest, &digest_size);
4906 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4907 goto out;
4908
4909 Do_ADBG_EndSubCase(c, NULL);
4910
4911 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with digest but NULL size");
4912
4913 mechanism.mechanism = CKM_SHA256;
4914
4915 memset(data, 0xCC, sizeof(data));
4916 memset(digest, 0xCC, sizeof(digest));
4917 digest_size = sizeof(digest);
4918
4919 memcpy(data, digest_test_patterns[0].data,
4920 digest_test_patterns[0].data_size);
4921 data_size = digest_test_patterns[0].data_size;
4922
4923 rv = C_DigestInit(session, &mechanism);
4924 if (!ADBG_EXPECT_CK_OK(c, rv))
4925 goto out;
4926
4927 rv = C_DigestUpdate(session, data, data_size);
4928 if (!ADBG_EXPECT_CK_OK(c, rv))
4929 goto out;
4930
4931 rv = C_DigestFinal(session, digest, NULL);
4932 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4933 goto out;
4934
4935 rv = C_DigestFinal(session, digest, &digest_size);
4936 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4937 goto out;
4938
4939 Do_ADBG_EndSubCase(c, NULL);
4940
4941 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_Digest with NULL data but non-zero size");
4942
4943 mechanism.mechanism = CKM_SHA256;
4944
4945 memset(data, 0xCC, sizeof(data));
4946 memset(digest, 0xCC, sizeof(digest));
4947 digest_size = sizeof(digest);
4948
4949 memcpy(data, digest_test_patterns[0].data,
4950 digest_test_patterns[0].data_size);
4951 data_size = digest_test_patterns[0].data_size;
4952
4953 rv = C_DigestInit(session, &mechanism);
4954 if (!ADBG_EXPECT_CK_OK(c, rv))
4955 goto out;
4956
4957 rv = C_Digest(session, NULL, 10, digest, &digest_size);
4958 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4959 goto out;
4960
4961 rv = C_Digest(session, data, data_size, digest, &digest_size);
4962 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4963 goto out;
4964
4965 Do_ADBG_EndSubCase(c, NULL);
4966
4967 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_Digest with NULL digest");
4968
4969 mechanism.mechanism = CKM_SHA256;
4970
4971 memset(data, 0xCC, sizeof(data));
4972 memset(digest, 0xCC, sizeof(digest));
4973 digest_size = sizeof(digest);
4974
4975 memcpy(data, digest_test_patterns[0].data,
4976 digest_test_patterns[0].data_size);
4977 data_size = digest_test_patterns[0].data_size;
4978
4979 rv = C_DigestInit(session, &mechanism);
4980 if (!ADBG_EXPECT_CK_OK(c, rv))
4981 goto out;
4982
4983 rv = C_Digest(session, data, data_size, NULL, NULL);
4984 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4985 goto out;
4986
4987 rv = C_Digest(session, data, data_size, digest, &digest_size);
4988 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4989 goto out;
4990
4991 Do_ADBG_EndSubCase(c, NULL);
4992
4993 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with digest but NULL size");
4994
4995 mechanism.mechanism = CKM_SHA256;
4996
4997 memset(data, 0xCC, sizeof(data));
4998 memset(digest, 0xCC, sizeof(digest));
4999 digest_size = sizeof(digest);
5000
5001 memcpy(data, digest_test_patterns[0].data,
5002 digest_test_patterns[0].data_size);
5003 data_size = digest_test_patterns[0].data_size;
5004
5005 rv = C_DigestInit(session, &mechanism);
5006 if (!ADBG_EXPECT_CK_OK(c, rv))
5007 goto out;
5008
5009 rv = C_Digest(session, data, data_size, digest, NULL);
5010 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
5011 goto out;
5012
5013 rv = C_Digest(session, data, data_size, digest, &digest_size);
5014 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
5015 goto out;
5016
5017 Do_ADBG_EndSubCase(c, NULL);
5018
5019 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestKey with invalid key handle");
5020
5021 rv = C_CreateObject(session, digest_data_object,
5022 ARRAY_SIZE(digest_data_object), &key_handle);
5023 if (!ADBG_EXPECT_CK_OK(c, rv))
5024 goto out;
5025
5026 mechanism.mechanism = CKM_SHA256;
5027
5028 memset(data, 0xCC, sizeof(data));
5029 memset(digest, 0xCC, sizeof(digest));
5030 digest_size = sizeof(digest);
5031
5032 memcpy(data, digest_test_patterns[0].data,
5033 digest_test_patterns[0].data_size);
5034 data_size = digest_test_patterns[0].data_size;
5035
5036 rv = C_DigestInit(session, &mechanism);
5037 if (!ADBG_EXPECT_CK_OK(c, rv))
5038 goto out;
5039
5040 rv = C_DigestKey(session, 9999);
5041 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_HANDLE_INVALID, rv))
5042 goto out;
5043
5044 rv = C_DigestKey(session, key_handle);
5045 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
5046 goto out;
5047
5048 Do_ADBG_EndSubCase(c, NULL);
5049
5050 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestKey with non-secret key type");
5051
5052 mechanism.mechanism = CKM_SHA256;
5053
5054 memset(data, 0xCC, sizeof(data));
5055 memset(digest, 0xCC, sizeof(digest));
5056 digest_size = sizeof(digest);
5057
5058 memcpy(data, digest_test_patterns[0].data,
5059 digest_test_patterns[0].data_size);
5060 data_size = digest_test_patterns[0].data_size;
5061
5062 rv = C_DigestInit(session, &mechanism);
5063 if (!ADBG_EXPECT_CK_OK(c, rv))
5064 goto out;
5065
5066 rv = C_DigestKey(session, key_handle);
5067 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_INDIGESTIBLE, rv))
5068 goto out;
5069
5070 rv = C_DigestKey(session, key_handle);
5071 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
5072 goto out;
5073
5074 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
5075 key_handle = CK_INVALID_HANDLE;
5076
5077out:
5078#ifdef OPENSSL_FOUND
5079 if (!ADBG_EXPECT_POINTER(c, NULL, mdctx)) {
5080 Do_ADBG_Log("Unexpected failure in openssl functions: %d",
5081 ret);
5082 EVP_MD_CTX_destroy(mdctx);
5083 }
5084#endif
5085
5086 Do_ADBG_EndSubCase(c, NULL);
5087
5088 if (logged_in)
5089 ADBG_EXPECT_CK_OK(c, C_Logout(session));
5090
5091 if (key_handle != CK_INVALID_HANDLE) {
5092 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
5093 key_handle = CK_INVALID_HANDLE;
5094 }
5095
5096 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
5097
5098close_lib:
5099 ADBG_EXPECT_CK_OK(c, close_lib());
5100}
5101ADBG_CASE_DEFINE(pkcs11, 1018, xtest_pkcs11_test_1018,
5102 "PKCS11: Digest tests");
Vesa Jääskeläinena4ab9572021-04-07 12:50:06 +0300[diff] [blame]5103
5104/**
5105 * 0:d=0 hl=2 l= 22 cons: SEQUENCE
5106 * 2:d=1 hl=2 l= 20 cons: SET
5107 * 4:d=2 hl=2 l= 18 cons: SEQUENCE
5108 * 6:d=3 hl=2 l= 3 prim: OBJECT :commonName
5109 * 11:d=3 hl=2 l= 11 prim: UTF8STRING :common name
5110 */
5111static uint8_t subject_common_name[] = {
5112 0x30, 0x16, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
5113 0x0b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x20, 0x6e, 0x61, 0x6d, 0x65
5114};
5115
5116/**
5117 * 0:d=0 hl=2 l= 8 prim: OBJECT :prime256v1
5118 */
5119static uint8_t ecdsa_nist_p256[] = {
5120 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03,
5121 0x01, 0x07
5122};
5123
5124/**
5125 * 0:d=0 hl=2 l= 5 prim: OBJECT :secp384r1
5126 */
5127static uint8_t ecdsa_nist_p384[] = {
5128 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22
5129};
5130
5131/**
5132 * 0:d=0 hl=2 l= 5 prim: OBJECT :secp521r1
5133 */
5134static uint8_t ecdsa_nist_p521[] = {
5135 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23
5136};
5137
5138#define EC_SIGN_TEST(_test_name, _mecha, _data) \
5139 { \
5140 .test_name = _test_name, \
5141 .mecha = _mecha, \
5142 .data = _data, \
5143 .data_size = sizeof(_data) - 1, \
5144 }
5145
5146/* List of elliptic curve signing multi stage digest mechas */
5147static struct {
5148 const char *test_name;
5149 CK_MECHANISM_TYPE mecha;
5150 const void *data;
5151 CK_ULONG data_size;
5152} ec_sign_tests[] = {
5153 EC_SIGN_TEST("CKM_ECDSA_SHA1", CKM_ECDSA_SHA1, digest_test_pattern),
5154 EC_SIGN_TEST("CKM_ECDSA_SHA224", CKM_ECDSA_SHA224, digest_test_pattern),
5155 EC_SIGN_TEST("CKM_ECDSA_SHA256", CKM_ECDSA_SHA256, digest_test_pattern),
5156 EC_SIGN_TEST("CKM_ECDSA_SHA384", CKM_ECDSA_SHA384, digest_test_pattern),
5157 EC_SIGN_TEST("CKM_ECDSA_SHA512", CKM_ECDSA_SHA512, digest_test_pattern),
5158};
5159
5160static int test_ec_operations(ADBG_Case_t *c, CK_SESSION_HANDLE session,
5161 const char *curve_name, uint8_t *curve,
5162 size_t curve_size)
5163{
5164 CK_RV rv = CKR_GENERAL_ERROR;
5165
5166 CK_OBJECT_HANDLE public_key = CK_INVALID_HANDLE;
5167 CK_OBJECT_HANDLE private_key = CK_INVALID_HANDLE;
5168
5169 CK_MECHANISM mechanism = {
5170 CKM_EC_KEY_PAIR_GEN, NULL, 0
5171 };
5172 CK_MECHANISM sign_mechanism = {
5173 CKM_ECDSA, NULL, 0
5174 };
5175 CK_BYTE id[] = { 123 };
5176
5177 CK_ATTRIBUTE public_key_template[] = {
5178 { CKA_ENCRYPT, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5179 { CKA_VERIFY, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5180 { CKA_WRAP, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5181 { CKA_EC_PARAMS, ecdsa_nist_p256, sizeof(ecdsa_nist_p256) }
5182 };
5183
5184 CK_ATTRIBUTE private_key_template[] = {
5185 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5186 { CKA_PRIVATE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5187 { CKA_SUBJECT, subject_common_name,
5188 sizeof(subject_common_name) },
5189 { CKA_ID, id, sizeof(id) },
5190 { CKA_SENSITIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5191 { CKA_DECRYPT, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5192 { CKA_SIGN, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5193 { CKA_UNWRAP, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) }
5194 };
5195
5196 CK_OBJECT_CLASS g_class = 0;
5197 CK_KEY_TYPE g_key_type = 0;
5198 CK_BYTE g_id[32] = { 0 };
5199 CK_DATE g_start_date = { 0 };
5200 CK_DATE g_end_date = { 0 };
5201 CK_BBOOL g_derive = CK_FALSE;
5202 CK_BBOOL g_local = CK_FALSE;
5203 CK_MECHANISM_TYPE g_keygen_mecha = 0;
5204 CK_BYTE g_subject[64] = { 0 };
5205 CK_BBOOL g_encrypt = CK_FALSE;
5206 CK_BBOOL g_verify = CK_FALSE;
5207 CK_BBOOL g_verify_recover = CK_FALSE;
5208 CK_BBOOL g_wrap = CK_FALSE;
5209 CK_BBOOL g_trusted = CK_FALSE;
5210 CK_BYTE g_public_key_info[1024] = { 0 };
5211 CK_BBOOL g_sensitive = CK_FALSE;
5212 CK_BBOOL g_decrypt = CK_FALSE;
5213 CK_BBOOL g_sign = CK_FALSE;
5214 CK_BBOOL g_sign_recover = CK_FALSE;
5215 CK_BBOOL g_unwrap = CK_FALSE;
5216 CK_BBOOL g_extract = CK_FALSE;
5217 CK_BBOOL g_asensitive = CK_FALSE;
5218 CK_BBOOL g_nextract = CK_FALSE;
5219 CK_BBOOL g_wrap_with_trusted = CK_FALSE;
5220 CK_BBOOL g_always_authenticate = CK_FALSE;
5221
5222 CK_ATTRIBUTE get_public_template[] = {
5223 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
5224 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
5225 { CKA_ID, g_id, sizeof(g_id) },
5226 { CKA_START_DATE, &g_start_date, sizeof(CK_DATE) },
5227 { CKA_END_DATE, &g_end_date, sizeof(CK_DATE) },
5228 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
5229 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
5230 { CKA_KEY_GEN_MECHANISM, &g_keygen_mecha, sizeof(CK_MECHANISM_TYPE) },
5231 { CKA_SUBJECT, g_subject, sizeof(g_subject) },
5232 { CKA_ENCRYPT, &g_encrypt, sizeof(CK_BBOOL) },
5233 { CKA_VERIFY, &g_verify, sizeof(CK_BBOOL) },
5234 { CKA_VERIFY_RECOVER, &g_verify_recover, sizeof(CK_BBOOL) },
5235 { CKA_WRAP, &g_wrap, sizeof(CK_BBOOL) },
5236 { CKA_TRUSTED, &g_trusted, sizeof(CK_BBOOL) },
5237 { CKA_PUBLIC_KEY_INFO, g_public_key_info, sizeof(g_public_key_info) },
5238 };
5239
5240 CK_ATTRIBUTE get_private_template[] = {
5241 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
5242 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
5243 { CKA_ID, g_id, sizeof(g_id) },
5244 { CKA_START_DATE, &g_start_date, sizeof(CK_DATE) },
5245 { CKA_END_DATE, &g_end_date, sizeof(CK_DATE) },
5246 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
5247 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
5248 { CKA_KEY_GEN_MECHANISM, &g_keygen_mecha, sizeof(CK_MECHANISM_TYPE) },
5249 { CKA_SUBJECT, g_subject, sizeof(g_subject) },
5250 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
5251 { CKA_DECRYPT, &g_decrypt, sizeof(CK_BBOOL) },
5252 { CKA_SIGN, &g_sign, sizeof(CK_BBOOL) },
5253 { CKA_SIGN_RECOVER, &g_sign_recover, sizeof(CK_BBOOL) },
5254 { CKA_UNWRAP, &g_unwrap, sizeof(CK_BBOOL) },
5255 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
5256 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
5257 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
5258 { CKA_WRAP_WITH_TRUSTED, &g_wrap_with_trusted, sizeof(CK_BBOOL) },
5259 { CKA_ALWAYS_AUTHENTICATE, &g_always_authenticate, sizeof(CK_BBOOL) },
5260 { CKA_PUBLIC_KEY_INFO, g_public_key_info, sizeof(g_public_key_info) },
5261 };
5262
5263 uint8_t signature[512] = { 0 };
5264 CK_ULONG signature_len = 0;
5265
5266 size_t i = 0;
5267
5268 Do_ADBG_BeginSubCase(c, "%s: Generate key pair",
5269 curve_name);
5270
5271 public_key_template[3].pValue = curve;
5272 public_key_template[3].ulValueLen = curve_size;
5273
5274 rv = C_GenerateKeyPair(session, &mechanism, public_key_template,
5275 ARRAY_SIZE(public_key_template),
5276 private_key_template,
5277 ARRAY_SIZE(private_key_template),
5278 &public_key, &private_key);
5279 if (!ADBG_EXPECT_CK_OK(c, rv))
5280 goto err;
5281
5282 /* reset get public key template */
5283 memset(g_id, 0, sizeof(g_id));
5284 memset(g_subject, 0, sizeof(g_subject));
5285 memset(g_public_key_info, 0, sizeof(g_public_key_info));
5286 get_public_template[2].ulValueLen = sizeof(g_id);
5287 get_public_template[8].ulValueLen = sizeof(g_subject);
5288 get_public_template[14].ulValueLen = sizeof(g_public_key_info);
5289
5290 rv = C_GetAttributeValue(session, public_key, get_public_template,
5291 ARRAY_SIZE(get_public_template));
5292 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5293 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_PUBLIC_KEY) ||
5294 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_EC) ||
5295 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
5296 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
5297 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_keygen_mecha, ==,
5298 CKM_EC_KEY_PAIR_GEN) ||
5299 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_FALSE) ||
5300 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_TRUE) ||
5301 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify_recover, ==, CK_FALSE) ||
5302 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_FALSE) ||
5303 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_trusted, ==, CK_FALSE))
5304 goto err_destr_obj;
5305
5306 /* reset get private key template */
5307 memset(g_id, 0, sizeof(g_id));
5308 memset(g_subject, 0, sizeof(g_subject));
5309 memset(g_public_key_info, 0, sizeof(g_public_key_info));
5310 get_private_template[2].ulValueLen = sizeof(g_id);
5311 get_private_template[8].ulValueLen = sizeof(g_subject);
5312 get_private_template[19].ulValueLen = sizeof(g_public_key_info);
5313
5314 rv = C_GetAttributeValue(session, private_key, get_private_template,
5315 ARRAY_SIZE(get_private_template));
5316 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5317 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_PRIVATE_KEY) ||
5318 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_EC) ||
5319 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
5320 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
5321 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_keygen_mecha, ==,
5322 CKM_EC_KEY_PAIR_GEN) ||
5323 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
5324 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_FALSE) ||
5325 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_TRUE) ||
5326 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign_recover, ==, CK_FALSE) ||
5327 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_FALSE) ||
5328 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
5329 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_TRUE) ||
5330 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE) ||
5331 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap_with_trusted, ==, CK_FALSE) ||
5332 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_always_authenticate, ==, CK_FALSE))
5333 goto err_destr_obj;
5334
5335 Do_ADBG_EndSubCase(c, NULL);
5336
5337 Do_ADBG_BeginSubCase(c,
5338 "%s: Sign & verify tests - oneshot - CKM_ECDSA",
5339 curve_name);
5340
5341 sign_mechanism.mechanism = CKM_ECDSA;
5342 memset(signature, 0, sizeof(signature));
5343 signature_len = sizeof(signature);
5344
5345 rv = C_SignInit(session, &sign_mechanism, private_key);
5346 if (!ADBG_EXPECT_CK_OK(c, rv))
5347 goto err_destr_obj;
5348
5349 rv = C_Sign(session, (void *)digest_test_pattern_sha256,
5350 sizeof(digest_test_pattern_sha256), (void *)signature,
5351 &signature_len);
5352 if (!ADBG_EXPECT_CK_OK(c, rv))
5353 goto err_destr_obj;
5354
5355 rv = C_VerifyInit(session, &sign_mechanism, public_key);
5356 if (!ADBG_EXPECT_CK_OK(c, rv))
5357 goto err_destr_obj;
5358
5359 rv = C_Verify(session, (void *)digest_test_pattern_sha256,
5360 sizeof(digest_test_pattern_sha256), (void *)signature,
5361 signature_len);
5362 if (!ADBG_EXPECT_CK_OK(c, rv))
5363 goto err_destr_obj;
5364
5365 Do_ADBG_EndSubCase(c, NULL);
5366
5367 for (i = 0; i < ARRAY_SIZE(ec_sign_tests); i++) {
5368 Do_ADBG_BeginSubCase(c, "%s: Sign & verify - oneshot - %s",
5369 curve_name, ec_sign_tests[i].test_name);
5370
5371 sign_mechanism.mechanism = ec_sign_tests[i].mecha;
5372 memset(signature, 0, sizeof(signature));
5373 signature_len = sizeof(signature);
5374
5375 rv = C_SignInit(session, &sign_mechanism, private_key);
5376 if (!ADBG_EXPECT_CK_OK(c, rv))
5377 goto err_destr_obj;
5378
5379 rv = C_Sign(session, (void *)ec_sign_tests[i].data,
5380 ec_sign_tests[i].data_size,
5381 (void *)signature, &signature_len);
5382 if (!ADBG_EXPECT_CK_OK(c, rv))
5383 goto err_destr_obj;
5384
5385 rv = C_VerifyInit(session, &sign_mechanism, public_key);
5386 if (!ADBG_EXPECT_CK_OK(c, rv))
5387 goto err_destr_obj;
5388
5389 rv = C_Verify(session, (void *)ec_sign_tests[i].data,
5390 ec_sign_tests[i].data_size,
5391 (void *)signature, signature_len);
5392 if (!ADBG_EXPECT_CK_OK(c, rv))
5393 goto err_destr_obj;
5394
5395 Do_ADBG_EndSubCase(c, NULL);
5396 }
5397
5398 Do_ADBG_BeginSubCase(c, "%s: Destroy keys", curve_name);
5399
5400 rv = C_DestroyObject(session, private_key);
5401 if (!ADBG_EXPECT_CK_OK(c, rv))
5402 goto err_destr_obj;
5403
5404 rv = C_DestroyObject(session, public_key);
5405 if (!ADBG_EXPECT_CK_OK(c, rv))
5406 goto err;
5407
5408 Do_ADBG_EndSubCase(c, NULL);
5409
5410 return 1;
5411
5412err_destr_obj:
5413 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, private_key));
5414 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, public_key));
5415err:
5416 Do_ADBG_EndSubCase(c, NULL);
5417
5418 return 0;
5419}
5420
5421static void xtest_pkcs11_test_1019(ADBG_Case_t *c)
5422{
5423 CK_RV rv = CKR_GENERAL_ERROR;
5424 CK_SLOT_ID slot = 0;
5425 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
5426 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
5427 int ret = 0;
5428
5429 rv = init_lib_and_find_token_slot(&slot);
5430 if (!ADBG_EXPECT_CK_OK(c, rv))
5431 return;
5432
5433 rv = init_test_token(slot);
5434 if (!ADBG_EXPECT_CK_OK(c, rv))
5435 goto close_lib;
5436
5437 rv = init_user_test_token(slot);
5438 if (!ADBG_EXPECT_CK_OK(c, rv))
5439 goto close_lib;
5440
5441 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
5442 if (!ADBG_EXPECT_CK_OK(c, rv))
5443 goto close_lib;
5444
5445 /* Login to Test Token */
5446 rv = C_Login(session, CKU_USER, test_token_user_pin,
5447 sizeof(test_token_user_pin));
5448 if (!ADBG_EXPECT_CK_OK(c, rv))
5449 goto out;
5450
5451 ret = test_ec_operations(c, session, "P-256", ecdsa_nist_p256,
5452 sizeof(ecdsa_nist_p256));
5453 if (!ret)
5454 goto out;
5455 ret = test_ec_operations(c, session, "P-384", ecdsa_nist_p384,
5456 sizeof(ecdsa_nist_p384));
5457 if (!ret)
5458 goto out;
5459
5460 if (level > 0) {
5461 ret = test_ec_operations(c, session, "P-521", ecdsa_nist_p521,
5462 sizeof(ecdsa_nist_p521));
5463 if (!ret)
5464 goto out;
5465 }
5466out:
5467 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
5468close_lib:
5469 ADBG_EXPECT_CK_OK(c, close_lib());
5470}
5471ADBG_CASE_DEFINE(pkcs11, 1019, xtest_pkcs11_test_1019,
5472 "PKCS11: Elliptic Curve key generation and signing");
Ruchika Guptaf2eb88a2021-03-22 19:38:11 +0530[diff] [blame]5473
5474#define WRAPPED_TEST_KEY_SIZE 48
5475
5476static void xtest_pkcs11_test_1020(ADBG_Case_t *c)
5477{
5478 CK_RV rv = CKR_GENERAL_ERROR;
5479 CK_SLOT_ID slot = 0;
5480 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
5481 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
5482 CK_OBJECT_HANDLE wrapping_key1 = CK_INVALID_HANDLE;
5483 CK_OBJECT_HANDLE wrapping_key2 = CK_INVALID_HANDLE;
5484 CK_OBJECT_HANDLE wrapping_key_inv = CK_INVALID_HANDLE;
5485 CK_OBJECT_HANDLE key = CK_INVALID_HANDLE;
5486 CK_OBJECT_HANDLE key_sz24 = CK_INVALID_HANDLE;
5487 CK_OBJECT_HANDLE key_sens = CK_INVALID_HANDLE;
5488 CK_OBJECT_HANDLE key_inv = CK_INVALID_HANDLE;
5489 CK_OBJECT_HANDLE unwrapped_key = CK_INVALID_HANDLE;
5490 CK_ATTRIBUTE set_w_unw_template[] = {
5491 { CKA_WRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5492 { CKA_UNWRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5493 };
5494 CK_ATTRIBUTE set_wwt_template[] = {
5495 { CKA_WRAP_WITH_TRUSTED, &(CK_BBOOL){ CK_TRUE },
5496 sizeof(CK_BBOOL) },
5497 };
5498 CK_ATTRIBUTE set_trusted_template[] = {
5499 { CKA_TRUSTED, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5500 };
5501 CK_ATTRIBUTE wrap_template[] = {
5502 { CKA_SENSITIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5503 };
5504 CK_ATTRIBUTE unwrap_template[] = {
5505 { CKA_SENSITIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5506 };
5507 CK_ATTRIBUTE wrapping_key_template[] = {
5508 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5509 { CKA_WRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5510 { CKA_UNWRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5511 { CKA_SENSITIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5512 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5513 };
5514 CK_ATTRIBUTE wrapping_key_temp_w_indirect[] = {
5515 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5516 { CKA_WRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5517 { CKA_UNWRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5518 { CKA_WRAP_TEMPLATE, &wrap_template, sizeof(wrap_template) },
5519 { CKA_UNWRAP_TEMPLATE, &unwrap_template,
5520 sizeof(unwrap_template) },
5521 };
5522 CK_ATTRIBUTE unwrap_template2[] = {
5523 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
5524 sizeof(CK_OBJECT_CLASS) },
5525 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_AES }, sizeof(CK_KEY_TYPE) },
5526 { CKA_TOKEN, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5527 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5528 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5529 };
5530 CK_ATTRIBUTE wrapping_key_temp_w_indirect2[] = {
5531 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5532 { CKA_WRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5533 { CKA_UNWRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5534 { CKA_UNWRAP_TEMPLATE, &unwrap_template2,
5535 sizeof(unwrap_template2) },
5536 };
5537 CK_ATTRIBUTE wrapping_key_template_inv1[] = {
5538 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5539 { CKA_WRAP, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5540 };
5541 CK_ATTRIBUTE key_template[] = {
5542 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5543 { CKA_ENCRYPT, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5544 { CKA_DECRYPT, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5545 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5546 };
5547 CK_ATTRIBUTE key_template_sens[] = {
5548 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5549 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5550 { CKA_SENSITIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5551 };
5552 CK_ATTRIBUTE key_template_inv1[] = {
5553 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5554 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5555 };
5556 CK_ATTRIBUTE key_sz24_template[] = {
5557 { CKA_VALUE_LEN, &(CK_ULONG){ 24 }, sizeof(CK_ULONG) },
5558 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5559 };
5560 CK_ATTRIBUTE new_key_template[] = {
5561 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
5562 sizeof(CK_OBJECT_CLASS) },
5563 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_GENERIC_SECRET },
5564 sizeof(CK_KEY_TYPE) },
5565 { CKA_ENCRYPT, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5566 { CKA_DECRYPT, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5567 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5568 { CKA_SENSITIVE, &(CK_BBOOL){ CK_FALSE}, sizeof(CK_BBOOL) },
5569 };
5570 CK_ATTRIBUTE new_key_template_sens[] = {
5571 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
5572 sizeof(CK_OBJECT_CLASS) },
5573 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_AES }, sizeof(CK_KEY_TYPE) },
5574 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5575 { CKA_SENSITIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5576 };
5577 CK_ATTRIBUTE new_key_template2[] = {
5578 { CKA_DERIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5579 };
5580 CK_ATTRIBUTE new_key_template3[] = {
5581 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5582 { CKA_PRIVATE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5583 };
5584 CK_ATTRIBUTE new_key_template4[] = {
5585 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
5586 sizeof(CK_OBJECT_CLASS) },
5587 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_GENERIC_SECRET },
5588 sizeof(CK_KEY_TYPE) },
5589 { CKA_PRIVATE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5590 };
5591 CK_BBOOL g_extract = CK_FALSE;
5592 CK_BBOOL g_sensitive = CK_TRUE;
5593 CK_BBOOL g_nextract = CK_TRUE;
5594 CK_BBOOL g_asensitive = CK_TRUE;
5595 CK_BBOOL g_local = CK_TRUE;
5596 CK_BBOOL g_token = CK_FALSE;
5597 CK_BBOOL g_derive = CK_FALSE;
5598 CK_OBJECT_CLASS g_class = CKO_VENDOR_DEFINED;
5599 CK_KEY_TYPE g_key_type = CKK_VENDOR_DEFINED;
5600 uint8_t g_val[WRAPPED_TEST_KEY_SIZE] = { 0 };
5601 CK_ULONG key_len = 0;
5602 uint8_t g_unwrapped_val[WRAPPED_TEST_KEY_SIZE] = { 0 };
5603 CK_ULONG unwrapped_key_len = 0;
5604 /* Keep last attribute as CKA_VALUE */
5605 CK_ATTRIBUTE get_template_unwrapped[] = {
5606 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
5607 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
5608 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
5609 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
5610 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
5611 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
5612 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
5613 { CKA_TOKEN, &g_token, sizeof(CK_BBOOL) },
5614 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
5615 { CKA_VALUE_LEN, &unwrapped_key_len,
5616 sizeof(unwrapped_key_len) },
5617 { CKA_VALUE, g_unwrapped_val, sizeof(g_unwrapped_val) },
5618 };
5619 CK_ATTRIBUTE get_template[] = {
5620 { CKA_VALUE_LEN, &key_len, sizeof(key_len) },
5621 { CKA_VALUE, g_val, sizeof(g_val) },
5622 };
5623 uint8_t buf[WRAPPED_TEST_KEY_SIZE] = { 0 };
5624 CK_ULONG size = 0;
5625
5626 rv = init_lib_and_find_token_slot(&slot);
5627 if (!ADBG_EXPECT_CK_OK(c, rv))
5628 return;
5629
5630 rv = init_test_token(slot);
5631 if (!ADBG_EXPECT_CK_OK(c, rv))
5632 goto close_lib;
5633
5634 rv = init_user_test_token(slot);
5635 if (!ADBG_EXPECT_CK_OK(c, rv))
5636 goto close_lib;
5637
5638 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
5639 if (!ADBG_EXPECT_CK_OK(c, rv))
5640 goto close_lib;
5641
5642 /* Wrapping Key - AES Key */
5643 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5644 wrapping_key_template,
5645 ARRAY_SIZE(wrapping_key_template), &wrapping_key1);
5646 if (!ADBG_EXPECT_CK_OK(c, rv))
5647 goto close_session;
5648
5649 /* Key to be wrapped - AES key */
5650 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5651 key_template, ARRAY_SIZE(key_template),
5652 &key);
5653 if (!ADBG_EXPECT_CK_OK(c, rv))
5654 goto close_session;
5655
5656 Do_ADBG_BeginSubCase(c, "Test key wrap with AES ECB");
5657
5658 /*
5659 * Test NULL buffer and NULL out_size to verify bad argument processing
5660 */
5661 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
5662 NULL, NULL);
5663 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
5664 goto out;
5665
5666 /*
5667 * Test NULL buffer case with size as 0 to get the out_size
5668 */
5669 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
5670 NULL, &size);
5671 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5672 !ADBG_EXPECT_COMPARE_UNSIGNED(c, size, <=, sizeof(buf)))
5673 goto out;
5674
5675 /*
5676 * Test NULL buffer case with size non zero size to get the out_size
5677 */
5678 size = 1;
5679 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
5680 NULL, &size);
5681 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5682 !ADBG_EXPECT_COMPARE_UNSIGNED(c, size, <=, sizeof(buf)))
5683 goto out;
5684
5685 /* Test short buffer */
5686 size = 12;
5687 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
5688 buf, &size);
5689 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv) ||
5690 !ADBG_EXPECT_COMPARE_UNSIGNED(c, size, <=, sizeof(buf)))
5691 goto out;
5692
5693 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
5694 buf, &size);
5695 if (!ADBG_EXPECT_CK_OK(c, rv))
5696 goto out;
5697
5698 /*
5699 * Get the size of the original key which was wrapped in key_len.
5700 * This will be compared to the length of the key after unwrapping.
5701 */
5702 rv = C_GetAttributeValue(session, key, get_template,
5703 ARRAY_SIZE(get_template));
5704 if (!ADBG_EXPECT_CK_OK(c, rv))
5705 goto out;
5706
5707 Do_ADBG_EndSubCase(c, NULL);
5708
5709 Do_ADBG_BeginSubCase(c, "Test key unwrap with AES ECB");
5710
5711 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, buf,
5712 size, new_key_template, ARRAY_SIZE(new_key_template),
5713 &unwrapped_key);
5714 if (!ADBG_EXPECT_CK_OK(c, rv))
5715 goto out;
5716
5717 /*
5718 * The key created after unwrapping should have CKA_LOCAL = FALSE,
5719 * CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE as FALSE.
5720 * Default value of CKA_EXTRACTABLE if not specified in the template
5721 * is TRUE. We have deliberately set CKA_SENSITIVE to false for
5722 * both original key and unwrapped_key. This is done to be able to
5723 * extract the value of keys and compare them. This is done mainly
5724 * for testing. In actual examples, we expect CKA_SENSITIVE of keys
5725 * to be wrapped to be TRUE.
5726 */
5727 rv = C_GetAttributeValue(session, unwrapped_key, get_template_unwrapped,
5728 ARRAY_SIZE(get_template_unwrapped));
5729 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5730 !ADBG_EXPECT_BUFFER(c, g_unwrapped_val, unwrapped_key_len, g_val,
5731 key_len) ||
5732 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
5733 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==,
5734 CKK_GENERIC_SECRET) ||
5735 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
5736 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
5737 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
5738 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
5739 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
5740 goto out;
5741
5742 rv = C_DestroyObject(session, unwrapped_key);
5743 if (!ADBG_EXPECT_CK_OK(c, rv))
5744 goto out;
5745
5746 Do_ADBG_EndSubCase(c, NULL);
5747
5748 Do_ADBG_BeginSubCase(c, "Invalid UnWrap cases");
5749
5750 /* Failure when unwrapping as a private session key */
5751 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, buf,
5752 size, new_key_template4, ARRAY_SIZE(new_key_template4),
5753 &unwrapped_key);
5754 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
5755 goto out;
5756
5757 /* Provide incomplete template */
5758 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, buf,
5759 size, new_key_template2, ARRAY_SIZE(new_key_template2),
5760 &unwrapped_key);
5761
5762 /*
5763 * The error code can also be CKR_TEMPLATE_INCOMPLETE. The
5764 * current implementation returns CKR_TEMPLATE_INCONSISTENT
5765 */
5766 if (!ADBG_EXPECT_TRUE(c, rv == CKR_TEMPLATE_INCOMPLETE ||
5767 rv == CKR_TEMPLATE_INCONSISTENT))
5768 goto out;
5769
5770 /* Try unwrapping with a key without CKA_UNWRAP */
5771 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, key, buf, size,
5772 new_key_template, ARRAY_SIZE(new_key_template),
5773 &unwrapped_key);
5774 if (!ADBG_EXPECT_CK_RESULT(c, CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, rv))
5775 goto out;
5776
5777 Do_ADBG_EndSubCase(c, NULL);
5778
5779 Do_ADBG_BeginSubCase(c, "Invalid Wrap cases");
5780
5781 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5782 wrapping_key_template_inv1,
5783 ARRAY_SIZE(wrapping_key_template_inv1),
5784 &wrapping_key_inv);
5785 if (!ADBG_EXPECT_CK_OK(c, rv))
5786 goto out;
5787
5788 /* Wrapping key used without CKA_WRAP set */
5789 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key_inv,
5790 key, buf, &size);
5791 if (!ADBG_EXPECT_CK_RESULT(c, CKR_WRAPPING_KEY_TYPE_INCONSISTENT, rv))
5792 goto out;
5793
5794 rv = C_DestroyObject(session, wrapping_key_inv);
5795 ADBG_EXPECT_CK_OK(c, rv);
5796
5797 /* Use invalid wrapping key handle */
5798 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key_inv,
5799 key, buf, &size);
5800 if (!ADBG_EXPECT_CK_RESULT(c, CKR_WRAPPING_KEY_HANDLE_INVALID, rv))
5801 goto out;
5802
5803 /* CKA_EXTRACTABLE attribute of the key to be wrapped is CKA_FALSE */
5804 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5805 key_template_inv1, ARRAY_SIZE(key_template_inv1),
5806 &key_inv);
5807 if (!ADBG_EXPECT_CK_OK(c, rv))
5808 goto out;
5809
5810 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1,
5811 key_inv, buf, &size);
5812 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_UNEXTRACTABLE, rv))
5813 goto out;
5814
5815 rv = C_DestroyObject(session, key_inv);
5816 ADBG_EXPECT_CK_OK(c, rv);
5817
5818 /* Use invalid key handle */
5819 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1,
5820 key_inv, buf, &size);
5821 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_HANDLE_INVALID, rv))
5822 goto out;
5823
5824 /* Try wrapping the wrapping key */
5825 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1,
5826 wrapping_key1, buf, &size);
5827 if (!ADBG_EXPECT_CK_RESULT(c, CKR_WRAPPING_KEY_HANDLE_INVALID, rv))
5828 goto out;
5829
5830 /* Use invalid mechanism */
5831 rv = C_WrapKey(session, &cktest_hmac_md5_mechanism, wrapping_key1, key,
5832 buf, &size);
5833 if (!ADBG_EXPECT_CK_RESULT(c, CKR_MECHANISM_INVALID, rv))
5834 goto out;
5835
5836 /* Try wrapping when an operation is already active */
5837 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key);
5838 if (!ADBG_EXPECT_CK_OK(c, rv))
5839 goto out;
5840
5841 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
5842 buf, &size);
5843 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_ACTIVE, rv))
5844 goto out;
5845
5846 rv = C_EncryptFinal(session, NULL, NULL);
5847 /* Only check that the operation is no more active */
5848 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
5849 goto out;
5850
5851 /*
5852 * Try wrapping using CKK_GENERIC_SECRET when mechanism used is
5853 * AES_ECB. Generate a secret key object in rw session.
5854 */
5855 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
5856 cktest_generate_gensecret_object_valid1,
5857 ARRAY_SIZE(cktest_generate_gensecret_object_valid1),
5858 &key_inv);
5859 if (!ADBG_EXPECT_CK_OK(c, rv))
5860 goto out;
5861
5862 /* Make the Generic secret key wrapping/unwrapping key */
5863 rv = C_SetAttributeValue(session, key_inv, set_w_unw_template,
5864 ARRAY_SIZE(set_w_unw_template));
5865 if (!ADBG_EXPECT_CK_OK(c, rv))
5866 goto out;
5867
5868 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, key_inv, key, buf,
5869 &size);
5870 if (!ADBG_EXPECT_CK_RESULT(c, CKR_WRAPPING_KEY_TYPE_INCONSISTENT, rv))
5871 goto out;
5872
5873 rv = C_DestroyObject(session, key_inv);
5874 ADBG_EXPECT_CK_OK(c, rv);
5875
5876 Do_ADBG_EndSubCase(c, NULL);
5877
5878 Do_ADBG_BeginSubCase(c, "Wrap with different length key");
5879
5880 /* Generate Key of size 192 bits */
5881 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5882 key_sz24_template, ARRAY_SIZE(key_sz24_template),
5883 &key_sz24);
5884 if (!ADBG_EXPECT_CK_OK(c, rv))
5885 goto out;
5886
5887 size = 0;
5888 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1,
5889 key_sz24, buf, &size);
5890 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv) ||
5891 !ADBG_EXPECT_COMPARE_UNSIGNED(c, size, ==, 32))
5892 goto out;
5893
5894 size = 24;
5895 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1,
5896 key_sz24, buf, &size);
5897 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv) ||
5898 !ADBG_EXPECT_COMPARE_UNSIGNED(c, size, ==, 32))
5899 goto out;
5900
5901 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1,
5902 key_sz24, buf, &size);
5903 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5904 !ADBG_EXPECT_COMPARE_UNSIGNED(c, size, ==, 32))
5905 goto out;
5906
5907 Do_ADBG_EndSubCase(c, NULL);
5908
5909 Do_ADBG_BeginSubCase(c, "Test Wrap/Unwrap with indirect template");
5910
5911 /* Wrapping Key with indirect templates - AES Key */
5912 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5913 wrapping_key_temp_w_indirect,
5914 ARRAY_SIZE(wrapping_key_temp_w_indirect),
5915 &wrapping_key2);
5916 if (!ADBG_EXPECT_CK_OK(c, rv))
5917 goto out;
5918
5919 /*
5920 * Attribute mismatch with CKA_WRAP_TEMPLATE.
5921 * Error expected when wrapping a key whose template doesn't match with
5922 * the CKA_WRAP_TEMPLATE in the wrapping_key. In this example, the
5923 * CKA_WRAP_TEMPLATE expects CKA_SENSITIVE of the key to be wrapped to
5924 * be TRUE which is not the case here.
5925 */
5926 size = sizeof(buf);
5927 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2, key,
5928 buf, &size);
5929 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_HANDLE_INVALID, rv))
5930 goto out;
5931
5932 /* Generate SENSITIVE Key */
5933 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5934 key_template_sens, ARRAY_SIZE(key_template_sens),
5935 &key_sens);
5936 if (!ADBG_EXPECT_CK_OK(c, rv))
5937 goto out;
5938
5939 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2,
5940 key_sens, buf, &size);
5941 if (!ADBG_EXPECT_CK_OK(c, rv))
5942 goto out;
5943
5944 /*
5945 * Unwrap to create key with SENSITIVE set as FALSE.
5946 * This should fail as indirect attribute CKA_UNWRAP_TEMPLATE restricts
5947 * creation of key with CKA_SENSITIVE as FALSE.
5948 */
5949 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2, buf,
5950 size, new_key_template, ARRAY_SIZE(new_key_template),
5951 &unwrapped_key);
5952 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
5953 goto out;
5954
5955 /* Unwrap a wrapped sensitive key to create a SENSITIVE key */
5956 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2, buf,
5957 size, new_key_template_sens,
5958 ARRAY_SIZE(new_key_template_sens), &unwrapped_key);
5959 if (!ADBG_EXPECT_CK_OK(c, rv))
5960 goto out;
5961
5962 /*
5963 * Get the attributes of created. Skip last attribute in
5964 * get_template_wrapped as that is CKA_VALUE which would give an
5965 * error for a sensitive key
5966 */
5967 rv = C_GetAttributeValue(session, unwrapped_key, get_template_unwrapped,
5968 ARRAY_SIZE(get_template_unwrapped) - 1);
5969 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5970 !ADBG_EXPECT_COMPARE_UNSIGNED(c, unwrapped_key_len, ==, key_len) ||
5971 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
5972 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
5973 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
5974 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
5975 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
5976 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
5977 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
5978 goto out;
5979
5980 if (!ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, unwrapped_key)) ||
5981 !ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, wrapping_key2)) ||
5982 !ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_sens)))
5983 goto out;
5984
5985 /* Create wrapping key with indirect template specifying class & key */
5986 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5987 wrapping_key_temp_w_indirect2,
5988 ARRAY_SIZE(wrapping_key_temp_w_indirect2),
5989 &wrapping_key2);
5990 if (!ADBG_EXPECT_CK_OK(c, rv))
5991 goto out;
5992
5993 size = sizeof(buf);
5994 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2, key,
5995 buf, &size);
5996 if (!ADBG_EXPECT_CK_OK(c, rv))
5997 goto out;
5998
5999 /* Use minimal new key template just specifying attribute of key */
6000 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2, buf,
6001 size, new_key_template2, ARRAY_SIZE(new_key_template2),
6002 &unwrapped_key);
6003 if (!ADBG_EXPECT_CK_OK(c, rv))
6004 goto out;
6005
6006 rv = C_GetAttributeValue(session, unwrapped_key, get_template_unwrapped,
6007 ARRAY_SIZE(get_template_unwrapped) - 1);
6008
6009 /* Destroy created token object */
6010 if (!ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, unwrapped_key)))
6011 goto out;
6012
6013 if (!ADBG_EXPECT_CK_OK(c, rv) ||
6014 !ADBG_EXPECT_COMPARE_UNSIGNED(c, unwrapped_key_len, ==, key_len) ||
6015 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
6016 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
6017 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
6018 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_TRUE) ||
6019 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_TRUE) ||
6020 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
6021 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
6022 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
6023 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
6024 goto out;
6025
6026 /*
6027 * Unwrap with NULL template when CKA_UNWRAP_TEMPLATE has all
6028 * attributes to generate a key
6029 */
6030 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2, buf,
6031 size, NULL, 0, &unwrapped_key);
6032 if (!ADBG_EXPECT_CK_OK(c, rv))
6033 goto out;
6034
6035 rv = C_GetAttributeValue(session, unwrapped_key, get_template_unwrapped,
6036 ARRAY_SIZE(get_template_unwrapped) - 1);
6037
6038 /* Destroy created token object */
6039 if (!ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, unwrapped_key)))
6040 goto out;
6041
6042 if (!ADBG_EXPECT_CK_OK(c, rv) ||
6043 !ADBG_EXPECT_COMPARE_UNSIGNED(c, unwrapped_key_len, ==, key_len) ||
6044 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
6045 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
6046 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
6047 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_TRUE) ||
6048 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
6049 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
6050 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
6051 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
6052 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE)) {
6053 goto out;
6054 }
6055
6056 /* Unwrap and try create a Private token object */
6057 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2, buf,
6058 size, new_key_template3, ARRAY_SIZE(new_key_template3),
6059 &unwrapped_key);
6060 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
6061 goto out;
6062
6063 Do_ADBG_EndSubCase(c, NULL);
6064
6065 Do_ADBG_BeginSubCase(c, "Test usage of CKA_WRAP_WITH_TRUSTED");
6066
6067 /* Set Attribute WRAP_WITH_TRUSTED on the key */
6068 rv = C_SetAttributeValue(session, key, set_wwt_template,
6069 ARRAY_SIZE(set_wwt_template));
6070 if (!ADBG_EXPECT_CK_OK(c, rv))
6071 goto out;
6072
6073 /*
6074 * Try wrapping the key with attribute CKA_WRAP_WITH_TRUSTED with
6075 * normal wrapping key
6076 */
6077 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
6078 buf, &size);
6079 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_NOT_WRAPPABLE, rv))
6080 goto out;
6081
6082 /* Login as SO in RW session */
6083 rv = C_Login(session, CKU_SO, test_token_so_pin,
6084 sizeof(test_token_so_pin));
6085 if (!ADBG_EXPECT_CK_OK(c, rv))
6086 goto out;
6087
6088 rv = C_SetAttributeValue(session, wrapping_key1, set_trusted_template,
6089 ARRAY_SIZE(set_trusted_template));
6090 if (!ADBG_EXPECT_CK_OK(c, rv) ||
6091 !ADBG_EXPECT_CK_OK(c, C_Logout(session)))
6092 goto out;
6093
6094 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
6095 buf, &size);
6096 if (!ADBG_EXPECT_CK_OK(c, rv))
6097 goto out;
6098
6099out:
6100 Do_ADBG_EndSubCase(c, NULL);
6101close_session:
6102 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
6103
6104close_lib:
6105 ADBG_EXPECT_CK_OK(c, close_lib());
6106}
6107ADBG_CASE_DEFINE(pkcs11, 1020, xtest_pkcs11_test_1020,
6108 "PKCS11: AES Key Wrap/UnWrap tests");