TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / a2fe417b118bdb6e593497dfbb82169bdda1b041 / . / host / xtest / pkcs11_1000.c
blob: 231939f1892dc1f1e9565eb9baf59b8ead8f9707 [file] [log] [blame]
Etienne Carriere9b7b70d2020-05-16 10:27:23 +0200[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]2/*
3 * Copyright (c) 2018, Linaro Limited
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]4 */
5
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]6#include <ck_debug.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]7#include <inttypes.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]8#include <pkcs11.h>
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]9#include <stdio.h>
10#include <stdlib.h>
11#include <string.h>
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]12#include <util.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]13
14#include "xtest_test.h"
15#include "xtest_helpers.h"
16
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]17#include <regression_4000_data.h>
18
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]19/*
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]20 * Some PKCS#11 object resources used in the tests
21 */
22static const CK_BYTE cktest_aes128_key[16];
23
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]24static const CK_BYTE cktest_aes128_iv[16];
25
26static const CK_AES_CTR_PARAMS cktest_aes_ctr_params = {
27 .ulCounterBits = 1,
28};
29
30static CK_MECHANISM cktest_aes_ecb_mechanism = {
31 CKM_AES_ECB,
32 NULL, 0,
33};
34static CK_MECHANISM cktest_aes_cbc_mechanism = {
35 CKM_AES_CBC,
36 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
37};
38static CK_MECHANISM cktest_aes_ctr_mechanism = {
39 CKM_AES_CTR,
40 (CK_BYTE_PTR)&cktest_aes_ctr_params, sizeof(cktest_aes_ctr_params),
41};
42static CK_MECHANISM cktest_aes_cts_mechanism = {
43 CKM_AES_CTS,
44 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
45};
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]46static CK_MECHANISM cktest_hmac_md5_mechanism = {
47 CKM_MD5_HMAC, NULL, 0,
48};
49static CK_MECHANISM cktest_hmac_sha1_mechanism = {
50 CKM_SHA_1_HMAC, NULL, 0,
51};
52static CK_MECHANISM cktest_hmac_sha224_mechanism = {
53 CKM_SHA224_HMAC, NULL, 0,
54};
55static CK_MECHANISM cktest_hmac_sha256_mechanism = {
56 CKM_SHA256_HMAC, NULL, 0,
57};
58static CK_MECHANISM cktest_hmac_sha384_mechanism = {
59 CKM_SHA384_HMAC, NULL, 0,
60};
61static CK_MECHANISM cktest_hmac_sha512_mechanism = {
62 CKM_SHA512_HMAC, NULL, 0,
63};
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]64
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]65/*
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]66 * Util to find a slot on which to open a session
67 */
68static CK_RV close_lib(void)
69{
70 return C_Finalize(0);
71}
72
73static CK_RV init_lib_and_find_token_slot(CK_SLOT_ID *slot)
74{
75 CK_RV rv = CKR_GENERAL_ERROR;
76 CK_SLOT_ID_PTR slots = NULL;
77 CK_ULONG count = 0;
78
79 rv = C_Initialize(0);
80 if (rv)
81 return rv;
82
83 rv = C_GetSlotList(CK_TRUE, NULL, &count);
84 if (rv != CKR_OK)
85 goto bail;
86
87 if (count < 1) {
88 rv = CKR_GENERAL_ERROR;
89 goto bail;
90 }
91
92 slots = malloc(count * sizeof(CK_SLOT_ID));
93 if (!slots) {
94 rv = CKR_HOST_MEMORY;
95 goto bail;
96 }
97
98 rv = C_GetSlotList(CK_TRUE, slots, &count);
99 if (rv)
100 goto bail;
101
102 /* Use the last slot */
103 *slot = slots[count - 1];
104
105bail:
106 free(slots);
107 if (rv)
108 close_lib();
109
110 return rv;
111}
112
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]113static void xtest_pkcs11_test_1000(ADBG_Case_t *c)
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]114{
115 CK_RV rv;
116
117 rv = C_Initialize(NULL);
118 if (!ADBG_EXPECT_CK_OK(c, rv))
119 return;
120
121 rv = C_Finalize(NULL);
122 if (!ADBG_EXPECT_CK_OK(c, rv))
123 return;
124
125 rv = C_Initialize(NULL);
126 if (!ADBG_EXPECT_CK_OK(c, rv))
127 return;
128
129 rv = C_Initialize(NULL);
130 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_ALREADY_INITIALIZED, rv);
131
132 rv = C_Finalize(NULL);
133 ADBG_EXPECT_CK_OK(c, rv);
Etienne Carriere21f4e3c2020-02-05 15:40:24 +0100[diff] [blame]134
135 rv = C_Finalize(NULL);
136 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_NOT_INITIALIZED, rv);
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]137}
138
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]139ADBG_CASE_DEFINE(pkcs11, 1000, xtest_pkcs11_test_1000,
140 "Initialize and close Cryptoki library");
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]141
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]142static void xtest_pkcs11_test_1001(ADBG_Case_t *c)
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]143{
144 CK_RV rv = CKR_GENERAL_ERROR;
145 CK_SLOT_ID_PTR slot_ids = NULL;
146 CK_ULONG slot_count = 0;
147 CK_ULONG present_slot_count = 0;
148 CK_INFO lib_info = { };
149 CK_SLOT_INFO slot_info = { };
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]150 CK_TOKEN_INFO token_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]151 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
152 size_t i = 0;
153 CK_SLOT_ID max_slot_id = 0;
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]154 CK_MECHANISM_TYPE_PTR mecha_types = NULL;
155 CK_ULONG mecha_count = 0;
156 CK_MECHANISM_INFO mecha_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]157
158 rv = C_Initialize(NULL);
159 if (!ADBG_EXPECT_CK_OK(c, rv))
160 return;
161
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]162 Do_ADBG_BeginSubCase(c, "Test C_GetFunctionList()");
163
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]164 rv = C_GetFunctionList(&ckfunc_list);
165 if (!ADBG_EXPECT_CK_OK(c, rv))
166 goto out;
167
168 if (!ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetInfo) ||
169 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotList) ||
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]170 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotInfo) ||
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]171 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetTokenInfo) ||
172 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismList) ||
173 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismInfo))
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]174 goto out;
175
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]176 Do_ADBG_EndSubCase(c, "Test C_GetFunctionList()");
177 Do_ADBG_BeginSubCase(c, "Test C_GetInfo()");
178
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]179 rv = C_GetInfo(&lib_info);
180 if (!ADBG_EXPECT_CK_OK(c, rv))
181 goto out;
182
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]183 Do_ADBG_EndSubCase(c, "Test C_GetInfo()");
184 Do_ADBG_BeginSubCase(c, "Test C_GetSlotList()");
185
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]186 rv = C_GetSlotList(0, NULL, &slot_count);
187 if (!ADBG_EXPECT_CK_OK(c, rv))
188 goto out;
189
190 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, !=, 0))
191 goto out;
192
Etienne Carrierede746332020-03-04 19:43:53 +0100[diff] [blame]193 if (slot_count > 1) {
194 /* Ensure case non-NULL-buffer and zero-count is tested */
195 CK_SLOT_ID id = 0;
196
197 slot_count = 0;
198 rv = C_GetSlotList(0, &id, &slot_count);
199 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
200 goto out;
201 }
202
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]203 rv = C_GetSlotList(1, NULL, &present_slot_count);
204 if (!ADBG_EXPECT_CK_OK(c, rv))
205 goto out;
206
207 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, ==,
208 present_slot_count))
209 goto out;
210
211 slot_ids = calloc(slot_count, sizeof(CK_SLOT_ID));
212 if (!ADBG_EXPECT_NOT_NULL(c, slot_ids))
213 goto out;
214
215 slot_count--;
216 rv = C_GetSlotList(1, slot_ids, &slot_count);
217 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
218 goto out;
219
220 rv = C_GetSlotList(1, slot_ids, &slot_count);
221 if (!ADBG_EXPECT_CK_OK(c, rv))
222 goto out;
223
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]224 Do_ADBG_EndSubCase(c, "Test C_GetSlotList()");
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]225 Do_ADBG_BeginSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]226
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]227 for (i = 0; i < slot_count; i++) {
228 CK_SLOT_ID slot = slot_ids[i];
229
230 rv = C_GetSlotInfo(slot, &slot_info);
231 if (!ADBG_EXPECT_CK_OK(c, rv))
232 goto out;
233
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]234 rv = C_GetTokenInfo(slot, &token_info);
235 if (!ADBG_EXPECT_CK_OK(c, rv))
236 goto out;
237
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]238 if (max_slot_id < slot)
239 max_slot_id = slot;
240 }
241
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]242 Do_ADBG_EndSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]243 Do_ADBG_BeginSubCase(c, "Test C_GetMechanism{List|Info}()");
244
245 for (i = 0; i < slot_count; i++) {
246 CK_SLOT_ID slot = slot_ids[i];
247 size_t j = 0;
248
249 mecha_count = 0;
250 rv = C_GetMechanismList(slot, NULL, &mecha_count);
251 if (!ADBG_EXPECT_CK_OK(c, rv))
252 goto out;
253
254 if (mecha_count == 0)
255 continue;
256
257 free(mecha_types);
258 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
259 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
260 goto out;
261
262 /* Test specific case: valid buffer reference with 0 count */
263 mecha_count = 0;
264 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
265 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
266 goto out;
267
268 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
269 if (!ADBG_EXPECT_CK_OK(c, rv))
270 goto out;
271
272 for (j = 0; j < mecha_count; j++) {
273 rv = C_GetMechanismInfo(slot, mecha_types[j],
274 &mecha_info);
275 if (!ADBG_EXPECT_CK_OK(c, rv))
276 goto out;
277 }
278 }
279
280 Do_ADBG_EndSubCase(c, "Test C_GetMechanism{List|Info}()");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]281 Do_ADBG_BeginSubCase(c, "Test C_Get*Info() with invalid reference");
282
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]283 rv = C_GetSlotInfo(max_slot_id + 1, &slot_info);
284 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
285 goto out;
286
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]287 rv = C_GetTokenInfo(max_slot_id + 1, &token_info);
288 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
289 goto out;
290
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]291 mecha_count = 1;
292 if (!mecha_types)
293 mecha_types = malloc(sizeof(*mecha_types));
294 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
295 goto out;
296
297 rv = C_GetMechanismList(max_slot_id + 1, mecha_types, &mecha_count);
298 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
299 goto out;
300
301 rv = C_GetMechanismInfo(max_slot_id + 1, CKM_AES_KEY_GEN, &mecha_info);
302 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
303 goto out;
304
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]305 rv = C_GetSlotInfo(ULONG_MAX, &slot_info);
306 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
307 goto out;
308
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]309 rv = C_GetTokenInfo(ULONG_MAX, &token_info);
310 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
311 goto out;
312
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]313 mecha_count = 1;
314 rv = C_GetMechanismList(ULONG_MAX, mecha_types, &mecha_count);
315 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
316 goto out;
317
318 rv = C_GetMechanismInfo(ULONG_MAX, CKM_AES_KEY_GEN, &mecha_info);
319 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
320 goto out;
321
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]322out:
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]323 Do_ADBG_EndSubCase(c, NULL);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]324 free(slot_ids);
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]325 free(mecha_types);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]326
327 rv = C_Finalize(NULL);
328 ADBG_EXPECT_CK_OK(c, rv);
329}
330
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]331ADBG_CASE_DEFINE(pkcs11, 1001, xtest_pkcs11_test_1001,
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]332 "PKCS11: List PKCS#11 slots and get information from");
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]333
334static void xtest_pkcs11_test_1002(ADBG_Case_t *c)
335{
336 CK_RV rv = CKR_GENERAL_ERROR;
337 CK_SLOT_ID slot = 0;
338 CK_SESSION_HANDLE session[3] = { 0 };
339 CK_FLAGS session_flags = 0;
340 CK_SESSION_INFO session_info = { };
341 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
342
343 rv = init_lib_and_find_token_slot(&slot);
344 if (!ADBG_EXPECT_CK_OK(c, rv))
345 return;
346
347 rv = C_GetFunctionList(&ckfunc_list);
348 if (!ADBG_EXPECT_CK_OK(c, rv) ||
349 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_OpenSession) ||
350 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseSession) ||
351 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseAllSessions) ||
352 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSessionInfo))
353 goto bail;
354
355 Do_ADBG_BeginSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
356
357 session_flags = CKF_RW_SESSION;
358
359 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
360 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
361 goto bail;
362
363 session_flags = CKF_SERIAL_SESSION;
364
365 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
366 if (!ADBG_EXPECT_CK_OK(c, rv))
367 goto bail;
368
369 rv = C_GetSessionInfo(session[0], &session_info);
370 if (!ADBG_EXPECT_CK_OK(c, rv) ||
371 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
372 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
373 session_flags) ||
374 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
375 CKS_RO_PUBLIC_SESSION) ||
376 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
377 goto bail;
378
379 session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
380
381 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[1]);
382 if (!ADBG_EXPECT_CK_OK(c, rv))
383 goto bail;
384
385 rv = C_GetSessionInfo(session[1], &session_info);
386 if (!ADBG_EXPECT_CK_OK(c, rv) ||
387 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
388 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
389 session_flags) ||
390 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
391 CKS_RW_PUBLIC_SESSION) ||
392 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
393 goto bail;
394
395 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[2]);
396 if (!ADBG_EXPECT_CK_OK(c, rv))
397 goto bail;
398
399 rv = C_GetSessionInfo(session[2], &session_info);
400 if (!ADBG_EXPECT_CK_OK(c, rv) ||
401 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
402 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
403 session_flags) ||
404 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
405 CKS_RW_PUBLIC_SESSION) ||
406 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
407 goto bail;
408
409 Do_ADBG_EndSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
410 Do_ADBG_BeginSubCase(c, "Test C_CloseSession()");
411
412 /* Close 2 of them */
413 rv = C_CloseSession(session[0]);
414 if (!ADBG_EXPECT_CK_OK(c, rv))
415 goto bail;
416
417 rv = C_GetSessionInfo(session[0], &session_info);
418 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
419 goto bail;
420
421 rv = C_GetSessionInfo(session[1], &session_info);
422 if (!ADBG_EXPECT_CK_OK(c, rv))
423 goto bail;
424
425 rv = C_GetSessionInfo(session[2], &session_info);
426 if (!ADBG_EXPECT_CK_OK(c, rv))
427 goto bail;
428
429 /* Close all remaining sessions, later calls should failed on session */
430 rv = C_CloseAllSessions(slot);
431 if (!ADBG_EXPECT_CK_OK(c, rv))
432 goto bail;
433
434 rv = C_CloseSession(session[1]);
435 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
436 goto bail;
437
438 rv = C_CloseSession(session[2]);
439 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
440 goto bail;
441
442 rv = C_GetSessionInfo(session[1], &session_info);
443 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
444 goto bail;
445
446 rv = C_GetSessionInfo(session[2], &session_info);
447 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
448 goto bail;
449
450 /* Open a session, should be closed from library closure */
451 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
452 if (!ADBG_EXPECT_CK_OK(c, rv))
453 goto bail;
454
455bail:
456 Do_ADBG_EndSubCase(c, NULL);
457 rv = close_lib();
458 ADBG_EXPECT_CK_OK(c, rv);
459}
460
461ADBG_CASE_DEFINE(pkcs11, 1002, xtest_pkcs11_test_1002,
462 "PKCS11: Open and close PKCS#11 sessions");
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]463
464/*
465 * Helpers for tests where we must log into the token.
466 * These define the genuine PINs and label to be used with the test token.
467 */
468static CK_UTF8CHAR test_token_so_pin[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 , 9, 10, };
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]469static CK_UTF8CHAR test_token_user_pin[] = {
470 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
471};
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]472static CK_UTF8CHAR test_token_label[] = "PKCS11 TA test token";
473
474static CK_RV init_test_token(CK_SLOT_ID slot)
475{
476 return C_InitToken(slot, test_token_so_pin, sizeof(test_token_so_pin),
477 test_token_label);
478}
479
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]480/* Login as user, eventually reset user PIN if needed */
481static CK_RV init_user_test_token(CK_SLOT_ID slot)
482{
483 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
484 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
485 CK_RV rv = CKR_GENERAL_ERROR;
486
487 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
488 if (rv)
489 return rv;
490
491 rv = C_Login(session, CKU_USER, test_token_user_pin,
492 sizeof(test_token_user_pin));
493 if (rv == CKR_OK) {
494 C_Logout(session);
495 C_CloseSession(session);
496 return rv;
497 }
498
499 rv = C_Login(session, CKU_SO, test_token_so_pin,
500 sizeof(test_token_so_pin));
501 if (rv) {
502 C_CloseSession(session);
503
504 rv = init_test_token(slot);
505 if (rv)
506 return rv;
507
508 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
509 if (rv)
510 return rv;
511
512 rv = C_Login(session, CKU_SO, test_token_so_pin,
513 sizeof(test_token_so_pin));
514 if (rv) {
515 C_CloseSession(session);
516 return rv;
517 }
518 }
519
520 rv = C_InitPIN(session, test_token_user_pin,
521 sizeof(test_token_user_pin));
522
523 C_Logout(session);
524 C_CloseSession(session);
525
526 return rv;
527}
528
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]529static CK_RV test_already_initialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
530{
531 CK_RV rv = CKR_GENERAL_ERROR;
532 CK_TOKEN_INFO token_info = { };
533 /* Same content as test_token_so_pin[] but 1 more byte */
534 CK_UTF8CHAR pin1[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, };
535 /* Same content as test_token_so_pin[] but 1 different byte */
536 CK_UTF8CHAR pin2[] = { 0, 1, 2, 3, 4, 5, 6, 6, 8, 9, 10, };
537 CK_FLAGS flags = 0;
538
539 Do_ADBG_BeginSubCase(c, "C_InitToken() on initialized token");
540
541 rv = C_GetTokenInfo(slot, &token_info);
542 if (!ADBG_EXPECT_CK_OK(c, rv))
543 goto out;
544
545 rv = C_InitToken(slot, test_token_so_pin,
546 sizeof(test_token_so_pin) - 1, test_token_label);
547 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
548 goto out;
549
550 rv = C_InitToken(slot, pin1, sizeof(pin1), test_token_label);
551 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
552 goto out;
553
554 rv = C_InitToken(slot, pin2, sizeof(pin2), test_token_label);
555 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
556 goto out;
557
558 rv = C_GetTokenInfo(slot, &token_info);
559 if (!ADBG_EXPECT_CK_OK(c, rv))
560 goto out;
561
562 flags = token_info.flags;
563
564 /* Token should have set CKF_SO_PIN_COUNT_LOW to 1 */
565 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_SO_PIN_COUNT_LOW))) {
566 rv = CKR_GENERAL_ERROR;
567 goto out;
568 }
569
570 rv = init_test_token(slot);
571 if (!ADBG_EXPECT_CK_OK(c, rv))
572 goto out;
573
574 rv = C_GetTokenInfo(slot, &token_info);
575 if (!ADBG_EXPECT_CK_OK(c, rv))
576 goto out;
577
578 flags = token_info.flags;
579
580 /*
581 * Token should have reset CKF_SO_PIN_COUNT_LOW to 0.
582 * Other flags should show a sane initialized state.
583 */
584 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_SO_PIN_COUNT_LOW)) ||
585 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
586 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
587 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
588 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]589 goto out;
590 }
591
592 rv = init_user_test_token(slot);
593 if (!ADBG_EXPECT_CK_OK(c, rv))
594 goto out;
595
596 rv = C_GetTokenInfo(slot, &token_info);
597 if (!ADBG_EXPECT_CK_OK(c, rv))
598 goto out;
599
600 flags = token_info.flags;
601
602 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
603 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
604 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
605 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
606 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
607 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE))) {
608 rv = CKR_GENERAL_ERROR;
609 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]610 }
611
612out:
613 Do_ADBG_EndSubCase(c, "C_InitToken() on initialized token");
614
615 return rv;
616}
617
618static CK_RV test_uninitialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
619{
620 CK_RV rv = CKR_GENERAL_ERROR;
621 CK_TOKEN_INFO token_info = { };
622 CK_FLAGS flags = 0;
623
624 Do_ADBG_BeginSubCase(c, "C_InitToken() on uninitialized token");
625
626 rv = init_test_token(slot);
627 if (!ADBG_EXPECT_CK_OK(c, rv))
628 goto out;
629
630 rv = C_GetTokenInfo(slot, &token_info);
631 if (!ADBG_EXPECT_CK_OK(c, rv))
632 goto out;
633
634 flags = token_info.flags;
635
636 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
637 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
638 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
639 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]640 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]641 }
642
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]643 rv = init_user_test_token(slot);
644 if (!ADBG_EXPECT_CK_OK(c, rv))
645 goto out;
646
647 rv = C_GetTokenInfo(slot, &token_info);
648 if (!ADBG_EXPECT_CK_OK(c, rv))
649 goto out;
650
651 flags = token_info.flags;
652
653 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
654 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
655 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
656 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
657 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
658 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
659 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)))
660 rv = CKR_GENERAL_ERROR;
661
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]662out:
663 Do_ADBG_EndSubCase(c, "C_InitToken() on uninitialized token");
664
665 return rv;
666}
667
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]668static CK_RV test_login_logout(ADBG_Case_t *c, CK_SLOT_ID slot)
669{
670 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
671 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
672 CK_RV rv = CKR_GENERAL_ERROR;
673
674 Do_ADBG_BeginSubCase(c, "Test C_Login()/C_Logout()");
675
676 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
677 if (!ADBG_EXPECT_CK_OK(c, rv))
678 goto out;
679
680 /* Logout: should fail as we did not log in yet */
681 rv = C_Logout(session);
682 ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv);
683
684 /* Login/re-log/logout user */
685 rv = C_Login(session, CKU_USER, test_token_user_pin,
686 sizeof(test_token_user_pin));
687 if (!ADBG_EXPECT_CK_OK(c, rv))
688 goto out;
689
690 rv = C_Login(session, CKU_USER, test_token_user_pin,
691 sizeof(test_token_user_pin));
692 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
693
694 rv = C_Logout(session);
695 if (!ADBG_EXPECT_CK_OK(c, rv))
696 goto out;
697
698 /* Login/re-log/logout security officer */
699 rv = C_Login(session, CKU_SO, test_token_so_pin,
700 sizeof(test_token_so_pin));
701 if (!ADBG_EXPECT_CK_OK(c, rv))
702 goto out;
703
704 rv = C_Login(session, CKU_SO, test_token_so_pin,
705 sizeof(test_token_so_pin));
706 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
707
708 rv = C_Logout(session);
709 if (!ADBG_EXPECT_CK_OK(c, rv))
710 goto out;
711
712 /* Login user then SO and reverse */
713 rv = C_Login(session, CKU_SO, test_token_so_pin,
714 sizeof(test_token_so_pin));
715 ADBG_EXPECT_CK_OK(c, rv);
716
717 rv = C_Login(session, CKU_USER, test_token_user_pin,
718 sizeof(test_token_user_pin));
719 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
720
721 rv = C_Logout(session);
722 if (!ADBG_EXPECT_CK_OK(c, rv))
723 goto out;
724
725 rv = C_Login(session, CKU_USER, test_token_user_pin,
726 sizeof(test_token_user_pin));
727 ADBG_EXPECT_CK_OK(c, rv);
728
729 rv = C_Login(session, CKU_SO, test_token_so_pin,
730 sizeof(test_token_so_pin));
731 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
732
733 rv = C_Logout(session);
734 ADBG_EXPECT_CK_OK(c, rv);
735
736 /* Login context specifc, in an invalid case (need an operation) */
737 rv = C_Login(session, CKU_CONTEXT_SPECIFIC, test_token_user_pin,
738 sizeof(test_token_user_pin));
739 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
740
741 rv = C_CloseSession(session);
742 ADBG_EXPECT_CK_OK(c, rv);
743
744out:
745 Do_ADBG_EndSubCase(c, "Test C_Login()/C_Logout()");
746 return rv;
747}
748
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]749static CK_RV test_set_pin(ADBG_Case_t *c, CK_SLOT_ID slot,
750 CK_USER_TYPE user_type)
751{
752 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
753 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
754 CK_UTF8CHAR some_pin[] = { 7, 6, 5, 4, 3, 2, 1, 2, 3, 4, 5, 6, 7 };
755 CK_UTF8CHAR_PTR old_pin = NULL;
756 CK_USER_TYPE ut = user_type;
757 size_t old_pin_sz = 0;
758 CK_RV rv2 = CKR_OK;
759 CK_RV rv = CKR_OK;
760
761 Do_ADBG_BeginSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
762
763 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
764 if (!ADBG_EXPECT_CK_OK(c, rv))
765 goto out;
766
767 if (user_type == CKU_SO) {
768 old_pin = (CK_UTF8CHAR_PTR)test_token_so_pin;
769 old_pin_sz = sizeof(test_token_so_pin);
770 } else {
771 old_pin = (CK_UTF8CHAR_PTR)test_token_user_pin;
772 old_pin_sz = sizeof(test_token_user_pin);
773 ut = CKU_USER;
774 }
775
776 if (ut == user_type) {
777 rv = C_Login(session, ut, old_pin, old_pin_sz);
778 if (!ADBG_EXPECT_CK_OK(c, rv))
779 goto out_session;
780 }
781
782 rv = C_SetPIN(session, old_pin, old_pin_sz, some_pin, sizeof(some_pin));
783 if (!ADBG_EXPECT_CK_OK(c, rv)) {
784 if (ut == user_type)
785 goto out_logout;
786 else
787 goto out_session;
788 }
789
790 if (ut == user_type) {
791 rv = C_Logout(session);
792 if (!ADBG_EXPECT_CK_OK(c, rv))
793 goto out_session;
794 }
795
796 rv = C_Login(session, ut, some_pin, sizeof(some_pin));
797 if (!ADBG_EXPECT_CK_OK(c, rv))
798 goto out_session;
799
800 rv = C_SetPIN(session, some_pin, sizeof(some_pin), old_pin, old_pin_sz);
801 ADBG_EXPECT_CK_OK(c, rv);
802
803out_logout:
804 rv2 = C_Logout(session);
805 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
806 rv = rv2;
807out_session:
808 rv2 = C_CloseSession(session);
809 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
810 rv = rv2;
811out:
812 Do_ADBG_EndSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
813
814 return rv;
815}
816
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]817static void xtest_pkcs11_test_1003(ADBG_Case_t *c)
818{
819 CK_RV rv = CKR_GENERAL_ERROR;
820 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
821 CK_SLOT_ID slot = 0;
822 CK_TOKEN_INFO token_info = { };
823
824 rv = C_GetFunctionList(&ckfunc_list);
825 if (!ADBG_EXPECT_CK_OK(c, rv) ||
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]826 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitToken) ||
827 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitPIN) ||
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]828 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_SetPIN) ||
829 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Login) ||
830 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Logout))
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]831 goto out;
832
833 rv = init_lib_and_find_token_slot(&slot);
834 if (!ADBG_EXPECT_CK_OK(c, rv))
835 return;
836
837 rv = C_GetTokenInfo(slot, &token_info);
838 if (!ADBG_EXPECT_CK_OK(c, rv))
839 goto out;
840
841 /* Abort test if token is about to lock */
842 if (!ADBG_EXPECT_TRUE(c, !(token_info.flags & CKF_SO_PIN_FINAL_TRY)))
843 goto out;
844
845 if (!(token_info.flags & CKF_TOKEN_INITIALIZED)) {
846 rv = test_uninitialized_token(c, slot);
847 if (rv != CKR_OK)
848 goto out;
849 }
850
851 rv = test_already_initialized_token(c, slot);
852 if (rv != CKR_OK)
853 goto out;
854
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]855 rv = test_login_logout(c, slot);
856 if (rv != CKR_OK)
857 goto out;
858
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]859 rv = test_set_pin(c, slot, CKU_USER);
860 if (rv != CKR_OK)
861 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]862
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]863 rv = test_set_pin(c, slot, CKU_SO);
864 if (rv != CKR_OK)
865 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]866
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]867 /*
868 * CKU_CONTEXT_SPECIFIC is anything not CKU_USER or CKU_SO in order
869 * to skip the initial login.
870 */
871 test_set_pin(c, slot, CKU_CONTEXT_SPECIFIC);
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]872out:
873 rv = close_lib();
874 ADBG_EXPECT_CK_OK(c, rv);
875}
876
877ADBG_CASE_DEFINE(pkcs11, 1003, xtest_pkcs11_test_1003,
878 "PKCS11: Login to PKCS#11 token");
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]879
880static CK_ATTRIBUTE cktest_token_object[] = {
881 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
882 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
883 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
884 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
885 sizeof(CK_OBJECT_CLASS) },
886 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
887 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
888};
889
890static CK_ATTRIBUTE cktest_session_object[] = {
891 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
892 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
893 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
894 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
895 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
896 sizeof(CK_OBJECT_CLASS) },
897 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
898};
899
900/* Create session object and token object from a session */
901static void test_create_destroy_single_object(ADBG_Case_t *c, bool persistent)
902{
903 CK_RV rv = CKR_GENERAL_ERROR;
904 CK_SLOT_ID slot = 0;
905 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
906 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
907 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
908
909 rv = init_lib_and_find_token_slot(&slot);
910 if (!ADBG_EXPECT_CK_OK(c, rv))
911 return;
912
913 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
914 if (!ADBG_EXPECT_CK_OK(c, rv))
915 goto out;
916
917 if (persistent) {
918 rv = C_CreateObject(session, cktest_token_object,
919 ARRAY_SIZE(cktest_token_object),
920 &obj_hdl);
921 } else {
922 rv = C_CreateObject(session, cktest_session_object,
923 ARRAY_SIZE(cktest_session_object),
924 &obj_hdl);
925 }
926
927 if (!ADBG_EXPECT_CK_OK(c, rv))
928 goto out;
929
930 rv = C_DestroyObject(session, obj_hdl);
931 ADBG_EXPECT_CK_OK(c, rv);
932out:
933 rv = C_CloseSession(session);
934 ADBG_EXPECT_CK_OK(c, rv);
935
936 rv = close_lib();
937 ADBG_EXPECT_CK_OK(c, rv);
938}
939
940static void test_create_destroy_session_objects(ADBG_Case_t *c)
941{
942 CK_RV rv = CKR_GENERAL_ERROR;
943 CK_SLOT_ID slot = 0;
944 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
945 CK_OBJECT_HANDLE obj_hdl[512] = { 0 };
946 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
947 size_t n = 0;
948
949 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
950 obj_hdl[n] = CK_INVALID_HANDLE;
951
952 rv = init_lib_and_find_token_slot(&slot);
953 if (!ADBG_EXPECT_CK_OK(c, rv))
954 return;
955
956 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
957 if (!ADBG_EXPECT_CK_OK(c, rv))
958 goto out;
959
960 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++) {
961 rv = C_CreateObject(session, cktest_session_object,
962 ARRAY_SIZE(cktest_session_object),
963 obj_hdl + n);
964
965 if (rv == CKR_DEVICE_MEMORY || !ADBG_EXPECT_CK_OK(c, rv))
966 break;
967 }
968
969 Do_ADBG_Log(" created object count: %zu", n);
970
971 rv = C_CloseSession(session);
972 ADBG_EXPECT_CK_OK(c, rv);
973
974 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
975 if (!ADBG_EXPECT_CK_OK(c, rv))
976 goto out;
977
978 rv = C_CreateObject(session, cktest_session_object,
979 ARRAY_SIZE(cktest_session_object),
980 obj_hdl);
981
982 ADBG_EXPECT_CK_OK(c, rv);
983
984out:
985 rv = C_CloseSession(session);
986 ADBG_EXPECT_CK_OK(c, rv);
987
988 rv = close_lib();
989 ADBG_EXPECT_CK_OK(c, rv);
990}
991
992/* Create session object and token object from a session */
993static void test_create_objects_in_session(ADBG_Case_t *c, bool readwrite)
994{
995 CK_RV rv = CKR_GENERAL_ERROR;
996 CK_SLOT_ID slot = 0;
997 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
998 CK_OBJECT_HANDLE token_obj_hld = CK_INVALID_HANDLE;
999 CK_OBJECT_HANDLE session_obj_hld = CK_INVALID_HANDLE;
1000 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1001
1002 rv = init_lib_and_find_token_slot(&slot);
1003 if (!ADBG_EXPECT_CK_OK(c, rv))
1004 return;
1005
1006 if (readwrite)
1007 session_flags |= CKF_RW_SESSION;
1008
1009 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1010 if (!ADBG_EXPECT_CK_OK(c, rv))
1011 goto out;
1012
1013 rv = C_CreateObject(session, cktest_token_object,
1014 ARRAY_SIZE(cktest_token_object),
1015 &token_obj_hld);
1016
1017 if (readwrite) {
1018 if (!ADBG_EXPECT_CK_OK(c, rv))
1019 goto out;
1020 } else {
1021 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
1022 goto out;
1023 }
1024
1025 rv = C_CreateObject(session, cktest_session_object,
1026 ARRAY_SIZE(cktest_session_object),
1027 &session_obj_hld);
1028
1029 if (!ADBG_EXPECT_CK_OK(c, rv))
1030 goto out_tobj;
1031
1032 rv = C_DestroyObject(session, session_obj_hld);
1033 ADBG_EXPECT_CK_OK(c, rv);
1034
1035out_tobj:
1036 if (readwrite) {
1037 rv = C_DestroyObject(session, token_obj_hld);
1038 ADBG_EXPECT_CK_OK(c, rv);
1039 }
1040out:
1041 rv = C_CloseSession(session);
1042 ADBG_EXPECT_CK_OK(c, rv);
1043
1044 rv = close_lib();
1045 ADBG_EXPECT_CK_OK(c, rv);
1046}
1047
1048static void xtest_pkcs11_test_1004(ADBG_Case_t *c)
1049{
1050 Do_ADBG_BeginSubCase(c, "Create and destroy a volatile object");
1051 test_create_destroy_single_object(c, false /*!persistent*/);
1052 Do_ADBG_EndSubCase(c, "Create and destroy a volatile object");
1053
1054 Do_ADBG_BeginSubCase(c, "Create and destroy a persistent object");
1055 test_create_destroy_single_object(c, true /*persistent*/);
1056 Do_ADBG_EndSubCase(c, "Create and destroy a persistent object");
1057
1058 Do_ADBG_BeginSubCase(c, "Create and destroy many session objects");
1059 test_create_destroy_session_objects(c);
1060 Do_ADBG_EndSubCase(c, "Create and destroy many session objects");
1061
1062 Do_ADBG_BeginSubCase(c, "Create objects in a read-only session");
1063 test_create_objects_in_session(c, false /*!readwrite*/);
1064 Do_ADBG_EndSubCase(c, "Create objects in a read-only session");
1065
1066 Do_ADBG_BeginSubCase(c, "Create objects in a read/write session");
1067 test_create_objects_in_session(c, true /*readwrite*/);
1068 Do_ADBG_EndSubCase(c, "Create objects in a read/write session");
1069}
1070
1071ADBG_CASE_DEFINE(pkcs11, 1004, xtest_pkcs11_test_1004,
1072 "PKCS11: create/destroy PKCS#11 simple objects");
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]1073
1074
1075static const CK_MECHANISM_TYPE allowed_only_aes_ecb[] = {
1076 CKM_AES_ECB,
1077};
1078static const CK_MECHANISM_TYPE allowed_not_aes_ecb[] = {
1079 CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1080 CKM_AES_GCM, CKM_AES_CCM,
1081};
1082static const CK_MECHANISM_TYPE allowed_only_aes_cbcnopad[] = {
1083 CKM_AES_CBC,
1084};
1085static const CK_MECHANISM_TYPE allowed_not_aes_cbcnopad[] = {
1086 CKM_AES_ECB, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1087 CKM_AES_GCM, CKM_AES_CCM,
1088};
1089static const CK_MECHANISM_TYPE allowed_only_aes_ctr[] = {
1090 CKM_AES_CTR,
1091};
1092static const CK_MECHANISM_TYPE allowed_not_aes_ctr[] = {
1093 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTS,
1094 CKM_AES_GCM, CKM_AES_CCM,
1095};
1096static const CK_MECHANISM_TYPE allowed_only_aes_cts[] = {
1097 CKM_AES_CTS,
1098};
1099static const CK_MECHANISM_TYPE allowed_not_aes_cts[] = {
1100 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR,
1101 CKM_AES_GCM, CKM_AES_CCM,
1102};
1103
1104#define CKTEST_AES_KEY \
1105 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1106 sizeof(CK_OBJECT_CLASS) }, \
1107 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, \
1108 sizeof(CK_KEY_TYPE) }, \
1109 { CKA_VALUE, (void *)cktest_aes128_key, \
1110 sizeof(cktest_aes128_key) }
1111
1112#define CKTEST_AES_ALLOWED_KEY(_allowed) \
1113 { CKA_ALLOWED_MECHANISMS, (void *)_allowed, sizeof(_allowed), }
1114
1115#define CK_KEY_ALLOWED_AES_TEST(_label, _allowed) \
1116 static CK_ATTRIBUTE _label[] = { \
1117 CKTEST_AES_KEY, \
1118 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1119 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1120 CKTEST_AES_ALLOWED_KEY(_allowed), \
1121 }
1122
1123#define CK_KEY_ALLOWED_AES_ENC_TEST(_label, _allowed) \
1124 static CK_ATTRIBUTE _label[] = { \
1125 CKTEST_AES_KEY, \
1126 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1127 CKTEST_AES_ALLOWED_KEY(_allowed), \
1128 }
1129#define CK_KEY_ALLOWED_AES_DEC_TEST(_label, _allowed) \
1130 static CK_ATTRIBUTE _label[] = { \
1131 CKTEST_AES_KEY, \
1132 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1133 CKTEST_AES_ALLOWED_KEY(_allowed), \
1134 }
1135
1136CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ecb, allowed_only_aes_ecb);
1137CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ecb, allowed_not_aes_ecb);
1138CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cbcnopad, allowed_only_aes_cbcnopad);
1139CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cbcnopad, allowed_not_aes_cbcnopad);
1140CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cts, allowed_only_aes_cts);
1141CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cts, allowed_not_aes_cts);
1142CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ctr, allowed_only_aes_ctr);
1143CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ctr, allowed_not_aes_ctr);
1144
1145struct cktest_allowed_test {
1146 CK_ATTRIBUTE_PTR attr_key;
1147 CK_ULONG attr_count;
1148 CK_MECHANISM_PTR mechanism;
1149};
1150
1151#define CKTEST_KEY_MECHA(key, mecha) { \
1152 .attr_key = key, \
1153 .attr_count = ARRAY_SIZE(key), \
1154 .mechanism = mecha, \
1155 }
1156
1157static const struct cktest_allowed_test cktest_allowed_valid[] = {
1158 CKTEST_KEY_MECHA(cktest_aes_only_ecb, &cktest_aes_ecb_mechanism),
1159 CKTEST_KEY_MECHA(cktest_aes_only_cbcnopad, &cktest_aes_cbc_mechanism),
1160 CKTEST_KEY_MECHA(cktest_aes_only_cts, &cktest_aes_cts_mechanism),
1161 CKTEST_KEY_MECHA(cktest_aes_only_ctr, &cktest_aes_ctr_mechanism),
1162};
1163
1164static const struct cktest_allowed_test cktest_allowed_invalid[] = {
1165 CKTEST_KEY_MECHA(cktest_aes_not_ecb, &cktest_aes_ecb_mechanism),
1166 CKTEST_KEY_MECHA(cktest_aes_not_cbcnopad, &cktest_aes_cbc_mechanism),
1167 CKTEST_KEY_MECHA(cktest_aes_not_cts, &cktest_aes_cts_mechanism),
1168 CKTEST_KEY_MECHA(cktest_aes_not_ctr, &cktest_aes_ctr_mechanism),
1169};
1170
1171/* Create session object and token object from a session */
1172static CK_RV cipher_init_final(ADBG_Case_t *c, CK_SESSION_HANDLE session,
1173 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1174 CK_MECHANISM_PTR mechanism, uint32_t mode,
1175 CK_RV expected_rc)
1176{
1177 CK_RV rv2 = CKR_GENERAL_ERROR;
1178 CK_RV rv = CKR_GENERAL_ERROR;
1179 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1180
1181 switch (mode) {
1182 case TEE_MODE_ENCRYPT:
1183 case TEE_MODE_DECRYPT:
1184 break;
1185 default:
1186 ADBG_EXPECT_TRUE(c, false);
1187 }
1188
1189 rv = C_CreateObject(session, attr_key, attr_count, &object);
1190 if (!ADBG_EXPECT_CK_OK(c, rv))
1191 return rv;
1192
1193 if (mode == TEE_MODE_ENCRYPT)
1194 rv = C_EncryptInit(session, mechanism, object);
1195 if (mode == TEE_MODE_DECRYPT)
1196 rv = C_DecryptInit(session, mechanism, object);
1197
1198 if (!ADBG_EXPECT_CK_RESULT(c, expected_rc, rv)) {
1199 rv = CKR_GENERAL_ERROR;
1200 goto out;
1201 }
1202
1203 if (rv) {
1204 /*
1205 * If we're here it was the expected error code above and
1206 * we're supposed to return OK below.
1207 */
1208 rv = CKR_OK;
1209 } else {
1210 if (mode == TEE_MODE_ENCRYPT)
1211 rv = C_EncryptFinal(session, NULL, NULL);
1212 if (mode == TEE_MODE_DECRYPT)
1213 rv = C_DecryptFinal(session, NULL, NULL);
1214
1215 /* Only check that the operation is no more active */
1216 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
1217 rv = CKR_GENERAL_ERROR;
1218 }
1219
1220out:
1221 rv2 = C_DestroyObject(session, object);
1222 ADBG_EXPECT_CK_OK(c, rv2);
1223
1224 if (rv)
1225 return rv;
1226 else
1227 return rv2;
1228}
1229
1230CK_KEY_ALLOWED_AES_ENC_TEST(cktest_aes_enc_only_cts, allowed_only_aes_cts);
1231
1232CK_KEY_ALLOWED_AES_DEC_TEST(cktest_aes_dec_only_ctr, allowed_only_aes_ctr);
1233
1234static void xtest_pkcs11_test_1005(ADBG_Case_t *c)
1235{
1236 CK_RV rv = CKR_GENERAL_ERROR;
1237 CK_SLOT_ID slot = 0;
1238 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1239 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1240 size_t n = 0;
1241
1242 rv = init_lib_and_find_token_slot(&slot);
1243 if (!ADBG_EXPECT_CK_OK(c, rv))
1244 return;
1245
1246 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1247 if (!ADBG_EXPECT_CK_OK(c, rv))
1248 goto out;
1249
1250 for (n = 0; n < ARRAY_SIZE(cktest_allowed_valid); n++) {
1251
1252 Do_ADBG_BeginSubCase(c, "valid usage #%zu", n);
1253
1254 rv = cipher_init_final(c, session,
1255 cktest_allowed_valid[n].attr_key,
1256 cktest_allowed_valid[n].attr_count,
1257 cktest_allowed_valid[n].mechanism,
1258 TEE_MODE_ENCRYPT,
1259 CKR_OK);
1260
1261 ADBG_EXPECT_CK_OK(c, rv);
1262
1263 Do_ADBG_EndSubCase(c, NULL);
1264 if (rv)
1265 goto out;
1266
1267 }
1268
1269 for (n = 0; n < ARRAY_SIZE(cktest_allowed_invalid); n++) {
1270 Do_ADBG_BeginSubCase(c, "invalid usage #%zu", n);
1271
1272 rv = cipher_init_final(c, session,
1273 cktest_allowed_invalid[n].attr_key,
1274 cktest_allowed_invalid[n].attr_count,
1275 cktest_allowed_invalid[n].mechanism,
1276 TEE_MODE_ENCRYPT,
1277 CKR_KEY_FUNCTION_NOT_PERMITTED);
1278
1279 ADBG_EXPECT_CK_OK(c, rv);
1280
1281 Do_ADBG_EndSubCase(c, NULL);
1282 if (rv)
1283 goto out;
1284
1285 }
1286
1287out:
1288 rv = C_CloseSession(session);
1289 ADBG_EXPECT_CK_OK(c, rv);
1290
1291 rv = close_lib();
1292 ADBG_EXPECT_CK_OK(c, rv);
1293}
1294
1295
1296ADBG_CASE_DEFINE(pkcs11, 1005, xtest_pkcs11_test_1005,
1297 "PKCS11: Check ciphering with valid and invalid keys #1");
1298
1299static void xtest_pkcs11_test_1006(ADBG_Case_t *c)
1300{
1301 CK_RV rv = CKR_GENERAL_ERROR;
1302 CK_SLOT_ID slot = 0;
1303 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1304 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1305
1306 rv = init_lib_and_find_token_slot(&slot);
1307 if (!ADBG_EXPECT_CK_OK(c, rv))
1308 return;
1309
1310 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1311 if (!ADBG_EXPECT_CK_OK(c, rv))
1312 goto out;
1313
1314 /* Encrypt only AES CTS key */
1315 rv = cipher_init_final(c, session,
1316 cktest_aes_enc_only_cts,
1317 ARRAY_SIZE(cktest_aes_enc_only_cts),
1318 &cktest_aes_cts_mechanism,
1319 TEE_MODE_ENCRYPT,
1320 CKR_OK);
1321 if (!ADBG_EXPECT_CK_OK(c, rv))
1322 goto out;
1323
1324 rv = cipher_init_final(c, session,
1325 cktest_aes_enc_only_cts,
1326 ARRAY_SIZE(cktest_aes_enc_only_cts),
1327 &cktest_aes_cts_mechanism,
1328 TEE_MODE_DECRYPT,
1329 CKR_KEY_FUNCTION_NOT_PERMITTED);
1330 if (!ADBG_EXPECT_CK_OK(c, rv))
1331 goto out;
1332
1333 /* Decrypt only AES CTR key */
1334 rv = cipher_init_final(c, session,
1335 cktest_aes_dec_only_ctr,
1336 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1337 &cktest_aes_ctr_mechanism,
1338 TEE_MODE_ENCRYPT,
1339 CKR_KEY_FUNCTION_NOT_PERMITTED);
1340 if (!ADBG_EXPECT_CK_OK(c, rv))
1341 goto out;
1342
1343 rv = cipher_init_final(c, session,
1344 cktest_aes_dec_only_ctr,
1345 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1346 &cktest_aes_ctr_mechanism,
1347 TEE_MODE_ENCRYPT,
1348 CKR_KEY_FUNCTION_NOT_PERMITTED);
1349 if (!ADBG_EXPECT_CK_OK(c, rv))
1350 goto out;
1351
1352out:
1353 rv = C_CloseSession(session);
1354 ADBG_EXPECT_CK_OK(c, rv);
1355
1356 rv = close_lib();
1357 ADBG_EXPECT_CK_OK(c, rv);
1358}
1359ADBG_CASE_DEFINE(pkcs11, 1006, xtest_pkcs11_test_1006,
1360 "PKCS11: Check ciphering with valid and invalid keys #2");
1361
1362static CK_RV open_cipher_session(ADBG_Case_t *c,
1363 CK_SLOT_ID slot, CK_SESSION_HANDLE_PTR session,
1364 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1365 CK_MECHANISM_PTR mechanism, uint32_t mode)
1366{
1367 CK_RV rv = CKR_GENERAL_ERROR;
1368 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1369 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1370
1371 switch (mode) {
1372 case TEE_MODE_ENCRYPT:
1373 case TEE_MODE_DECRYPT:
1374 break;
1375 default:
1376 ADBG_EXPECT_TRUE(c, false);
1377 return CKR_GENERAL_ERROR;
1378 }
1379
1380 rv = C_OpenSession(slot, session_flags, NULL, 0, session);
1381 if (rv == CKR_DEVICE_MEMORY)
1382 return rv;
1383 if (!ADBG_EXPECT_CK_OK(c, rv))
1384 return rv;
1385
1386 rv = C_CreateObject(*session, attr_key, attr_count, &object);
1387 if (rv == CKR_DEVICE_MEMORY)
1388 return rv;
1389 if (!ADBG_EXPECT_CK_OK(c, rv))
1390 return rv;
1391
1392 if (mode == TEE_MODE_ENCRYPT)
1393 rv = C_EncryptInit(*session, mechanism, object);
1394 if (mode == TEE_MODE_DECRYPT)
1395 rv = C_DecryptInit(*session, mechanism, object);
1396
1397 if (rv == CKR_DEVICE_MEMORY)
1398 return rv;
1399 if (!ADBG_EXPECT_CK_OK(c, rv))
1400 return CKR_GENERAL_ERROR;
1401
1402 return rv;
1403}
1404
1405static void xtest_pkcs11_test_1007(ADBG_Case_t *c)
1406{
1407 CK_RV rv = CKR_GENERAL_ERROR;
1408 CK_SLOT_ID slot = 0;
1409 CK_SESSION_HANDLE sessions[128];
1410 size_t n = 0;
1411
1412 for (n = 0; n < ARRAY_SIZE(sessions); n++)
1413 sessions[n] = CK_INVALID_HANDLE;
1414
1415 rv = init_lib_and_find_token_slot(&slot);
1416 if (!ADBG_EXPECT_CK_OK(c, rv))
1417 return;
1418
1419 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1420
1421 rv = open_cipher_session(c, slot, &sessions[n],
1422 cktest_allowed_valid[0].attr_key,
1423 cktest_allowed_valid[0].attr_count,
1424 cktest_allowed_valid[0].mechanism,
1425 TEE_MODE_ENCRYPT);
1426
1427 /* Failure due to memory allocation is not a error case */
1428 if (rv == CKR_DEVICE_MEMORY)
1429 break;
1430
1431 if (!ADBG_EXPECT_CK_OK(c, rv))
1432 goto out;
1433 }
1434
1435 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, >, 0))
1436 goto out;
1437
1438 Do_ADBG_Log(" created sessions count: %zu", n);
1439
1440 /* Closing session with out bound and invalid IDs (or negative ID) */
1441 rv = C_CloseSession(sessions[n - 1] + 1024);
1442 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1443 rv = C_CloseSession(CK_INVALID_HANDLE);
1444 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1445 rv = C_CloseSession(~0);
1446 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1447
1448 /* Closing each session: all related resources shall be free */
1449 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1450 if (sessions[n] == CK_INVALID_HANDLE)
1451 continue;
1452
1453 rv = C_CloseSession(sessions[n]);
1454 ADBG_EXPECT_CK_OK(c, rv);
1455 sessions[n] = CK_INVALID_HANDLE;
1456 }
1457
1458 /* Open and close another session */
1459 rv = open_cipher_session(c, slot, &sessions[0],
1460 cktest_allowed_valid[0].attr_key,
1461 cktest_allowed_valid[0].attr_count,
1462 cktest_allowed_valid[0].mechanism,
1463 TEE_MODE_ENCRYPT);
1464
1465 if (!ADBG_EXPECT_CK_OK(c, rv))
1466 goto out;
1467
1468 rv = C_CloseSession(sessions[0]);
1469 ADBG_EXPECT_CK_OK(c, rv);
1470 sessions[0] = CK_INVALID_HANDLE;
1471
1472out:
1473 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1474 if (sessions[n] == CK_INVALID_HANDLE)
1475 continue;
1476
1477 rv = C_CloseSession(sessions[n]);
1478 ADBG_EXPECT_CK_OK(c, rv);
1479 }
1480
1481 rv = close_lib();
1482 ADBG_EXPECT_CK_OK(c, rv);
1483}
1484ADBG_CASE_DEFINE(pkcs11, 1007, xtest_pkcs11_test_1007,
1485 "PKCS11: Check operations release at session closure");
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1486
1487#define CK_MAC_KEY_HMAC(_type, _key_array) \
1488 { \
1489 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, \
1490 sizeof(CK_BBOOL) }, \
1491 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, \
1492 sizeof(CK_BBOOL) }, \
1493 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1494 sizeof(CK_OBJECT_CLASS) }, \
1495 { CKA_KEY_TYPE, &(CK_KEY_TYPE){_type}, \
1496 sizeof(CK_KEY_TYPE) }, \
1497 { CKA_VALUE, (void *)(_key_array), \
1498 sizeof(_key_array) } \
1499 }
1500
1501static CK_ATTRIBUTE cktest_hmac_md5_key[] =
1502 CK_MAC_KEY_HMAC(CKK_MD5_HMAC, mac_data_md5_key1);
1503
1504static CK_ATTRIBUTE cktest_hmac_sha1_key[] =
1505 CK_MAC_KEY_HMAC(CKK_SHA_1_HMAC, mac_data_sha1_key1);
1506
1507static CK_ATTRIBUTE cktest_hmac_sha224_key[] =
1508 CK_MAC_KEY_HMAC(CKK_SHA224_HMAC, mac_data_sha224_key1);
1509
1510static CK_ATTRIBUTE cktest_hmac_sha256_key1[] =
1511 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key1);
1512
1513static CK_ATTRIBUTE cktest_hmac_sha256_key2[] =
1514 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key2);
1515
1516static CK_ATTRIBUTE cktest_hmac_sha384_key[] =
1517 CK_MAC_KEY_HMAC(CKK_SHA384_HMAC, mac_data_sha384_key1);
1518
1519static CK_ATTRIBUTE cktest_hmac_sha512_key[] =
1520 CK_MAC_KEY_HMAC(CKK_SHA512_HMAC, mac_data_sha512_key1);
1521
1522struct mac_test {
1523 CK_ATTRIBUTE_PTR attr_key;
1524 CK_ULONG attr_count;
1525 CK_MECHANISM_PTR mechanism;
1526 size_t in_incr;
1527 const uint8_t *in;
1528 size_t in_len;
1529 const uint8_t *out;
1530 size_t out_len;
1531 bool multiple_incr;
1532};
1533
1534#define CKTEST_MAC_TEST(key, mecha, input_incr, input, output, incr) { \
1535 .attr_key = key, \
1536 .attr_count = ARRAY_SIZE(key), \
1537 .mechanism = mecha, \
1538 .in_incr = input_incr, \
1539 .in = input, \
1540 .in_len = ARRAY_SIZE(input), \
1541 .out = output, \
1542 .out_len = ARRAY_SIZE(output), \
1543 .multiple_incr = incr \
1544 }
1545
1546static const struct mac_test cktest_mac_cases[] = {
1547 CKTEST_MAC_TEST(cktest_hmac_md5_key, &cktest_hmac_md5_mechanism,
1548 4, mac_data_md5_in1, mac_data_md5_out1, false),
1549 CKTEST_MAC_TEST(cktest_hmac_sha1_key, &cktest_hmac_sha1_mechanism,
1550 5, mac_data_sha1_in1, mac_data_sha1_out1, false),
1551 CKTEST_MAC_TEST(cktest_hmac_sha224_key, &cktest_hmac_sha224_mechanism,
1552 8, mac_data_sha224_in1, mac_data_sha224_out1, false),
1553 CKTEST_MAC_TEST(cktest_hmac_sha256_key1, &cktest_hmac_sha256_mechanism,
1554 1, mac_data_sha256_in1, mac_data_sha256_out1, false),
1555 CKTEST_MAC_TEST(cktest_hmac_sha256_key2, &cktest_hmac_sha256_mechanism,
1556 7, mac_data_sha256_in2, mac_data_sha256_out2, false),
1557 CKTEST_MAC_TEST(cktest_hmac_sha384_key, &cktest_hmac_sha384_mechanism,
1558 11, mac_data_sha384_in1, mac_data_sha384_out1, false),
1559 CKTEST_MAC_TEST(cktest_hmac_sha512_key, &cktest_hmac_sha512_mechanism,
1560 13, mac_data_sha512_in1, mac_data_sha512_out1, false),
1561};
1562
1563static void xtest_pkcs11_test_1008(ADBG_Case_t *c)
1564{
1565 CK_RV rv = CKR_GENERAL_ERROR;
1566 CK_SLOT_ID slot = 0;
1567 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1568 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1569 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1570 uint8_t out[512] = { 0 };
1571 CK_ULONG out_size = 0;
1572 struct mac_test const *test = NULL;
1573 size_t n = 0;
1574
1575 rv = init_lib_and_find_token_slot(&slot);
1576 if (!ADBG_EXPECT_CK_OK(c, rv))
1577 return;
1578
1579 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1580 if (!ADBG_EXPECT_CK_OK(c, rv))
1581 goto err_close_lib;
1582
1583 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1584
1585 test = &cktest_mac_cases[n];
1586 Do_ADBG_BeginSubCase(c, "Sign case %zu algo (%s)", n,
1587 ckm2str(test->mechanism->mechanism));
1588
1589 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1590 &key_handle);
1591 if (!ADBG_EXPECT_CK_OK(c, rv))
1592 goto err;
1593
1594 /* Test signature in 1 step */
1595 if (test->in != NULL) {
1596 rv = C_SignInit(session, test->mechanism, key_handle);
1597 if (!ADBG_EXPECT_CK_OK(c, rv))
1598 goto err_destr_obj;
1599
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame^]1600 /* Pass input buffer of size 0 */
1601 rv = C_SignUpdate(session,
1602 (void *)test->in, 0);
1603 if (!ADBG_EXPECT_CK_OK(c, rv))
1604 goto err_destr_obj;
1605
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1606 rv = C_SignUpdate(session,
1607 (void *)test->in, test->in_len);
1608 if (!ADBG_EXPECT_CK_OK(c, rv))
1609 goto err_destr_obj;
1610
1611 /* Test too short buffer case */
1612 out_size = 1;
1613 rv = C_SignFinal(session, out, &out_size);
1614 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1615 goto err_destr_obj;
1616
1617 /*
1618 * Test NULL buffer case with size as 0
1619 * to get the out_size
1620 */
1621 out_size = 0;
1622 rv = C_SignFinal(session, NULL, &out_size);
1623 if (!ADBG_EXPECT_CK_OK(c, rv))
1624 goto err_destr_obj;
1625
1626 /* Get to full output */
1627 memset(out, 0, out_size);
1628 rv = C_SignFinal(session, out, &out_size);
1629 if (!ADBG_EXPECT_CK_OK(c, rv))
1630 goto err_destr_obj;
1631
1632 (void)ADBG_EXPECT_BUFFER(c, test->out,
1633 test->out_len,
1634 out, out_size);
1635 }
1636
1637 /* Test 2 step update signature */
1638 rv = C_SignInit(session, test->mechanism, key_handle);
1639 if (!ADBG_EXPECT_CK_OK(c, rv))
1640 goto err_destr_obj;
1641
1642 if (test->in != NULL) {
1643 rv = C_SignUpdate(session,
1644 (void *)test->in, test->in_incr);
1645 if (!ADBG_EXPECT_CK_OK(c, rv))
1646 goto err_destr_obj;
1647
1648 rv = C_SignUpdate(session,
1649 (void *)(test->in + test->in_incr),
1650 test->in_len - test->in_incr);
1651 if (!ADBG_EXPECT_CK_OK(c, rv))
1652 goto err_destr_obj;
1653 }
1654
1655 out_size = sizeof(out);
1656 memset(out, 0, sizeof(out));
1657
1658 rv = C_SignFinal(session, out, &out_size);
1659 if (!ADBG_EXPECT_CK_OK(c, rv))
1660 goto err_destr_obj;
1661
1662 (void)ADBG_EXPECT_BUFFER(c, test->out,
1663 test->out_len, out, out_size);
1664
1665 /* Test 3 signature in one shot */
1666 if (test->in != NULL) {
1667 rv = C_SignInit(session, test->mechanism, key_handle);
1668 if (!ADBG_EXPECT_CK_OK(c, rv))
1669 goto err_destr_obj;
1670
1671 /* Test too short buffer case */
1672 out_size = 1;
1673 rv = C_Sign(session,(void *)test->in, test->in_len,
1674 out, &out_size);
1675 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1676 goto err_destr_obj;
1677
1678 /*
1679 * Test NULL buffer case with size as 0
1680 * to get the out_size
1681 */
1682 out_size = 0;
1683 rv = C_Sign(session, (void *)test->in, test->in_len,
1684 NULL, &out_size);
1685 if (!ADBG_EXPECT_CK_OK(c, rv))
1686 goto err_destr_obj;
1687
1688 /* Get to full output */
1689 memset(out, 0, out_size);
1690 rv = C_Sign(session,(void *)test->in, test->in_len,
1691 out, &out_size);
1692 if (!ADBG_EXPECT_CK_OK(c, rv))
1693 goto err_destr_obj;
1694
1695 (void)ADBG_EXPECT_BUFFER(c, test->out,
1696 test->out_len,
1697 out, out_size);
1698 }
1699
1700 rv = C_DestroyObject(session, key_handle);
1701 if (!ADBG_EXPECT_CK_OK(c, rv))
1702 goto err;
1703
1704 Do_ADBG_EndSubCase(c, NULL);
1705 }
1706 goto out;
1707
1708err_destr_obj:
1709 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1710err:
1711 Do_ADBG_EndSubCase(c, NULL);
1712out:
1713 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1714err_close_lib:
1715 ADBG_EXPECT_CK_OK(c, close_lib());
1716}
1717ADBG_CASE_DEFINE(pkcs11, 1008, xtest_pkcs11_test_1008,
1718 "PKCS11: Check Compliance of C_Sign - HMAC algorithms");
1719
1720static void xtest_pkcs11_test_1009(ADBG_Case_t *c)
1721{
1722 CK_RV rv = CKR_GENERAL_ERROR;
1723 CK_SLOT_ID slot = 0;
1724 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1725 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1726 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1727 struct mac_test const *test = NULL;
1728 size_t n = 0;
1729
1730 rv = init_lib_and_find_token_slot(&slot);
1731 if (!ADBG_EXPECT_CK_OK(c, rv))
1732 return;
1733
1734 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1735 if (!ADBG_EXPECT_CK_OK(c, rv))
1736 goto err_close_lib;
1737
1738 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1739
1740 test = &cktest_mac_cases[n];
1741 Do_ADBG_BeginSubCase(c, "Verify case %zu algo (%s)", n,
1742 ckm2str(test->mechanism->mechanism));
1743
1744 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1745 &key_handle);
1746 if (!ADBG_EXPECT_CK_OK(c, rv))
1747 goto err;
1748
1749 /* Test Verification in 1 step */
1750 if (test->in != NULL) {
1751 rv = C_VerifyInit(session, test->mechanism, key_handle);
1752 if (!ADBG_EXPECT_CK_OK(c, rv))
1753 goto err_destr_obj;
1754
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame^]1755 /* Pass input buffer with size 0 - No affect */
1756 rv = C_VerifyUpdate(session, (void *)test->in, 0);
1757 if (!ADBG_EXPECT_CK_OK(c, rv))
1758 goto err_destr_obj;
1759
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1760 rv = C_VerifyUpdate(session, (void *)test->in,
1761 test->in_len);
1762 if (!ADBG_EXPECT_CK_OK(c, rv))
1763 goto err_destr_obj;
1764
1765 rv = C_VerifyFinal(session,
1766 (void *)test->out, test->out_len);
1767 if (!ADBG_EXPECT_CK_OK(c, rv))
1768 goto err_destr_obj;
1769
1770 }
1771
1772 /* Test 2 step update verification*/
1773 rv = C_VerifyInit(session, test->mechanism, key_handle);
1774 if (!ADBG_EXPECT_CK_OK(c, rv))
1775 goto err_destr_obj;
1776
1777 if (test->in != NULL) {
1778 rv = C_VerifyUpdate(session,
1779 (void *)test->in, test->in_incr);
1780 if (!ADBG_EXPECT_CK_OK(c, rv))
1781 goto err_destr_obj;
1782
1783 rv = C_VerifyUpdate(session,
1784 (void *)(test->in + test->in_incr),
1785 test->in_len - test->in_incr);
1786 if (!ADBG_EXPECT_CK_OK(c, rv))
1787 goto err_destr_obj;
1788 }
1789
1790 rv = C_VerifyFinal(session, (void *)test->out, test->out_len);
1791 if (!ADBG_EXPECT_CK_OK(c, rv))
1792 goto err_destr_obj;
1793
1794 /* Error as Operation has already completed */
1795 rv = C_Verify(session,
1796 (void *)test->in, test->in_len,
1797 (void *)test->out, test->out_len);
1798 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED,
1799 rv))
1800 goto err_destr_obj;
1801
1802 /* Test 3 verification in one shot */
1803 if (test->in != NULL) {
1804 rv = C_VerifyInit(session, test->mechanism, key_handle);
1805 if (!ADBG_EXPECT_CK_OK(c, rv))
1806 goto err_destr_obj;
1807
1808 rv = C_Verify(session,
1809 (void *)test->in, test->in_len,
1810 (void *)test->out, test->out_len);
1811 if (!ADBG_EXPECT_CK_OK(c, rv))
1812 goto err_destr_obj;
1813
1814 /* Try calling Verify again */
1815 rv = C_Verify(session,
1816 (void *)test->in, test->in_len,
1817 (void *)test->out, test->out_len);
1818 if (!ADBG_EXPECT_CK_RESULT(c,
1819 CKR_OPERATION_NOT_INITIALIZED,
1820 rv))
1821 goto err_destr_obj;
1822 }
1823
1824 /*
1825 * Test 4 verification
1826 * Error - Signature Length Range with C_VerifyFinal
1827 */
1828 if (test->in != NULL) {
1829 rv = C_VerifyInit(session, test->mechanism, key_handle);
1830 if (!ADBG_EXPECT_CK_OK(c, rv))
1831 goto err_destr_obj;
1832
1833 rv = C_VerifyUpdate(session, (void *)test->in,
1834 test->in_len);
1835 if (!ADBG_EXPECT_CK_OK(c, rv))
1836 goto err_destr_obj;
1837
1838 rv = C_VerifyFinal(session, (void *)test->out, 3);
1839 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1840 rv))
1841 goto err_destr_obj;
1842 }
1843
1844 /*
1845 * Test 5 verification
1846 * Error - Signature Length Range with C_Verify
1847 */
1848 if (test->in != NULL) {
1849 rv = C_VerifyInit(session, test->mechanism, key_handle);
1850 if (!ADBG_EXPECT_CK_OK(c, rv))
1851 goto err_destr_obj;
1852
1853 rv = C_Verify(session,
1854 (void *)test->in, test->in_len,
1855 (void *)test->out, 0);
1856 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1857 rv))
1858 goto err_destr_obj;
1859 }
1860
1861 /* Test 6 verification - Invalid Operation sequence */
1862 if (test->in != NULL) {
1863 rv = C_VerifyInit(session, test->mechanism, key_handle);
1864 if (!ADBG_EXPECT_CK_OK(c, rv))
1865 goto err_destr_obj;
1866
1867 rv = C_Verify(session,
1868 (void *)test->in, test->in_len,
1869 (void *)test->out, test->out_len);
1870 if (!ADBG_EXPECT_CK_OK(c, rv))
1871 goto err_destr_obj;
1872
1873 /* Init session has already terminated with C_Verify */
1874 rv = C_VerifyUpdate(session, (void *)test->in,
1875 test->in_len);
1876 if (!ADBG_EXPECT_CK_RESULT(c,
1877 CKR_OPERATION_NOT_INITIALIZED,
1878 rv))
1879 goto err_destr_obj;
1880 }
1881
1882 rv = C_DestroyObject(session, key_handle);
1883 if (!ADBG_EXPECT_CK_OK(c, rv))
1884 goto err;
1885
1886 Do_ADBG_EndSubCase(c, NULL);
1887 }
1888 goto out;
1889
1890err_destr_obj:
1891 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1892err:
1893 Do_ADBG_EndSubCase(c, NULL);
1894out:
1895 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1896err_close_lib:
1897 ADBG_EXPECT_CK_OK(c, close_lib());
1898}
1899ADBG_CASE_DEFINE(pkcs11, 1009, xtest_pkcs11_test_1009,
1900 "PKCS11: Check Compliance of C_Verify - HMAC Algorithms");