TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / bbe786213c7c82b443986d5ec441b2866230cbbc / . / host / xtest / pkcs11_1000.c
blob: 6366e9b3d2d2ad841ce2b527164283f67ae7e3ea [file] [log] [blame]
Etienne Carriere9b7b70d2020-05-16 10:27:23 +0200[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]2/*
3 * Copyright (c) 2018, Linaro Limited
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]4 */
5
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]6#include <ck_debug.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]7#include <inttypes.h>
Vesa Jääskeläinenc95ee1e2021-03-06 12:20:12 +0200[diff] [blame]8#ifdef OPENSSL_FOUND
9#include <openssl/evp.h>
10#endif
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]11#include <pkcs11.h>
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]12#include <stdio.h>
13#include <stdlib.h>
14#include <string.h>
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]15#include <util.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]16
17#include "xtest_test.h"
18#include "xtest_helpers.h"
19
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]20#include <regression_4000_data.h>
21
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]22/*
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]23 * Some PKCS#11 object resources used in the tests
24 */
25static const CK_BYTE cktest_aes128_key[16];
26
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]27static const CK_BYTE cktest_aes128_iv[16];
28
29static const CK_AES_CTR_PARAMS cktest_aes_ctr_params = {
30 .ulCounterBits = 1,
31};
32
33static CK_MECHANISM cktest_aes_ecb_mechanism = {
34 CKM_AES_ECB,
35 NULL, 0,
36};
37static CK_MECHANISM cktest_aes_cbc_mechanism = {
38 CKM_AES_CBC,
39 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
40};
41static CK_MECHANISM cktest_aes_ctr_mechanism = {
42 CKM_AES_CTR,
43 (CK_BYTE_PTR)&cktest_aes_ctr_params, sizeof(cktest_aes_ctr_params),
44};
45static CK_MECHANISM cktest_aes_cts_mechanism = {
46 CKM_AES_CTS,
47 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
48};
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]49static CK_MECHANISM cktest_hmac_md5_mechanism = {
50 CKM_MD5_HMAC, NULL, 0,
51};
52static CK_MECHANISM cktest_hmac_sha1_mechanism = {
53 CKM_SHA_1_HMAC, NULL, 0,
54};
55static CK_MECHANISM cktest_hmac_sha224_mechanism = {
56 CKM_SHA224_HMAC, NULL, 0,
57};
58static CK_MECHANISM cktest_hmac_sha256_mechanism = {
59 CKM_SHA256_HMAC, NULL, 0,
60};
61static CK_MECHANISM cktest_hmac_sha384_mechanism = {
62 CKM_SHA384_HMAC, NULL, 0,
63};
64static CK_MECHANISM cktest_hmac_sha512_mechanism = {
65 CKM_SHA512_HMAC, NULL, 0,
66};
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]67static CK_MECHANISM cktest_gensecret_keygen_mechanism = {
68 CKM_GENERIC_SECRET_KEY_GEN, NULL, 0,
69};
70static CK_MECHANISM cktest_aes_keygen_mechanism = {
71 CKM_AES_KEY_GEN, NULL, 0,
72};
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]73
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]74/*
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]75 * Util to find a slot on which to open a session
76 */
77static CK_RV close_lib(void)
78{
79 return C_Finalize(0);
80}
81
82static CK_RV init_lib_and_find_token_slot(CK_SLOT_ID *slot)
83{
84 CK_RV rv = CKR_GENERAL_ERROR;
85 CK_SLOT_ID_PTR slots = NULL;
86 CK_ULONG count = 0;
87
88 rv = C_Initialize(0);
89 if (rv)
90 return rv;
91
92 rv = C_GetSlotList(CK_TRUE, NULL, &count);
93 if (rv != CKR_OK)
94 goto bail;
95
96 if (count < 1) {
97 rv = CKR_GENERAL_ERROR;
98 goto bail;
99 }
100
101 slots = malloc(count * sizeof(CK_SLOT_ID));
102 if (!slots) {
103 rv = CKR_HOST_MEMORY;
104 goto bail;
105 }
106
107 rv = C_GetSlotList(CK_TRUE, slots, &count);
108 if (rv)
109 goto bail;
110
111 /* Use the last slot */
112 *slot = slots[count - 1];
113
114bail:
115 free(slots);
116 if (rv)
117 close_lib();
118
119 return rv;
120}
121
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]122static void xtest_pkcs11_test_1000(ADBG_Case_t *c)
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]123{
124 CK_RV rv;
125
126 rv = C_Initialize(NULL);
127 if (!ADBG_EXPECT_CK_OK(c, rv))
128 return;
129
130 rv = C_Finalize(NULL);
131 if (!ADBG_EXPECT_CK_OK(c, rv))
132 return;
133
134 rv = C_Initialize(NULL);
135 if (!ADBG_EXPECT_CK_OK(c, rv))
136 return;
137
138 rv = C_Initialize(NULL);
139 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_ALREADY_INITIALIZED, rv);
140
141 rv = C_Finalize(NULL);
142 ADBG_EXPECT_CK_OK(c, rv);
Etienne Carriere21f4e3c2020-02-05 15:40:24 +0100[diff] [blame]143
144 rv = C_Finalize(NULL);
145 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_NOT_INITIALIZED, rv);
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]146}
147
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]148ADBG_CASE_DEFINE(pkcs11, 1000, xtest_pkcs11_test_1000,
149 "Initialize and close Cryptoki library");
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]150
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]151static void xtest_pkcs11_test_1001(ADBG_Case_t *c)
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]152{
153 CK_RV rv = CKR_GENERAL_ERROR;
154 CK_SLOT_ID_PTR slot_ids = NULL;
155 CK_ULONG slot_count = 0;
156 CK_ULONG present_slot_count = 0;
157 CK_INFO lib_info = { };
158 CK_SLOT_INFO slot_info = { };
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]159 CK_TOKEN_INFO token_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]160 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
161 size_t i = 0;
162 CK_SLOT_ID max_slot_id = 0;
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]163 CK_MECHANISM_TYPE_PTR mecha_types = NULL;
164 CK_ULONG mecha_count = 0;
165 CK_MECHANISM_INFO mecha_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]166
167 rv = C_Initialize(NULL);
168 if (!ADBG_EXPECT_CK_OK(c, rv))
169 return;
170
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]171 Do_ADBG_BeginSubCase(c, "Test C_GetFunctionList()");
172
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]173 rv = C_GetFunctionList(&ckfunc_list);
174 if (!ADBG_EXPECT_CK_OK(c, rv))
175 goto out;
176
177 if (!ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetInfo) ||
178 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotList) ||
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]179 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotInfo) ||
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]180 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetTokenInfo) ||
181 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismList) ||
182 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismInfo))
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]183 goto out;
184
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]185 Do_ADBG_EndSubCase(c, "Test C_GetFunctionList()");
186 Do_ADBG_BeginSubCase(c, "Test C_GetInfo()");
187
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]188 rv = C_GetInfo(&lib_info);
189 if (!ADBG_EXPECT_CK_OK(c, rv))
190 goto out;
191
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]192 Do_ADBG_EndSubCase(c, "Test C_GetInfo()");
193 Do_ADBG_BeginSubCase(c, "Test C_GetSlotList()");
194
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]195 rv = C_GetSlotList(0, NULL, &slot_count);
196 if (!ADBG_EXPECT_CK_OK(c, rv))
197 goto out;
198
199 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, !=, 0))
200 goto out;
201
Etienne Carrierede746332020-03-04 19:43:53 +0100[diff] [blame]202 if (slot_count > 1) {
203 /* Ensure case non-NULL-buffer and zero-count is tested */
204 CK_SLOT_ID id = 0;
205
206 slot_count = 0;
207 rv = C_GetSlotList(0, &id, &slot_count);
208 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
209 goto out;
210 }
211
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]212 rv = C_GetSlotList(1, NULL, &present_slot_count);
213 if (!ADBG_EXPECT_CK_OK(c, rv))
214 goto out;
215
216 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, ==,
217 present_slot_count))
218 goto out;
219
220 slot_ids = calloc(slot_count, sizeof(CK_SLOT_ID));
221 if (!ADBG_EXPECT_NOT_NULL(c, slot_ids))
222 goto out;
223
224 slot_count--;
225 rv = C_GetSlotList(1, slot_ids, &slot_count);
226 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
227 goto out;
228
229 rv = C_GetSlotList(1, slot_ids, &slot_count);
230 if (!ADBG_EXPECT_CK_OK(c, rv))
231 goto out;
232
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]233 Do_ADBG_EndSubCase(c, "Test C_GetSlotList()");
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]234 Do_ADBG_BeginSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]235
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]236 for (i = 0; i < slot_count; i++) {
237 CK_SLOT_ID slot = slot_ids[i];
238
239 rv = C_GetSlotInfo(slot, &slot_info);
240 if (!ADBG_EXPECT_CK_OK(c, rv))
241 goto out;
242
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]243 rv = C_GetTokenInfo(slot, &token_info);
244 if (!ADBG_EXPECT_CK_OK(c, rv))
245 goto out;
246
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]247 if (max_slot_id < slot)
248 max_slot_id = slot;
249 }
250
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]251 Do_ADBG_EndSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]252 Do_ADBG_BeginSubCase(c, "Test C_GetMechanism{List|Info}()");
253
254 for (i = 0; i < slot_count; i++) {
255 CK_SLOT_ID slot = slot_ids[i];
256 size_t j = 0;
257
258 mecha_count = 0;
259 rv = C_GetMechanismList(slot, NULL, &mecha_count);
260 if (!ADBG_EXPECT_CK_OK(c, rv))
261 goto out;
262
263 if (mecha_count == 0)
264 continue;
265
266 free(mecha_types);
267 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
268 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
269 goto out;
270
271 /* Test specific case: valid buffer reference with 0 count */
272 mecha_count = 0;
273 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
274 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
275 goto out;
276
277 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
278 if (!ADBG_EXPECT_CK_OK(c, rv))
279 goto out;
280
281 for (j = 0; j < mecha_count; j++) {
282 rv = C_GetMechanismInfo(slot, mecha_types[j],
283 &mecha_info);
284 if (!ADBG_EXPECT_CK_OK(c, rv))
285 goto out;
286 }
287 }
288
289 Do_ADBG_EndSubCase(c, "Test C_GetMechanism{List|Info}()");
Vesa Jääskeläinen60298cc2021-01-19 09:06:00 +0200[diff] [blame]290 Do_ADBG_BeginSubCase(c, "Test C_GetMechanismList() with larger result buffer");
291
292 for (i = 0; i < slot_count; i++) {
293 CK_SLOT_ID slot = slot_ids[i];
294 CK_ULONG real_mecha_count = 0;
295 CK_ULONG alloc_mecha_count = 0;
296 uint8_t *data_ptr = NULL;
297 size_t j = 0;
298
299 rv = C_GetMechanismList(slot, NULL, &real_mecha_count);
300 if (!ADBG_EXPECT_CK_OK(c, rv))
301 goto out;
302
303 if (real_mecha_count == 0)
304 continue;
305
306 /* Allocate more memory for mechanisms than required */
307 alloc_mecha_count = real_mecha_count + 16;
308 mecha_count = alloc_mecha_count;
309
310 free(mecha_types);
311 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
312 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
313 goto out;
314 memset(mecha_types, 0xCC,
315 alloc_mecha_count * sizeof(*mecha_types));
316
317 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
318 if (!ADBG_EXPECT_CK_OK(c, rv))
319 goto out;
320
321 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, mecha_count, ==,
322 real_mecha_count))
323 goto out;
324
325 data_ptr = (uint8_t *)mecha_types;
326 for (j = real_mecha_count * sizeof(*mecha_types);
327 j < alloc_mecha_count * sizeof(*mecha_types); j++)
328 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, data_ptr[j], ==,
329 0xCC))
330 break;
331 }
332
333 Do_ADBG_EndSubCase(c, "Test C_GetMechanismList() with larger result buffer");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]334 Do_ADBG_BeginSubCase(c, "Test C_Get*Info() with invalid reference");
335
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]336 rv = C_GetSlotInfo(max_slot_id + 1, &slot_info);
337 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
338 goto out;
339
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]340 rv = C_GetTokenInfo(max_slot_id + 1, &token_info);
341 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
342 goto out;
343
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]344 mecha_count = 1;
345 if (!mecha_types)
346 mecha_types = malloc(sizeof(*mecha_types));
347 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
348 goto out;
349
350 rv = C_GetMechanismList(max_slot_id + 1, mecha_types, &mecha_count);
351 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
352 goto out;
353
354 rv = C_GetMechanismInfo(max_slot_id + 1, CKM_AES_KEY_GEN, &mecha_info);
355 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
356 goto out;
357
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]358 rv = C_GetSlotInfo(ULONG_MAX, &slot_info);
359 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
360 goto out;
361
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]362 rv = C_GetTokenInfo(ULONG_MAX, &token_info);
363 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
364 goto out;
365
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]366 mecha_count = 1;
367 rv = C_GetMechanismList(ULONG_MAX, mecha_types, &mecha_count);
368 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
369 goto out;
370
371 rv = C_GetMechanismInfo(ULONG_MAX, CKM_AES_KEY_GEN, &mecha_info);
372 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
373 goto out;
374
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]375out:
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]376 Do_ADBG_EndSubCase(c, NULL);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]377 free(slot_ids);
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]378 free(mecha_types);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]379
380 rv = C_Finalize(NULL);
381 ADBG_EXPECT_CK_OK(c, rv);
382}
383
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]384ADBG_CASE_DEFINE(pkcs11, 1001, xtest_pkcs11_test_1001,
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]385 "PKCS11: List PKCS#11 slots and get information from");
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]386
387static void xtest_pkcs11_test_1002(ADBG_Case_t *c)
388{
389 CK_RV rv = CKR_GENERAL_ERROR;
390 CK_SLOT_ID slot = 0;
391 CK_SESSION_HANDLE session[3] = { 0 };
392 CK_FLAGS session_flags = 0;
393 CK_SESSION_INFO session_info = { };
394 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
395
396 rv = init_lib_and_find_token_slot(&slot);
397 if (!ADBG_EXPECT_CK_OK(c, rv))
398 return;
399
400 rv = C_GetFunctionList(&ckfunc_list);
401 if (!ADBG_EXPECT_CK_OK(c, rv) ||
402 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_OpenSession) ||
403 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseSession) ||
404 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseAllSessions) ||
405 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSessionInfo))
406 goto bail;
407
408 Do_ADBG_BeginSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
409
410 session_flags = CKF_RW_SESSION;
411
412 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
Vesa Jääskeläinenc1378d92020-12-31 12:53:10 +0200[diff] [blame]413 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_PARALLEL_NOT_SUPPORTED, rv))
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]414 goto bail;
415
416 session_flags = CKF_SERIAL_SESSION;
417
418 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
419 if (!ADBG_EXPECT_CK_OK(c, rv))
420 goto bail;
421
422 rv = C_GetSessionInfo(session[0], &session_info);
423 if (!ADBG_EXPECT_CK_OK(c, rv) ||
424 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
425 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
426 session_flags) ||
427 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
428 CKS_RO_PUBLIC_SESSION) ||
429 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
430 goto bail;
431
432 session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
433
434 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[1]);
435 if (!ADBG_EXPECT_CK_OK(c, rv))
436 goto bail;
437
438 rv = C_GetSessionInfo(session[1], &session_info);
439 if (!ADBG_EXPECT_CK_OK(c, rv) ||
440 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
441 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
442 session_flags) ||
443 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
444 CKS_RW_PUBLIC_SESSION) ||
445 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
446 goto bail;
447
448 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[2]);
449 if (!ADBG_EXPECT_CK_OK(c, rv))
450 goto bail;
451
452 rv = C_GetSessionInfo(session[2], &session_info);
453 if (!ADBG_EXPECT_CK_OK(c, rv) ||
454 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
455 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
456 session_flags) ||
457 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
458 CKS_RW_PUBLIC_SESSION) ||
459 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
460 goto bail;
461
462 Do_ADBG_EndSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
463 Do_ADBG_BeginSubCase(c, "Test C_CloseSession()");
464
465 /* Close 2 of them */
466 rv = C_CloseSession(session[0]);
467 if (!ADBG_EXPECT_CK_OK(c, rv))
468 goto bail;
469
470 rv = C_GetSessionInfo(session[0], &session_info);
471 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
472 goto bail;
473
474 rv = C_GetSessionInfo(session[1], &session_info);
475 if (!ADBG_EXPECT_CK_OK(c, rv))
476 goto bail;
477
478 rv = C_GetSessionInfo(session[2], &session_info);
479 if (!ADBG_EXPECT_CK_OK(c, rv))
480 goto bail;
481
482 /* Close all remaining sessions, later calls should failed on session */
483 rv = C_CloseAllSessions(slot);
484 if (!ADBG_EXPECT_CK_OK(c, rv))
485 goto bail;
486
487 rv = C_CloseSession(session[1]);
488 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
489 goto bail;
490
491 rv = C_CloseSession(session[2]);
492 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
493 goto bail;
494
495 rv = C_GetSessionInfo(session[1], &session_info);
496 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
497 goto bail;
498
499 rv = C_GetSessionInfo(session[2], &session_info);
500 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
501 goto bail;
502
503 /* Open a session, should be closed from library closure */
504 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
505 if (!ADBG_EXPECT_CK_OK(c, rv))
506 goto bail;
507
508bail:
509 Do_ADBG_EndSubCase(c, NULL);
510 rv = close_lib();
511 ADBG_EXPECT_CK_OK(c, rv);
512}
513
514ADBG_CASE_DEFINE(pkcs11, 1002, xtest_pkcs11_test_1002,
515 "PKCS11: Open and close PKCS#11 sessions");
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]516
517/*
518 * Helpers for tests where we must log into the token.
519 * These define the genuine PINs and label to be used with the test token.
520 */
521static CK_UTF8CHAR test_token_so_pin[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 , 9, 10, };
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]522static CK_UTF8CHAR test_token_user_pin[] = {
523 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
524};
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]525static CK_UTF8CHAR test_token_label[] = "PKCS11 TA test token";
526
527static CK_RV init_test_token(CK_SLOT_ID slot)
528{
529 return C_InitToken(slot, test_token_so_pin, sizeof(test_token_so_pin),
530 test_token_label);
531}
532
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]533/* Login as user, eventually reset user PIN if needed */
534static CK_RV init_user_test_token(CK_SLOT_ID slot)
535{
536 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
537 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
538 CK_RV rv = CKR_GENERAL_ERROR;
539
540 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
541 if (rv)
542 return rv;
543
544 rv = C_Login(session, CKU_USER, test_token_user_pin,
545 sizeof(test_token_user_pin));
546 if (rv == CKR_OK) {
547 C_Logout(session);
548 C_CloseSession(session);
549 return rv;
550 }
551
552 rv = C_Login(session, CKU_SO, test_token_so_pin,
553 sizeof(test_token_so_pin));
554 if (rv) {
555 C_CloseSession(session);
556
557 rv = init_test_token(slot);
558 if (rv)
559 return rv;
560
561 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
562 if (rv)
563 return rv;
564
565 rv = C_Login(session, CKU_SO, test_token_so_pin,
566 sizeof(test_token_so_pin));
567 if (rv) {
568 C_CloseSession(session);
569 return rv;
570 }
571 }
572
573 rv = C_InitPIN(session, test_token_user_pin,
574 sizeof(test_token_user_pin));
575
576 C_Logout(session);
577 C_CloseSession(session);
578
579 return rv;
580}
581
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]582static CK_RV test_already_initialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
583{
584 CK_RV rv = CKR_GENERAL_ERROR;
585 CK_TOKEN_INFO token_info = { };
586 /* Same content as test_token_so_pin[] but 1 more byte */
587 CK_UTF8CHAR pin1[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, };
588 /* Same content as test_token_so_pin[] but 1 different byte */
589 CK_UTF8CHAR pin2[] = { 0, 1, 2, 3, 4, 5, 6, 6, 8, 9, 10, };
590 CK_FLAGS flags = 0;
591
592 Do_ADBG_BeginSubCase(c, "C_InitToken() on initialized token");
593
594 rv = C_GetTokenInfo(slot, &token_info);
595 if (!ADBG_EXPECT_CK_OK(c, rv))
596 goto out;
597
598 rv = C_InitToken(slot, test_token_so_pin,
599 sizeof(test_token_so_pin) - 1, test_token_label);
600 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
601 goto out;
602
603 rv = C_InitToken(slot, pin1, sizeof(pin1), test_token_label);
604 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
605 goto out;
606
607 rv = C_InitToken(slot, pin2, sizeof(pin2), test_token_label);
608 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
609 goto out;
610
611 rv = C_GetTokenInfo(slot, &token_info);
612 if (!ADBG_EXPECT_CK_OK(c, rv))
613 goto out;
614
615 flags = token_info.flags;
616
617 /* Token should have set CKF_SO_PIN_COUNT_LOW to 1 */
618 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_SO_PIN_COUNT_LOW))) {
619 rv = CKR_GENERAL_ERROR;
620 goto out;
621 }
622
623 rv = init_test_token(slot);
624 if (!ADBG_EXPECT_CK_OK(c, rv))
625 goto out;
626
627 rv = C_GetTokenInfo(slot, &token_info);
628 if (!ADBG_EXPECT_CK_OK(c, rv))
629 goto out;
630
631 flags = token_info.flags;
632
633 /*
634 * Token should have reset CKF_SO_PIN_COUNT_LOW to 0.
635 * Other flags should show a sane initialized state.
636 */
637 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_SO_PIN_COUNT_LOW)) ||
638 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
639 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
640 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
641 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]642 goto out;
643 }
644
645 rv = init_user_test_token(slot);
646 if (!ADBG_EXPECT_CK_OK(c, rv))
647 goto out;
648
649 rv = C_GetTokenInfo(slot, &token_info);
650 if (!ADBG_EXPECT_CK_OK(c, rv))
651 goto out;
652
653 flags = token_info.flags;
654
655 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
656 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
657 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
658 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
659 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
660 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE))) {
661 rv = CKR_GENERAL_ERROR;
662 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]663 }
664
665out:
666 Do_ADBG_EndSubCase(c, "C_InitToken() on initialized token");
667
668 return rv;
669}
670
671static CK_RV test_uninitialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
672{
673 CK_RV rv = CKR_GENERAL_ERROR;
674 CK_TOKEN_INFO token_info = { };
675 CK_FLAGS flags = 0;
676
677 Do_ADBG_BeginSubCase(c, "C_InitToken() on uninitialized token");
678
679 rv = init_test_token(slot);
680 if (!ADBG_EXPECT_CK_OK(c, rv))
681 goto out;
682
683 rv = C_GetTokenInfo(slot, &token_info);
684 if (!ADBG_EXPECT_CK_OK(c, rv))
685 goto out;
686
687 flags = token_info.flags;
688
689 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
690 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
691 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
692 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]693 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]694 }
695
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]696 rv = init_user_test_token(slot);
697 if (!ADBG_EXPECT_CK_OK(c, rv))
698 goto out;
699
700 rv = C_GetTokenInfo(slot, &token_info);
701 if (!ADBG_EXPECT_CK_OK(c, rv))
702 goto out;
703
704 flags = token_info.flags;
705
706 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
707 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
708 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
709 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
710 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
711 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
712 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)))
713 rv = CKR_GENERAL_ERROR;
714
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]715out:
716 Do_ADBG_EndSubCase(c, "C_InitToken() on uninitialized token");
717
718 return rv;
719}
720
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]721static CK_RV test_login_logout(ADBG_Case_t *c, CK_SLOT_ID slot)
722{
723 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
724 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
725 CK_RV rv = CKR_GENERAL_ERROR;
726
727 Do_ADBG_BeginSubCase(c, "Test C_Login()/C_Logout()");
728
729 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
730 if (!ADBG_EXPECT_CK_OK(c, rv))
731 goto out;
732
733 /* Logout: should fail as we did not log in yet */
734 rv = C_Logout(session);
735 ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv);
736
737 /* Login/re-log/logout user */
738 rv = C_Login(session, CKU_USER, test_token_user_pin,
739 sizeof(test_token_user_pin));
740 if (!ADBG_EXPECT_CK_OK(c, rv))
741 goto out;
742
743 rv = C_Login(session, CKU_USER, test_token_user_pin,
744 sizeof(test_token_user_pin));
745 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
746
747 rv = C_Logout(session);
748 if (!ADBG_EXPECT_CK_OK(c, rv))
749 goto out;
750
751 /* Login/re-log/logout security officer */
752 rv = C_Login(session, CKU_SO, test_token_so_pin,
753 sizeof(test_token_so_pin));
754 if (!ADBG_EXPECT_CK_OK(c, rv))
755 goto out;
756
757 rv = C_Login(session, CKU_SO, test_token_so_pin,
758 sizeof(test_token_so_pin));
759 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
760
761 rv = C_Logout(session);
762 if (!ADBG_EXPECT_CK_OK(c, rv))
763 goto out;
764
765 /* Login user then SO and reverse */
766 rv = C_Login(session, CKU_SO, test_token_so_pin,
767 sizeof(test_token_so_pin));
768 ADBG_EXPECT_CK_OK(c, rv);
769
770 rv = C_Login(session, CKU_USER, test_token_user_pin,
771 sizeof(test_token_user_pin));
772 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
773
774 rv = C_Logout(session);
775 if (!ADBG_EXPECT_CK_OK(c, rv))
776 goto out;
777
778 rv = C_Login(session, CKU_USER, test_token_user_pin,
779 sizeof(test_token_user_pin));
780 ADBG_EXPECT_CK_OK(c, rv);
781
782 rv = C_Login(session, CKU_SO, test_token_so_pin,
783 sizeof(test_token_so_pin));
784 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
785
786 rv = C_Logout(session);
787 ADBG_EXPECT_CK_OK(c, rv);
788
789 /* Login context specifc, in an invalid case (need an operation) */
790 rv = C_Login(session, CKU_CONTEXT_SPECIFIC, test_token_user_pin,
791 sizeof(test_token_user_pin));
792 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
793
794 rv = C_CloseSession(session);
795 ADBG_EXPECT_CK_OK(c, rv);
796
797out:
798 Do_ADBG_EndSubCase(c, "Test C_Login()/C_Logout()");
799 return rv;
800}
801
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]802static CK_RV test_set_pin(ADBG_Case_t *c, CK_SLOT_ID slot,
803 CK_USER_TYPE user_type)
804{
805 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
806 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
807 CK_UTF8CHAR some_pin[] = { 7, 6, 5, 4, 3, 2, 1, 2, 3, 4, 5, 6, 7 };
808 CK_UTF8CHAR_PTR old_pin = NULL;
809 CK_USER_TYPE ut = user_type;
810 size_t old_pin_sz = 0;
811 CK_RV rv2 = CKR_OK;
812 CK_RV rv = CKR_OK;
813
814 Do_ADBG_BeginSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
815
816 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
817 if (!ADBG_EXPECT_CK_OK(c, rv))
818 goto out;
819
820 if (user_type == CKU_SO) {
821 old_pin = (CK_UTF8CHAR_PTR)test_token_so_pin;
822 old_pin_sz = sizeof(test_token_so_pin);
823 } else {
824 old_pin = (CK_UTF8CHAR_PTR)test_token_user_pin;
825 old_pin_sz = sizeof(test_token_user_pin);
826 ut = CKU_USER;
827 }
828
829 if (ut == user_type) {
830 rv = C_Login(session, ut, old_pin, old_pin_sz);
831 if (!ADBG_EXPECT_CK_OK(c, rv))
832 goto out_session;
833 }
834
835 rv = C_SetPIN(session, old_pin, old_pin_sz, some_pin, sizeof(some_pin));
836 if (!ADBG_EXPECT_CK_OK(c, rv)) {
837 if (ut == user_type)
838 goto out_logout;
839 else
840 goto out_session;
841 }
842
843 if (ut == user_type) {
844 rv = C_Logout(session);
845 if (!ADBG_EXPECT_CK_OK(c, rv))
846 goto out_session;
847 }
848
849 rv = C_Login(session, ut, some_pin, sizeof(some_pin));
850 if (!ADBG_EXPECT_CK_OK(c, rv))
851 goto out_session;
852
853 rv = C_SetPIN(session, some_pin, sizeof(some_pin), old_pin, old_pin_sz);
854 ADBG_EXPECT_CK_OK(c, rv);
855
856out_logout:
857 rv2 = C_Logout(session);
858 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
859 rv = rv2;
860out_session:
861 rv2 = C_CloseSession(session);
862 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
863 rv = rv2;
864out:
865 Do_ADBG_EndSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
866
867 return rv;
868}
869
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]870static void xtest_pkcs11_test_1003(ADBG_Case_t *c)
871{
872 CK_RV rv = CKR_GENERAL_ERROR;
873 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
874 CK_SLOT_ID slot = 0;
875 CK_TOKEN_INFO token_info = { };
876
877 rv = C_GetFunctionList(&ckfunc_list);
878 if (!ADBG_EXPECT_CK_OK(c, rv) ||
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]879 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitToken) ||
880 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitPIN) ||
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]881 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_SetPIN) ||
882 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Login) ||
883 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Logout))
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]884 goto out;
885
886 rv = init_lib_and_find_token_slot(&slot);
887 if (!ADBG_EXPECT_CK_OK(c, rv))
888 return;
889
890 rv = C_GetTokenInfo(slot, &token_info);
891 if (!ADBG_EXPECT_CK_OK(c, rv))
892 goto out;
893
894 /* Abort test if token is about to lock */
895 if (!ADBG_EXPECT_TRUE(c, !(token_info.flags & CKF_SO_PIN_FINAL_TRY)))
896 goto out;
897
898 if (!(token_info.flags & CKF_TOKEN_INITIALIZED)) {
899 rv = test_uninitialized_token(c, slot);
900 if (rv != CKR_OK)
901 goto out;
902 }
903
904 rv = test_already_initialized_token(c, slot);
905 if (rv != CKR_OK)
906 goto out;
907
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]908 rv = test_login_logout(c, slot);
909 if (rv != CKR_OK)
910 goto out;
911
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]912 rv = test_set_pin(c, slot, CKU_USER);
913 if (rv != CKR_OK)
914 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]915
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]916 rv = test_set_pin(c, slot, CKU_SO);
917 if (rv != CKR_OK)
918 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]919
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]920 /*
921 * CKU_CONTEXT_SPECIFIC is anything not CKU_USER or CKU_SO in order
922 * to skip the initial login.
923 */
924 test_set_pin(c, slot, CKU_CONTEXT_SPECIFIC);
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]925out:
926 rv = close_lib();
927 ADBG_EXPECT_CK_OK(c, rv);
928}
929
930ADBG_CASE_DEFINE(pkcs11, 1003, xtest_pkcs11_test_1003,
931 "PKCS11: Login to PKCS#11 token");
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]932
933static CK_ATTRIBUTE cktest_token_object[] = {
934 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
935 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
936 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
937 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
938 sizeof(CK_OBJECT_CLASS) },
939 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
940 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
941};
942
943static CK_ATTRIBUTE cktest_session_object[] = {
944 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
945 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
946 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
947 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
948 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
949 sizeof(CK_OBJECT_CLASS) },
950 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
951};
952
953/* Create session object and token object from a session */
954static void test_create_destroy_single_object(ADBG_Case_t *c, bool persistent)
955{
956 CK_RV rv = CKR_GENERAL_ERROR;
957 CK_SLOT_ID slot = 0;
958 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
959 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
960 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
961
962 rv = init_lib_and_find_token_slot(&slot);
963 if (!ADBG_EXPECT_CK_OK(c, rv))
964 return;
965
966 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
967 if (!ADBG_EXPECT_CK_OK(c, rv))
968 goto out;
969
970 if (persistent) {
971 rv = C_CreateObject(session, cktest_token_object,
972 ARRAY_SIZE(cktest_token_object),
973 &obj_hdl);
974 } else {
975 rv = C_CreateObject(session, cktest_session_object,
976 ARRAY_SIZE(cktest_session_object),
977 &obj_hdl);
978 }
979
980 if (!ADBG_EXPECT_CK_OK(c, rv))
981 goto out;
982
983 rv = C_DestroyObject(session, obj_hdl);
984 ADBG_EXPECT_CK_OK(c, rv);
985out:
986 rv = C_CloseSession(session);
987 ADBG_EXPECT_CK_OK(c, rv);
988
989 rv = close_lib();
990 ADBG_EXPECT_CK_OK(c, rv);
991}
992
993static void test_create_destroy_session_objects(ADBG_Case_t *c)
994{
995 CK_RV rv = CKR_GENERAL_ERROR;
996 CK_SLOT_ID slot = 0;
997 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
998 CK_OBJECT_HANDLE obj_hdl[512] = { 0 };
999 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
1000 size_t n = 0;
1001
1002 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
1003 obj_hdl[n] = CK_INVALID_HANDLE;
1004
1005 rv = init_lib_and_find_token_slot(&slot);
1006 if (!ADBG_EXPECT_CK_OK(c, rv))
1007 return;
1008
1009 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1010 if (!ADBG_EXPECT_CK_OK(c, rv))
1011 goto out;
1012
1013 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++) {
1014 rv = C_CreateObject(session, cktest_session_object,
1015 ARRAY_SIZE(cktest_session_object),
1016 obj_hdl + n);
1017
1018 if (rv == CKR_DEVICE_MEMORY || !ADBG_EXPECT_CK_OK(c, rv))
1019 break;
1020 }
1021
1022 Do_ADBG_Log(" created object count: %zu", n);
1023
1024 rv = C_CloseSession(session);
1025 ADBG_EXPECT_CK_OK(c, rv);
1026
1027 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1028 if (!ADBG_EXPECT_CK_OK(c, rv))
1029 goto out;
1030
1031 rv = C_CreateObject(session, cktest_session_object,
1032 ARRAY_SIZE(cktest_session_object),
1033 obj_hdl);
1034
1035 ADBG_EXPECT_CK_OK(c, rv);
1036
1037out:
1038 rv = C_CloseSession(session);
1039 ADBG_EXPECT_CK_OK(c, rv);
1040
1041 rv = close_lib();
1042 ADBG_EXPECT_CK_OK(c, rv);
1043}
1044
1045/* Create session object and token object from a session */
1046static void test_create_objects_in_session(ADBG_Case_t *c, bool readwrite)
1047{
1048 CK_RV rv = CKR_GENERAL_ERROR;
1049 CK_SLOT_ID slot = 0;
1050 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1051 CK_OBJECT_HANDLE token_obj_hld = CK_INVALID_HANDLE;
1052 CK_OBJECT_HANDLE session_obj_hld = CK_INVALID_HANDLE;
1053 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1054
1055 rv = init_lib_and_find_token_slot(&slot);
1056 if (!ADBG_EXPECT_CK_OK(c, rv))
1057 return;
1058
1059 if (readwrite)
1060 session_flags |= CKF_RW_SESSION;
1061
1062 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1063 if (!ADBG_EXPECT_CK_OK(c, rv))
1064 goto out;
1065
1066 rv = C_CreateObject(session, cktest_token_object,
1067 ARRAY_SIZE(cktest_token_object),
1068 &token_obj_hld);
1069
1070 if (readwrite) {
1071 if (!ADBG_EXPECT_CK_OK(c, rv))
1072 goto out;
1073 } else {
1074 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
1075 goto out;
1076 }
1077
1078 rv = C_CreateObject(session, cktest_session_object,
1079 ARRAY_SIZE(cktest_session_object),
1080 &session_obj_hld);
1081
1082 if (!ADBG_EXPECT_CK_OK(c, rv))
1083 goto out_tobj;
1084
1085 rv = C_DestroyObject(session, session_obj_hld);
1086 ADBG_EXPECT_CK_OK(c, rv);
1087
1088out_tobj:
1089 if (readwrite) {
1090 rv = C_DestroyObject(session, token_obj_hld);
1091 ADBG_EXPECT_CK_OK(c, rv);
1092 }
1093out:
1094 rv = C_CloseSession(session);
1095 ADBG_EXPECT_CK_OK(c, rv);
1096
1097 rv = close_lib();
1098 ADBG_EXPECT_CK_OK(c, rv);
1099}
1100
1101static void xtest_pkcs11_test_1004(ADBG_Case_t *c)
1102{
1103 Do_ADBG_BeginSubCase(c, "Create and destroy a volatile object");
1104 test_create_destroy_single_object(c, false /*!persistent*/);
1105 Do_ADBG_EndSubCase(c, "Create and destroy a volatile object");
1106
1107 Do_ADBG_BeginSubCase(c, "Create and destroy a persistent object");
1108 test_create_destroy_single_object(c, true /*persistent*/);
1109 Do_ADBG_EndSubCase(c, "Create and destroy a persistent object");
1110
1111 Do_ADBG_BeginSubCase(c, "Create and destroy many session objects");
1112 test_create_destroy_session_objects(c);
1113 Do_ADBG_EndSubCase(c, "Create and destroy many session objects");
1114
1115 Do_ADBG_BeginSubCase(c, "Create objects in a read-only session");
1116 test_create_objects_in_session(c, false /*!readwrite*/);
1117 Do_ADBG_EndSubCase(c, "Create objects in a read-only session");
1118
1119 Do_ADBG_BeginSubCase(c, "Create objects in a read/write session");
1120 test_create_objects_in_session(c, true /*readwrite*/);
1121 Do_ADBG_EndSubCase(c, "Create objects in a read/write session");
1122}
1123
1124ADBG_CASE_DEFINE(pkcs11, 1004, xtest_pkcs11_test_1004,
1125 "PKCS11: create/destroy PKCS#11 simple objects");
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]1126
1127
1128static const CK_MECHANISM_TYPE allowed_only_aes_ecb[] = {
1129 CKM_AES_ECB,
1130};
1131static const CK_MECHANISM_TYPE allowed_not_aes_ecb[] = {
1132 CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1133 CKM_AES_GCM, CKM_AES_CCM,
1134};
1135static const CK_MECHANISM_TYPE allowed_only_aes_cbcnopad[] = {
1136 CKM_AES_CBC,
1137};
1138static const CK_MECHANISM_TYPE allowed_not_aes_cbcnopad[] = {
1139 CKM_AES_ECB, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1140 CKM_AES_GCM, CKM_AES_CCM,
1141};
1142static const CK_MECHANISM_TYPE allowed_only_aes_ctr[] = {
1143 CKM_AES_CTR,
1144};
1145static const CK_MECHANISM_TYPE allowed_not_aes_ctr[] = {
1146 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTS,
1147 CKM_AES_GCM, CKM_AES_CCM,
1148};
1149static const CK_MECHANISM_TYPE allowed_only_aes_cts[] = {
1150 CKM_AES_CTS,
1151};
1152static const CK_MECHANISM_TYPE allowed_not_aes_cts[] = {
1153 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR,
1154 CKM_AES_GCM, CKM_AES_CCM,
1155};
1156
1157#define CKTEST_AES_KEY \
1158 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1159 sizeof(CK_OBJECT_CLASS) }, \
1160 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, \
1161 sizeof(CK_KEY_TYPE) }, \
1162 { CKA_VALUE, (void *)cktest_aes128_key, \
1163 sizeof(cktest_aes128_key) }
1164
1165#define CKTEST_AES_ALLOWED_KEY(_allowed) \
1166 { CKA_ALLOWED_MECHANISMS, (void *)_allowed, sizeof(_allowed), }
1167
1168#define CK_KEY_ALLOWED_AES_TEST(_label, _allowed) \
1169 static CK_ATTRIBUTE _label[] = { \
1170 CKTEST_AES_KEY, \
1171 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1172 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1173 CKTEST_AES_ALLOWED_KEY(_allowed), \
1174 }
1175
1176#define CK_KEY_ALLOWED_AES_ENC_TEST(_label, _allowed) \
1177 static CK_ATTRIBUTE _label[] = { \
1178 CKTEST_AES_KEY, \
1179 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1180 CKTEST_AES_ALLOWED_KEY(_allowed), \
1181 }
1182#define CK_KEY_ALLOWED_AES_DEC_TEST(_label, _allowed) \
1183 static CK_ATTRIBUTE _label[] = { \
1184 CKTEST_AES_KEY, \
1185 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1186 CKTEST_AES_ALLOWED_KEY(_allowed), \
1187 }
1188
1189CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ecb, allowed_only_aes_ecb);
1190CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ecb, allowed_not_aes_ecb);
1191CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cbcnopad, allowed_only_aes_cbcnopad);
1192CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cbcnopad, allowed_not_aes_cbcnopad);
1193CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cts, allowed_only_aes_cts);
1194CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cts, allowed_not_aes_cts);
1195CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ctr, allowed_only_aes_ctr);
1196CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ctr, allowed_not_aes_ctr);
1197
1198struct cktest_allowed_test {
1199 CK_ATTRIBUTE_PTR attr_key;
1200 CK_ULONG attr_count;
1201 CK_MECHANISM_PTR mechanism;
1202};
1203
1204#define CKTEST_KEY_MECHA(key, mecha) { \
1205 .attr_key = key, \
1206 .attr_count = ARRAY_SIZE(key), \
1207 .mechanism = mecha, \
1208 }
1209
1210static const struct cktest_allowed_test cktest_allowed_valid[] = {
1211 CKTEST_KEY_MECHA(cktest_aes_only_ecb, &cktest_aes_ecb_mechanism),
1212 CKTEST_KEY_MECHA(cktest_aes_only_cbcnopad, &cktest_aes_cbc_mechanism),
1213 CKTEST_KEY_MECHA(cktest_aes_only_cts, &cktest_aes_cts_mechanism),
1214 CKTEST_KEY_MECHA(cktest_aes_only_ctr, &cktest_aes_ctr_mechanism),
1215};
1216
1217static const struct cktest_allowed_test cktest_allowed_invalid[] = {
1218 CKTEST_KEY_MECHA(cktest_aes_not_ecb, &cktest_aes_ecb_mechanism),
1219 CKTEST_KEY_MECHA(cktest_aes_not_cbcnopad, &cktest_aes_cbc_mechanism),
1220 CKTEST_KEY_MECHA(cktest_aes_not_cts, &cktest_aes_cts_mechanism),
1221 CKTEST_KEY_MECHA(cktest_aes_not_ctr, &cktest_aes_ctr_mechanism),
1222};
1223
1224/* Create session object and token object from a session */
1225static CK_RV cipher_init_final(ADBG_Case_t *c, CK_SESSION_HANDLE session,
1226 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1227 CK_MECHANISM_PTR mechanism, uint32_t mode,
1228 CK_RV expected_rc)
1229{
1230 CK_RV rv2 = CKR_GENERAL_ERROR;
1231 CK_RV rv = CKR_GENERAL_ERROR;
1232 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1233
1234 switch (mode) {
1235 case TEE_MODE_ENCRYPT:
1236 case TEE_MODE_DECRYPT:
1237 break;
1238 default:
1239 ADBG_EXPECT_TRUE(c, false);
1240 }
1241
1242 rv = C_CreateObject(session, attr_key, attr_count, &object);
1243 if (!ADBG_EXPECT_CK_OK(c, rv))
1244 return rv;
1245
1246 if (mode == TEE_MODE_ENCRYPT)
1247 rv = C_EncryptInit(session, mechanism, object);
1248 if (mode == TEE_MODE_DECRYPT)
1249 rv = C_DecryptInit(session, mechanism, object);
1250
1251 if (!ADBG_EXPECT_CK_RESULT(c, expected_rc, rv)) {
1252 rv = CKR_GENERAL_ERROR;
1253 goto out;
1254 }
1255
1256 if (rv) {
1257 /*
1258 * If we're here it was the expected error code above and
1259 * we're supposed to return OK below.
1260 */
1261 rv = CKR_OK;
1262 } else {
1263 if (mode == TEE_MODE_ENCRYPT)
1264 rv = C_EncryptFinal(session, NULL, NULL);
1265 if (mode == TEE_MODE_DECRYPT)
1266 rv = C_DecryptFinal(session, NULL, NULL);
1267
1268 /* Only check that the operation is no more active */
1269 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
1270 rv = CKR_GENERAL_ERROR;
1271 }
1272
1273out:
1274 rv2 = C_DestroyObject(session, object);
1275 ADBG_EXPECT_CK_OK(c, rv2);
1276
1277 if (rv)
1278 return rv;
1279 else
1280 return rv2;
1281}
1282
1283CK_KEY_ALLOWED_AES_ENC_TEST(cktest_aes_enc_only_cts, allowed_only_aes_cts);
1284
1285CK_KEY_ALLOWED_AES_DEC_TEST(cktest_aes_dec_only_ctr, allowed_only_aes_ctr);
1286
1287static void xtest_pkcs11_test_1005(ADBG_Case_t *c)
1288{
1289 CK_RV rv = CKR_GENERAL_ERROR;
1290 CK_SLOT_ID slot = 0;
1291 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1292 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1293 size_t n = 0;
1294
1295 rv = init_lib_and_find_token_slot(&slot);
1296 if (!ADBG_EXPECT_CK_OK(c, rv))
1297 return;
1298
1299 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1300 if (!ADBG_EXPECT_CK_OK(c, rv))
1301 goto out;
1302
1303 for (n = 0; n < ARRAY_SIZE(cktest_allowed_valid); n++) {
1304
1305 Do_ADBG_BeginSubCase(c, "valid usage #%zu", n);
1306
1307 rv = cipher_init_final(c, session,
1308 cktest_allowed_valid[n].attr_key,
1309 cktest_allowed_valid[n].attr_count,
1310 cktest_allowed_valid[n].mechanism,
1311 TEE_MODE_ENCRYPT,
1312 CKR_OK);
1313
1314 ADBG_EXPECT_CK_OK(c, rv);
1315
1316 Do_ADBG_EndSubCase(c, NULL);
1317 if (rv)
1318 goto out;
1319
1320 }
1321
1322 for (n = 0; n < ARRAY_SIZE(cktest_allowed_invalid); n++) {
1323 Do_ADBG_BeginSubCase(c, "invalid usage #%zu", n);
1324
1325 rv = cipher_init_final(c, session,
1326 cktest_allowed_invalid[n].attr_key,
1327 cktest_allowed_invalid[n].attr_count,
1328 cktest_allowed_invalid[n].mechanism,
1329 TEE_MODE_ENCRYPT,
1330 CKR_KEY_FUNCTION_NOT_PERMITTED);
1331
1332 ADBG_EXPECT_CK_OK(c, rv);
1333
1334 Do_ADBG_EndSubCase(c, NULL);
1335 if (rv)
1336 goto out;
1337
1338 }
1339
1340out:
1341 rv = C_CloseSession(session);
1342 ADBG_EXPECT_CK_OK(c, rv);
1343
1344 rv = close_lib();
1345 ADBG_EXPECT_CK_OK(c, rv);
1346}
1347
1348
1349ADBG_CASE_DEFINE(pkcs11, 1005, xtest_pkcs11_test_1005,
1350 "PKCS11: Check ciphering with valid and invalid keys #1");
1351
1352static void xtest_pkcs11_test_1006(ADBG_Case_t *c)
1353{
1354 CK_RV rv = CKR_GENERAL_ERROR;
1355 CK_SLOT_ID slot = 0;
1356 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1357 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1358
1359 rv = init_lib_and_find_token_slot(&slot);
1360 if (!ADBG_EXPECT_CK_OK(c, rv))
1361 return;
1362
1363 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1364 if (!ADBG_EXPECT_CK_OK(c, rv))
1365 goto out;
1366
1367 /* Encrypt only AES CTS key */
1368 rv = cipher_init_final(c, session,
1369 cktest_aes_enc_only_cts,
1370 ARRAY_SIZE(cktest_aes_enc_only_cts),
1371 &cktest_aes_cts_mechanism,
1372 TEE_MODE_ENCRYPT,
1373 CKR_OK);
1374 if (!ADBG_EXPECT_CK_OK(c, rv))
1375 goto out;
1376
1377 rv = cipher_init_final(c, session,
1378 cktest_aes_enc_only_cts,
1379 ARRAY_SIZE(cktest_aes_enc_only_cts),
1380 &cktest_aes_cts_mechanism,
1381 TEE_MODE_DECRYPT,
1382 CKR_KEY_FUNCTION_NOT_PERMITTED);
1383 if (!ADBG_EXPECT_CK_OK(c, rv))
1384 goto out;
1385
1386 /* Decrypt only AES CTR key */
1387 rv = cipher_init_final(c, session,
1388 cktest_aes_dec_only_ctr,
1389 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1390 &cktest_aes_ctr_mechanism,
1391 TEE_MODE_ENCRYPT,
1392 CKR_KEY_FUNCTION_NOT_PERMITTED);
1393 if (!ADBG_EXPECT_CK_OK(c, rv))
1394 goto out;
1395
1396 rv = cipher_init_final(c, session,
1397 cktest_aes_dec_only_ctr,
1398 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1399 &cktest_aes_ctr_mechanism,
1400 TEE_MODE_ENCRYPT,
1401 CKR_KEY_FUNCTION_NOT_PERMITTED);
1402 if (!ADBG_EXPECT_CK_OK(c, rv))
1403 goto out;
1404
1405out:
1406 rv = C_CloseSession(session);
1407 ADBG_EXPECT_CK_OK(c, rv);
1408
1409 rv = close_lib();
1410 ADBG_EXPECT_CK_OK(c, rv);
1411}
1412ADBG_CASE_DEFINE(pkcs11, 1006, xtest_pkcs11_test_1006,
1413 "PKCS11: Check ciphering with valid and invalid keys #2");
1414
1415static CK_RV open_cipher_session(ADBG_Case_t *c,
1416 CK_SLOT_ID slot, CK_SESSION_HANDLE_PTR session,
1417 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1418 CK_MECHANISM_PTR mechanism, uint32_t mode)
1419{
1420 CK_RV rv = CKR_GENERAL_ERROR;
1421 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1422 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1423
1424 switch (mode) {
1425 case TEE_MODE_ENCRYPT:
1426 case TEE_MODE_DECRYPT:
1427 break;
1428 default:
1429 ADBG_EXPECT_TRUE(c, false);
1430 return CKR_GENERAL_ERROR;
1431 }
1432
1433 rv = C_OpenSession(slot, session_flags, NULL, 0, session);
1434 if (rv == CKR_DEVICE_MEMORY)
1435 return rv;
1436 if (!ADBG_EXPECT_CK_OK(c, rv))
1437 return rv;
1438
1439 rv = C_CreateObject(*session, attr_key, attr_count, &object);
1440 if (rv == CKR_DEVICE_MEMORY)
1441 return rv;
1442 if (!ADBG_EXPECT_CK_OK(c, rv))
1443 return rv;
1444
1445 if (mode == TEE_MODE_ENCRYPT)
1446 rv = C_EncryptInit(*session, mechanism, object);
1447 if (mode == TEE_MODE_DECRYPT)
1448 rv = C_DecryptInit(*session, mechanism, object);
1449
1450 if (rv == CKR_DEVICE_MEMORY)
1451 return rv;
1452 if (!ADBG_EXPECT_CK_OK(c, rv))
1453 return CKR_GENERAL_ERROR;
1454
1455 return rv;
1456}
1457
1458static void xtest_pkcs11_test_1007(ADBG_Case_t *c)
1459{
1460 CK_RV rv = CKR_GENERAL_ERROR;
1461 CK_SLOT_ID slot = 0;
1462 CK_SESSION_HANDLE sessions[128];
1463 size_t n = 0;
1464
1465 for (n = 0; n < ARRAY_SIZE(sessions); n++)
1466 sessions[n] = CK_INVALID_HANDLE;
1467
1468 rv = init_lib_and_find_token_slot(&slot);
1469 if (!ADBG_EXPECT_CK_OK(c, rv))
1470 return;
1471
1472 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1473
1474 rv = open_cipher_session(c, slot, &sessions[n],
1475 cktest_allowed_valid[0].attr_key,
1476 cktest_allowed_valid[0].attr_count,
1477 cktest_allowed_valid[0].mechanism,
1478 TEE_MODE_ENCRYPT);
1479
1480 /* Failure due to memory allocation is not a error case */
1481 if (rv == CKR_DEVICE_MEMORY)
1482 break;
1483
1484 if (!ADBG_EXPECT_CK_OK(c, rv))
1485 goto out;
1486 }
1487
1488 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, >, 0))
1489 goto out;
1490
1491 Do_ADBG_Log(" created sessions count: %zu", n);
1492
1493 /* Closing session with out bound and invalid IDs (or negative ID) */
1494 rv = C_CloseSession(sessions[n - 1] + 1024);
1495 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1496 rv = C_CloseSession(CK_INVALID_HANDLE);
1497 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1498 rv = C_CloseSession(~0);
1499 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1500
1501 /* Closing each session: all related resources shall be free */
1502 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1503 if (sessions[n] == CK_INVALID_HANDLE)
1504 continue;
1505
1506 rv = C_CloseSession(sessions[n]);
1507 ADBG_EXPECT_CK_OK(c, rv);
1508 sessions[n] = CK_INVALID_HANDLE;
1509 }
1510
1511 /* Open and close another session */
1512 rv = open_cipher_session(c, slot, &sessions[0],
1513 cktest_allowed_valid[0].attr_key,
1514 cktest_allowed_valid[0].attr_count,
1515 cktest_allowed_valid[0].mechanism,
1516 TEE_MODE_ENCRYPT);
1517
1518 if (!ADBG_EXPECT_CK_OK(c, rv))
1519 goto out;
1520
1521 rv = C_CloseSession(sessions[0]);
1522 ADBG_EXPECT_CK_OK(c, rv);
1523 sessions[0] = CK_INVALID_HANDLE;
1524
1525out:
1526 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1527 if (sessions[n] == CK_INVALID_HANDLE)
1528 continue;
1529
1530 rv = C_CloseSession(sessions[n]);
1531 ADBG_EXPECT_CK_OK(c, rv);
1532 }
1533
1534 rv = close_lib();
1535 ADBG_EXPECT_CK_OK(c, rv);
1536}
1537ADBG_CASE_DEFINE(pkcs11, 1007, xtest_pkcs11_test_1007,
1538 "PKCS11: Check operations release at session closure");
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1539
1540#define CK_MAC_KEY_HMAC(_type, _key_array) \
1541 { \
1542 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, \
1543 sizeof(CK_BBOOL) }, \
1544 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, \
1545 sizeof(CK_BBOOL) }, \
1546 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1547 sizeof(CK_OBJECT_CLASS) }, \
1548 { CKA_KEY_TYPE, &(CK_KEY_TYPE){_type}, \
1549 sizeof(CK_KEY_TYPE) }, \
1550 { CKA_VALUE, (void *)(_key_array), \
1551 sizeof(_key_array) } \
1552 }
1553
1554static CK_ATTRIBUTE cktest_hmac_md5_key[] =
1555 CK_MAC_KEY_HMAC(CKK_MD5_HMAC, mac_data_md5_key1);
1556
1557static CK_ATTRIBUTE cktest_hmac_sha1_key[] =
1558 CK_MAC_KEY_HMAC(CKK_SHA_1_HMAC, mac_data_sha1_key1);
1559
1560static CK_ATTRIBUTE cktest_hmac_sha224_key[] =
1561 CK_MAC_KEY_HMAC(CKK_SHA224_HMAC, mac_data_sha224_key1);
1562
1563static CK_ATTRIBUTE cktest_hmac_sha256_key1[] =
1564 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key1);
1565
1566static CK_ATTRIBUTE cktest_hmac_sha256_key2[] =
1567 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key2);
1568
1569static CK_ATTRIBUTE cktest_hmac_sha384_key[] =
1570 CK_MAC_KEY_HMAC(CKK_SHA384_HMAC, mac_data_sha384_key1);
1571
1572static CK_ATTRIBUTE cktest_hmac_sha512_key[] =
1573 CK_MAC_KEY_HMAC(CKK_SHA512_HMAC, mac_data_sha512_key1);
1574
1575struct mac_test {
1576 CK_ATTRIBUTE_PTR attr_key;
1577 CK_ULONG attr_count;
1578 CK_MECHANISM_PTR mechanism;
1579 size_t in_incr;
1580 const uint8_t *in;
1581 size_t in_len;
1582 const uint8_t *out;
1583 size_t out_len;
1584 bool multiple_incr;
1585};
1586
1587#define CKTEST_MAC_TEST(key, mecha, input_incr, input, output, incr) { \
1588 .attr_key = key, \
1589 .attr_count = ARRAY_SIZE(key), \
1590 .mechanism = mecha, \
1591 .in_incr = input_incr, \
1592 .in = input, \
1593 .in_len = ARRAY_SIZE(input), \
1594 .out = output, \
1595 .out_len = ARRAY_SIZE(output), \
1596 .multiple_incr = incr \
1597 }
1598
1599static const struct mac_test cktest_mac_cases[] = {
1600 CKTEST_MAC_TEST(cktest_hmac_md5_key, &cktest_hmac_md5_mechanism,
1601 4, mac_data_md5_in1, mac_data_md5_out1, false),
1602 CKTEST_MAC_TEST(cktest_hmac_sha1_key, &cktest_hmac_sha1_mechanism,
1603 5, mac_data_sha1_in1, mac_data_sha1_out1, false),
1604 CKTEST_MAC_TEST(cktest_hmac_sha224_key, &cktest_hmac_sha224_mechanism,
1605 8, mac_data_sha224_in1, mac_data_sha224_out1, false),
1606 CKTEST_MAC_TEST(cktest_hmac_sha256_key1, &cktest_hmac_sha256_mechanism,
1607 1, mac_data_sha256_in1, mac_data_sha256_out1, false),
1608 CKTEST_MAC_TEST(cktest_hmac_sha256_key2, &cktest_hmac_sha256_mechanism,
1609 7, mac_data_sha256_in2, mac_data_sha256_out2, false),
1610 CKTEST_MAC_TEST(cktest_hmac_sha384_key, &cktest_hmac_sha384_mechanism,
1611 11, mac_data_sha384_in1, mac_data_sha384_out1, false),
1612 CKTEST_MAC_TEST(cktest_hmac_sha512_key, &cktest_hmac_sha512_mechanism,
1613 13, mac_data_sha512_in1, mac_data_sha512_out1, false),
1614};
1615
1616static void xtest_pkcs11_test_1008(ADBG_Case_t *c)
1617{
1618 CK_RV rv = CKR_GENERAL_ERROR;
1619 CK_SLOT_ID slot = 0;
1620 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1621 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1622 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1623 uint8_t out[512] = { 0 };
1624 CK_ULONG out_size = 0;
1625 struct mac_test const *test = NULL;
1626 size_t n = 0;
1627
1628 rv = init_lib_and_find_token_slot(&slot);
1629 if (!ADBG_EXPECT_CK_OK(c, rv))
1630 return;
1631
1632 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1633 if (!ADBG_EXPECT_CK_OK(c, rv))
1634 goto err_close_lib;
1635
1636 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1637
1638 test = &cktest_mac_cases[n];
1639 Do_ADBG_BeginSubCase(c, "Sign case %zu algo (%s)", n,
1640 ckm2str(test->mechanism->mechanism));
1641
1642 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1643 &key_handle);
1644 if (!ADBG_EXPECT_CK_OK(c, rv))
1645 goto err;
1646
1647 /* Test signature in 1 step */
1648 if (test->in != NULL) {
1649 rv = C_SignInit(session, test->mechanism, key_handle);
1650 if (!ADBG_EXPECT_CK_OK(c, rv))
1651 goto err_destr_obj;
1652
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame]1653 /* Pass input buffer of size 0 */
1654 rv = C_SignUpdate(session,
1655 (void *)test->in, 0);
1656 if (!ADBG_EXPECT_CK_OK(c, rv))
1657 goto err_destr_obj;
1658
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1659 rv = C_SignUpdate(session,
1660 (void *)test->in, test->in_len);
1661 if (!ADBG_EXPECT_CK_OK(c, rv))
1662 goto err_destr_obj;
1663
1664 /* Test too short buffer case */
1665 out_size = 1;
1666 rv = C_SignFinal(session, out, &out_size);
1667 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1668 goto err_destr_obj;
1669
1670 /*
1671 * Test NULL buffer case with size as 0
1672 * to get the out_size
1673 */
1674 out_size = 0;
1675 rv = C_SignFinal(session, NULL, &out_size);
1676 if (!ADBG_EXPECT_CK_OK(c, rv))
1677 goto err_destr_obj;
1678
Vesa Jääskeläinenbbe78622021-06-27 16:03:13 +0300[diff] [blame^]1679 /*
1680 * Test NULL buffer case with size as non-zero
1681 * to get the out_size
1682 */
1683 out_size = 42;
1684 rv = C_SignFinal(session, NULL, &out_size);
1685 if (!ADBG_EXPECT_CK_OK(c, rv))
1686 goto err_destr_obj;
1687
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1688 /* Get to full output */
1689 memset(out, 0, out_size);
1690 rv = C_SignFinal(session, out, &out_size);
1691 if (!ADBG_EXPECT_CK_OK(c, rv))
1692 goto err_destr_obj;
1693
1694 (void)ADBG_EXPECT_BUFFER(c, test->out,
1695 test->out_len,
1696 out, out_size);
1697 }
1698
1699 /* Test 2 step update signature */
1700 rv = C_SignInit(session, test->mechanism, key_handle);
1701 if (!ADBG_EXPECT_CK_OK(c, rv))
1702 goto err_destr_obj;
1703
1704 if (test->in != NULL) {
1705 rv = C_SignUpdate(session,
1706 (void *)test->in, test->in_incr);
1707 if (!ADBG_EXPECT_CK_OK(c, rv))
1708 goto err_destr_obj;
1709
1710 rv = C_SignUpdate(session,
1711 (void *)(test->in + test->in_incr),
1712 test->in_len - test->in_incr);
1713 if (!ADBG_EXPECT_CK_OK(c, rv))
1714 goto err_destr_obj;
1715 }
1716
1717 out_size = sizeof(out);
1718 memset(out, 0, sizeof(out));
1719
1720 rv = C_SignFinal(session, out, &out_size);
1721 if (!ADBG_EXPECT_CK_OK(c, rv))
1722 goto err_destr_obj;
1723
1724 (void)ADBG_EXPECT_BUFFER(c, test->out,
1725 test->out_len, out, out_size);
1726
1727 /* Test 3 signature in one shot */
1728 if (test->in != NULL) {
1729 rv = C_SignInit(session, test->mechanism, key_handle);
1730 if (!ADBG_EXPECT_CK_OK(c, rv))
1731 goto err_destr_obj;
1732
1733 /* Test too short buffer case */
1734 out_size = 1;
1735 rv = C_Sign(session,(void *)test->in, test->in_len,
1736 out, &out_size);
1737 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1738 goto err_destr_obj;
1739
1740 /*
1741 * Test NULL buffer case with size as 0
1742 * to get the out_size
1743 */
1744 out_size = 0;
1745 rv = C_Sign(session, (void *)test->in, test->in_len,
1746 NULL, &out_size);
1747 if (!ADBG_EXPECT_CK_OK(c, rv))
1748 goto err_destr_obj;
1749
Vesa Jääskeläinenbbe78622021-06-27 16:03:13 +0300[diff] [blame^]1750 /*
1751 * Test NULL buffer case with size as non-zero
1752 * to get the out_size
1753 */
1754 out_size = 42;
1755 rv = C_Sign(session, (void *)test->in, test->in_len,
1756 NULL, &out_size);
1757 if (!ADBG_EXPECT_CK_OK(c, rv))
1758 goto err_destr_obj;
1759
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1760 /* Get to full output */
1761 memset(out, 0, out_size);
1762 rv = C_Sign(session,(void *)test->in, test->in_len,
1763 out, &out_size);
1764 if (!ADBG_EXPECT_CK_OK(c, rv))
1765 goto err_destr_obj;
1766
1767 (void)ADBG_EXPECT_BUFFER(c, test->out,
1768 test->out_len,
1769 out, out_size);
1770 }
1771
1772 rv = C_DestroyObject(session, key_handle);
1773 if (!ADBG_EXPECT_CK_OK(c, rv))
1774 goto err;
1775
1776 Do_ADBG_EndSubCase(c, NULL);
1777 }
1778 goto out;
1779
1780err_destr_obj:
1781 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1782err:
1783 Do_ADBG_EndSubCase(c, NULL);
1784out:
1785 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1786err_close_lib:
1787 ADBG_EXPECT_CK_OK(c, close_lib());
1788}
1789ADBG_CASE_DEFINE(pkcs11, 1008, xtest_pkcs11_test_1008,
1790 "PKCS11: Check Compliance of C_Sign - HMAC algorithms");
1791
1792static void xtest_pkcs11_test_1009(ADBG_Case_t *c)
1793{
1794 CK_RV rv = CKR_GENERAL_ERROR;
1795 CK_SLOT_ID slot = 0;
1796 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1797 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1798 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1799 struct mac_test const *test = NULL;
1800 size_t n = 0;
1801
1802 rv = init_lib_and_find_token_slot(&slot);
1803 if (!ADBG_EXPECT_CK_OK(c, rv))
1804 return;
1805
1806 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1807 if (!ADBG_EXPECT_CK_OK(c, rv))
1808 goto err_close_lib;
1809
1810 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1811
1812 test = &cktest_mac_cases[n];
1813 Do_ADBG_BeginSubCase(c, "Verify case %zu algo (%s)", n,
1814 ckm2str(test->mechanism->mechanism));
1815
1816 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1817 &key_handle);
1818 if (!ADBG_EXPECT_CK_OK(c, rv))
1819 goto err;
1820
1821 /* Test Verification in 1 step */
1822 if (test->in != NULL) {
1823 rv = C_VerifyInit(session, test->mechanism, key_handle);
1824 if (!ADBG_EXPECT_CK_OK(c, rv))
1825 goto err_destr_obj;
1826
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame]1827 /* Pass input buffer with size 0 - No affect */
1828 rv = C_VerifyUpdate(session, (void *)test->in, 0);
1829 if (!ADBG_EXPECT_CK_OK(c, rv))
1830 goto err_destr_obj;
1831
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1832 rv = C_VerifyUpdate(session, (void *)test->in,
1833 test->in_len);
1834 if (!ADBG_EXPECT_CK_OK(c, rv))
1835 goto err_destr_obj;
1836
1837 rv = C_VerifyFinal(session,
1838 (void *)test->out, test->out_len);
1839 if (!ADBG_EXPECT_CK_OK(c, rv))
1840 goto err_destr_obj;
1841
1842 }
1843
1844 /* Test 2 step update verification*/
1845 rv = C_VerifyInit(session, test->mechanism, key_handle);
1846 if (!ADBG_EXPECT_CK_OK(c, rv))
1847 goto err_destr_obj;
1848
1849 if (test->in != NULL) {
1850 rv = C_VerifyUpdate(session,
1851 (void *)test->in, test->in_incr);
1852 if (!ADBG_EXPECT_CK_OK(c, rv))
1853 goto err_destr_obj;
1854
1855 rv = C_VerifyUpdate(session,
1856 (void *)(test->in + test->in_incr),
1857 test->in_len - test->in_incr);
1858 if (!ADBG_EXPECT_CK_OK(c, rv))
1859 goto err_destr_obj;
1860 }
1861
1862 rv = C_VerifyFinal(session, (void *)test->out, test->out_len);
1863 if (!ADBG_EXPECT_CK_OK(c, rv))
1864 goto err_destr_obj;
1865
1866 /* Error as Operation has already completed */
1867 rv = C_Verify(session,
1868 (void *)test->in, test->in_len,
1869 (void *)test->out, test->out_len);
1870 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED,
1871 rv))
1872 goto err_destr_obj;
1873
1874 /* Test 3 verification in one shot */
1875 if (test->in != NULL) {
1876 rv = C_VerifyInit(session, test->mechanism, key_handle);
1877 if (!ADBG_EXPECT_CK_OK(c, rv))
1878 goto err_destr_obj;
1879
1880 rv = C_Verify(session,
1881 (void *)test->in, test->in_len,
1882 (void *)test->out, test->out_len);
1883 if (!ADBG_EXPECT_CK_OK(c, rv))
1884 goto err_destr_obj;
1885
1886 /* Try calling Verify again */
1887 rv = C_Verify(session,
1888 (void *)test->in, test->in_len,
1889 (void *)test->out, test->out_len);
1890 if (!ADBG_EXPECT_CK_RESULT(c,
1891 CKR_OPERATION_NOT_INITIALIZED,
1892 rv))
1893 goto err_destr_obj;
1894 }
1895
1896 /*
1897 * Test 4 verification
1898 * Error - Signature Length Range with C_VerifyFinal
1899 */
1900 if (test->in != NULL) {
1901 rv = C_VerifyInit(session, test->mechanism, key_handle);
1902 if (!ADBG_EXPECT_CK_OK(c, rv))
1903 goto err_destr_obj;
1904
1905 rv = C_VerifyUpdate(session, (void *)test->in,
1906 test->in_len);
1907 if (!ADBG_EXPECT_CK_OK(c, rv))
1908 goto err_destr_obj;
1909
1910 rv = C_VerifyFinal(session, (void *)test->out, 3);
1911 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1912 rv))
1913 goto err_destr_obj;
1914 }
1915
1916 /*
1917 * Test 5 verification
1918 * Error - Signature Length Range with C_Verify
1919 */
1920 if (test->in != NULL) {
1921 rv = C_VerifyInit(session, test->mechanism, key_handle);
1922 if (!ADBG_EXPECT_CK_OK(c, rv))
1923 goto err_destr_obj;
1924
1925 rv = C_Verify(session,
1926 (void *)test->in, test->in_len,
1927 (void *)test->out, 0);
1928 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1929 rv))
1930 goto err_destr_obj;
1931 }
1932
1933 /* Test 6 verification - Invalid Operation sequence */
1934 if (test->in != NULL) {
1935 rv = C_VerifyInit(session, test->mechanism, key_handle);
1936 if (!ADBG_EXPECT_CK_OK(c, rv))
1937 goto err_destr_obj;
1938
1939 rv = C_Verify(session,
1940 (void *)test->in, test->in_len,
1941 (void *)test->out, test->out_len);
1942 if (!ADBG_EXPECT_CK_OK(c, rv))
1943 goto err_destr_obj;
1944
1945 /* Init session has already terminated with C_Verify */
1946 rv = C_VerifyUpdate(session, (void *)test->in,
1947 test->in_len);
1948 if (!ADBG_EXPECT_CK_RESULT(c,
1949 CKR_OPERATION_NOT_INITIALIZED,
1950 rv))
1951 goto err_destr_obj;
1952 }
1953
1954 rv = C_DestroyObject(session, key_handle);
1955 if (!ADBG_EXPECT_CK_OK(c, rv))
1956 goto err;
1957
1958 Do_ADBG_EndSubCase(c, NULL);
1959 }
1960 goto out;
1961
1962err_destr_obj:
1963 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1964err:
1965 Do_ADBG_EndSubCase(c, NULL);
1966out:
1967 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1968err_close_lib:
1969 ADBG_EXPECT_CK_OK(c, close_lib());
1970}
1971ADBG_CASE_DEFINE(pkcs11, 1009, xtest_pkcs11_test_1009,
1972 "PKCS11: Check Compliance of C_Verify - HMAC Algorithms");
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]1973
1974/* Bad key type */
1975static CK_ATTRIBUTE cktest_generate_gensecret_object_error1[] = {
1976 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1977 sizeof(CK_OBJECT_CLASS) },
1978 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
1979 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
1980};
1981
1982/* Missing VALUE_LEN */
1983static CK_ATTRIBUTE cktest_generate_gensecret_object_error2[] = {
1984 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1985 sizeof(CK_OBJECT_CLASS) },
1986 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1987 sizeof(CK_KEY_TYPE) },
1988};
1989
1990/* Bad object class */
1991static CK_ATTRIBUTE cktest_generate_gensecret_object_error3[] = {
1992 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA}, sizeof(CK_OBJECT_CLASS) },
1993 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1994 sizeof(CK_KEY_TYPE) },
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]1995 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]1996};
1997
1998/* Invalid template with CKA_LOCAL */
1999static CK_ATTRIBUTE cktest_generate_gensecret_object_error4[] = {
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]2000 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]2001 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2002};
2003
2004/* Valid template to generate a generic secret */
2005static CK_ATTRIBUTE cktest_generate_gensecret_object_valid1[] = {
2006 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
2007 sizeof(CK_OBJECT_CLASS) },
2008 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
2009 sizeof(CK_KEY_TYPE) },
2010 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2011 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]2012 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]2013};
2014
2015/* Valid template to generate a generic secret with only VALUE_LEN */
2016static CK_ATTRIBUTE cktest_generate_gensecret_object_valid2[] = {
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]2017 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]2018 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2019};
2020
2021
2022/* Valid template to generate an all AES purpose key */
2023static CK_ATTRIBUTE cktest_generate_aes_object[] = {
2024 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
2025 sizeof(CK_OBJECT_CLASS) },
2026 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
2027 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2028 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2029 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
2030};
2031
2032static void xtest_pkcs11_test_1010(ADBG_Case_t *c)
2033{
2034 CK_RV rv = CKR_GENERAL_ERROR;
2035 CK_SLOT_ID slot = 0;
2036 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2037 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2038 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
2039 struct mac_test const *test = &cktest_mac_cases[0];
2040 uint8_t out[512] = { 0 };
2041 CK_ULONG out_len = 512;
2042
2043 rv = init_lib_and_find_token_slot(&slot);
2044 if (!ADBG_EXPECT_CK_OK(c, rv))
2045 return;
2046
2047 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2048 if (!ADBG_EXPECT_CK_OK(c, rv))
2049 goto close_lib;
2050
2051 /*
2052 * Generate Generic Secret key using invalid templates
2053 */
2054 Do_ADBG_BeginSubCase(c, "Generate Secret Key with Invalid Templates");
2055
2056 /* NULL Template with !null template length */
2057 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism, NULL,
2058 3, &key_handle);
2059 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
2060 goto err;
2061
2062 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2063 cktest_generate_gensecret_object_error1,
2064 ARRAY_SIZE(cktest_generate_gensecret_object_error1),
2065 &key_handle);
2066 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2067 goto err;
2068
2069 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2070 cktest_generate_gensecret_object_error2,
2071 ARRAY_SIZE(cktest_generate_gensecret_object_error2),
2072 &key_handle);
2073 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCOMPLETE, rv))
2074 goto err;
2075
2076 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2077 cktest_generate_gensecret_object_error3,
2078 ARRAY_SIZE(cktest_generate_gensecret_object_error3),
2079 &key_handle);
2080 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2081 goto err;
2082
2083 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2084 cktest_generate_gensecret_object_error4,
2085 ARRAY_SIZE(cktest_generate_gensecret_object_error4),
2086 &key_handle);
2087 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2088 goto err;
2089
2090 Do_ADBG_EndSubCase(c, NULL);
2091
2092 /*
2093 * Generate a Generic Secret object.
2094 * Try to encrypt with, it should fail...
2095 */
2096 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Encrypting");
2097
2098 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2099 cktest_generate_gensecret_object_valid1,
2100 ARRAY_SIZE(cktest_generate_gensecret_object_valid1),
2101 &key_handle);
2102 if (!ADBG_EXPECT_CK_OK(c, rv))
2103 goto err;
2104
2105 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2106 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_FUNCTION_NOT_PERMITTED, rv))
2107 goto err_destr_obj;
2108
2109 rv = C_DestroyObject(session, key_handle);
2110 if (!ADBG_EXPECT_CK_OK(c, rv))
2111 goto err;
2112
2113 Do_ADBG_EndSubCase(c, NULL);
2114
2115 /*
2116 * Generate a Generic Secret object.
2117 * Try to sign with it, it should pass...
2118 */
2119 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Signing");
2120 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2121 cktest_generate_gensecret_object_valid2,
2122 ARRAY_SIZE(cktest_generate_gensecret_object_valid2),
2123 &key_handle);
2124 if (!ADBG_EXPECT_CK_OK(c, rv))
2125 goto err;
2126
2127 rv = C_SignInit(session, test->mechanism, key_handle);
2128 if (!ADBG_EXPECT_CK_OK(c, rv))
2129 goto err_destr_obj;
2130
2131 rv = C_Sign(session, (void *)test->in, test->in_len,
2132 (void *)out, &out_len);
2133 if (!ADBG_EXPECT_CK_OK(c, rv))
2134 goto err_destr_obj;
2135
2136 rv = C_DestroyObject(session, key_handle);
2137 if (!ADBG_EXPECT_CK_OK(c, rv))
2138 goto err;
2139
2140 Do_ADBG_EndSubCase(c, NULL);
2141
2142 /*
2143 * Generate a 128 bit AES Secret Key.
2144 * Try to encrypt with, it should pass...
2145 */
2146 Do_ADBG_BeginSubCase(c, "Generate AES Key - Try Encrypting");
2147
2148 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
2149 cktest_generate_aes_object,
2150 ARRAY_SIZE(cktest_generate_aes_object),
2151 &key_handle);
2152 if (!ADBG_EXPECT_CK_OK(c, rv))
2153 goto err;
2154
2155 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2156 if (!ADBG_EXPECT_CK_OK(c, rv))
2157 goto err_destr_obj;
2158
2159 rv = C_EncryptFinal(session, NULL, NULL);
2160 /* Only check that the operation is no more active */
2161 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
2162 goto err;
2163
2164 rv = C_DestroyObject(session, key_handle);
2165 if (!ADBG_EXPECT_CK_OK(c, rv))
2166 goto err;
2167
2168 Do_ADBG_EndSubCase(c, NULL);
2169
2170 goto out;
2171
2172err_destr_obj:
2173 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
2174err:
2175 Do_ADBG_EndSubCase(c, NULL);
2176out:
2177 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2178close_lib:
2179 ADBG_EXPECT_CK_OK(c, close_lib());
2180}
2181ADBG_CASE_DEFINE(pkcs11, 1010, xtest_pkcs11_test_1010,
2182 "PKCS11: Key Generation");
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2183
2184static CK_RV create_data_object(CK_SESSION_HANDLE session,
2185 CK_OBJECT_HANDLE *obj_handle,
2186 CK_BBOOL token, CK_BBOOL private,
2187 const char *label)
2188{
2189 CK_OBJECT_CLASS class = CKO_DATA;
2190 CK_ATTRIBUTE object_template[] = {
2191 { CKA_CLASS, &class, sizeof(CK_OBJECT_CLASS) },
2192 { CKA_TOKEN, &token, sizeof(CK_BBOOL) },
2193 { CKA_PRIVATE, &private, sizeof(CK_BBOOL) },
2194 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2195 };
2196
2197 return C_CreateObject(session, object_template,
2198 ARRAY_SIZE(object_template), obj_handle);
2199}
2200
2201static CK_RV test_find_objects(ADBG_Case_t *c, CK_SESSION_HANDLE session,
2202 CK_ATTRIBUTE_PTR find_template,
2203 CK_ULONG attr_count,
2204 CK_OBJECT_HANDLE_PTR obj_found,
2205 CK_ULONG obj_count,
2206 CK_ULONG expected_cnt)
2207{
2208 CK_RV rv = CKR_GENERAL_ERROR;
2209 CK_ULONG hdl_count = 0;
2210
2211 rv = C_FindObjectsInit(session, find_template, attr_count);
2212 if (!ADBG_EXPECT_CK_OK(c, rv))
2213 return rv;
2214
2215 rv = C_FindObjects(session, obj_found, obj_count, &hdl_count);
2216 if (!ADBG_EXPECT_CK_OK(c, rv))
2217 return rv;
2218 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, expected_cnt))
2219 return CKR_GENERAL_ERROR;
2220
2221 rv = C_FindObjectsFinal(session);
2222 if (!ADBG_EXPECT_CK_OK(c, rv))
2223 return rv;
2224
2225 return rv;
2226}
2227
2228static void destroy_persistent_objects(ADBG_Case_t *c, CK_SLOT_ID slot)
2229{
2230 uint32_t rv = CKR_GENERAL_ERROR;
2231 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2232 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2233 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2234 CK_ULONG count = 1;
2235 CK_ATTRIBUTE cktest_find_all_token_objs[] = {
2236 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2237 };
2238
2239 rv = init_user_test_token(slot);
2240 if (!ADBG_EXPECT_CK_OK(c, rv))
2241 return;
2242
2243 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2244 if (!ADBG_EXPECT_CK_OK(c, rv))
2245 return;
2246
2247 /* Login to destroy private objects */
2248 rv = C_Login(session, CKU_USER, test_token_user_pin,
2249 sizeof(test_token_user_pin));
2250 if (!ADBG_EXPECT_CK_OK(c, rv))
2251 goto bail;
2252
2253 rv = C_FindObjectsInit(session, cktest_find_all_token_objs,
2254 ARRAY_SIZE(cktest_find_all_token_objs));
2255 if (!ADBG_EXPECT_CK_OK(c, rv))
2256 goto bail;
2257
2258 while (1) {
2259 rv = C_FindObjects(session, &obj_hdl, 1, &count);
2260 if (!ADBG_EXPECT_CK_OK(c, rv))
2261 goto bail;
2262 if (!count)
2263 break;
2264
2265 rv = C_DestroyObject(session, obj_hdl);
2266 ADBG_EXPECT_CK_OK(c, rv);
2267 }
2268
2269 rv = C_FindObjectsFinal(session);
2270 ADBG_EXPECT_CK_OK(c, rv);
2271
2272 rv = C_Logout(session);
2273 ADBG_EXPECT_CK_OK(c, rv);
2274
2275bail:
2276 rv = C_CloseSession(session);
2277 ADBG_EXPECT_CK_OK(c, rv);
2278}
2279
2280static void xtest_pkcs11_test_1011(ADBG_Case_t *c)
2281{
2282 CK_RV rv = CKR_GENERAL_ERROR;
2283 CK_SLOT_ID slot = 0;
2284 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2285 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2286 CK_OBJECT_HANDLE obj_hdl[10] = { };
2287 CK_OBJECT_HANDLE obj_found[10] = { };
2288 const char *label = "Common Label";
2289 CK_ULONG hdl_count = 0;
2290 size_t n = 0;
2291 uint32_t i = 0;
2292 uint32_t object_id = 0;
2293 bool logged_in = false;
2294 CK_ATTRIBUTE find_template[] = {
2295 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2296 };
2297 CK_ATTRIBUTE find_token_template[] = {
2298 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2299 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2300 };
2301 CK_ATTRIBUTE find_session_template[] = {
2302 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2303 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
2304 };
2305 CK_BBOOL bToken = CK_FALSE;
2306 CK_ATTRIBUTE get_attr_template[] = {
2307 { CKA_TOKEN, &bToken, sizeof(bToken) },
2308 };
2309
2310 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
2311 obj_hdl[n] = CK_INVALID_HANDLE;
2312 for (n = 0; n < ARRAY_SIZE(obj_found); n++)
2313 obj_found[n] = CK_INVALID_HANDLE;
2314
2315 rv = init_lib_and_find_token_slot(&slot);
2316 if (!ADBG_EXPECT_CK_OK(c, rv))
2317 return;
2318
2319 rv = init_test_token(slot);
2320 if (!ADBG_EXPECT_CK_OK(c, rv))
2321 return;
2322
2323 rv = init_user_test_token(slot);
2324 if (!ADBG_EXPECT_CK_OK(c, rv))
2325 return;
2326
2327 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2328 if (!ADBG_EXPECT_CK_OK(c, rv))
2329 goto close_lib;
2330
2331 /*
2332 * Sub test: Create Session Public/Private,
2333 * Token Public/Private objects and find them
2334 */
2335 Do_ADBG_BeginSubCase(c, "Find created Data objects when logged in");
2336
2337 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2338 rv = create_data_object(session, &obj_hdl[object_id++], CK_FALSE,
2339 CK_FALSE, label);
2340 if (!ADBG_EXPECT_CK_OK(c, rv))
2341 goto out;
2342
2343 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2344 rv = create_data_object(session, &obj_hdl[object_id++], CK_TRUE,
2345 CK_FALSE, label);
2346 if (!ADBG_EXPECT_CK_OK(c, rv))
2347 goto out;
2348
2349 /*
2350 * Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE
2351 * Expected error as User not logged in
2352 */
2353 rv = create_data_object(session, &obj_hdl[object_id], CK_TRUE,
2354 CK_TRUE, label);
2355 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2356 goto out;
2357
2358 /* Login to Test Token */
2359 rv = C_Login(session, CKU_USER, test_token_user_pin,
2360 sizeof(test_token_user_pin));
2361 if (!ADBG_EXPECT_CK_OK(c, rv))
2362 goto out;
2363
2364 logged_in = true;
2365
2366 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
2367 rv = create_data_object(session, &obj_hdl[object_id++], CK_TRUE,
2368 CK_TRUE, label);
2369 if (!ADBG_EXPECT_CK_OK(c, rv))
2370 goto out;
2371
2372 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2373 rv = create_data_object(session, &obj_hdl[object_id++], CK_FALSE,
2374 CK_TRUE, label);
2375 if (!ADBG_EXPECT_CK_OK(c, rv))
2376 goto out;
2377
2378 rv = test_find_objects(c, session, find_template,
2379 ARRAY_SIZE(find_template),
2380 obj_found, ARRAY_SIZE(obj_found), 4);
2381 if (!ADBG_EXPECT_CK_OK(c, rv))
2382 goto out;
2383
2384 /*
2385 * Check if object handles returned when creating objects with this
2386 * session are still valid
2387 */
2388 for (i = 0; i < object_id; i++) {
2389 rv = C_GetAttributeValue(session, obj_hdl[i], get_attr_template,
2390 ARRAY_SIZE(get_attr_template));
2391 if (!ADBG_EXPECT_CK_OK(c, rv))
2392 goto out;
2393 }
2394
2395 Do_ADBG_EndSubCase(c, NULL);
2396
2397 /*
2398 * Sub test: Pass NULL template with count as 0. All objects should
2399 * get returned
2400 */
2401 Do_ADBG_BeginSubCase(c, "Find all objects by passing NULL template");
2402
2403 rv = test_find_objects(c, session, NULL, 0, obj_found,
2404 ARRAY_SIZE(obj_found), 4);
2405 if (!ADBG_EXPECT_CK_OK(c, rv))
2406 goto out;
2407
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2408 Do_ADBG_EndSubCase(c, NULL);
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2409
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2410 /*
2411 * Sub test: finalize search without getting the handles found
2412 */
2413 Do_ADBG_BeginSubCase(c, "Initiate and finalize straight a search");
2414
2415 rv = C_FindObjectsInit(session, find_template,
2416 ARRAY_SIZE(find_template));
2417 if (!ADBG_EXPECT_CK_OK(c, rv))
2418 goto out;
2419
2420 rv = C_FindObjectsFinal(session);
2421 if (!ADBG_EXPECT_CK_OK(c, rv))
2422 goto out;
2423
2424 /*
2425 * Check if object handles returned when creating objects with this
2426 * session are still valid
2427 */
2428 for (i = 0; i < object_id; i++) {
2429 rv = C_GetAttributeValue(session, obj_hdl[i], get_attr_template,
2430 ARRAY_SIZE(get_attr_template));
2431 if (!ADBG_EXPECT_CK_OK(c, rv))
2432 goto out;
2433 }
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2434 Do_ADBG_EndSubCase(c, NULL);
2435
2436 /*
2437 * Sub test: Logout and find objects. We will find only public
2438 * objects (2)
2439 */
2440 Do_ADBG_BeginSubCase(c, "Find created Data objects when logged out");
2441
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2442 rv = C_Logout(session);
2443 ADBG_EXPECT_CK_OK(c, rv);
2444
2445 logged_in = false;
2446
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2447 rv = test_find_objects(c, session, find_template,
2448 ARRAY_SIZE(find_template),
2449 obj_found, ARRAY_SIZE(obj_found), 2);
2450 if (!ADBG_EXPECT_CK_OK(c, rv))
2451 goto out;
2452
2453 Do_ADBG_EndSubCase(c, NULL);
2454
2455 /*
2456 * Sub test
2457 */
2458 Do_ADBG_BeginSubCase(c, "Find objects 1 by 1 and match handles");
2459
2460 for (n = 0; n < ARRAY_SIZE(obj_found); n++)
2461 obj_found[n] = CK_INVALID_HANDLE;
2462
2463 rv = C_FindObjectsInit(session, find_template,
2464 ARRAY_SIZE(find_template));
2465 if (!ADBG_EXPECT_CK_OK(c, rv))
2466 goto out;
2467
2468 rv = C_FindObjects(session, obj_found, 1, &hdl_count);
2469 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2470 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 1) ||
2471 !ADBG_EXPECT_TRUE(c, (obj_found[0] == obj_hdl[0]) ||
2472 (obj_found[0] == obj_hdl[1])))
2473 goto out;
2474
2475 rv = C_FindObjects(session, &obj_found[1], 1, &hdl_count);
2476 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2477 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 1) ||
2478 !ADBG_EXPECT_TRUE(c, (obj_found[1] == obj_hdl[0]) ||
2479 (obj_found[1] == obj_hdl[1])) ||
2480 !ADBG_EXPECT_TRUE(c, (obj_found[1] != obj_found[0])))
2481 goto out;
2482
2483 rv = C_FindObjects(session, obj_found, 1, &hdl_count);
2484 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2485 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 0))
2486 goto out;
2487
2488 rv = C_FindObjectsFinal(session);
2489 if (!ADBG_EXPECT_CK_OK(c, rv))
2490 goto out;
2491
2492 Do_ADBG_EndSubCase(c, NULL);
2493
2494 /*
2495 * Sub test: Find objects with CKA_TOKEN=TRUE
2496 */
2497 Do_ADBG_BeginSubCase(c, "Find persistent objects");
2498
2499 rv = test_find_objects(c, session, find_token_template,
2500 ARRAY_SIZE(find_token_template),
2501 obj_found, ARRAY_SIZE(obj_found), 1);
2502 if (!ADBG_EXPECT_CK_OK(c, rv))
2503 goto out;
2504
2505 Do_ADBG_EndSubCase(c, NULL);
2506
2507 /*
2508 * Sub test: Find only session objects
2509 */
2510 Do_ADBG_BeginSubCase(c, "Find session objects");
2511
2512 rv = test_find_objects(c, session, find_session_template,
2513 ARRAY_SIZE(find_session_template),
2514 obj_found, ARRAY_SIZE(obj_found), 1);
2515 if (!ADBG_EXPECT_CK_OK(c, rv))
2516 goto out;
2517
2518 Do_ADBG_EndSubCase(c, NULL);
2519
2520 /*
2521 * Sub test:
2522 */
2523 Do_ADBG_BeginSubCase(c, "Login again and find Data objects");
2524
2525 /* Login to Test Token */
2526 rv = C_Login(session, CKU_USER, test_token_user_pin,
2527 sizeof(test_token_user_pin));
2528 if (!ADBG_EXPECT_CK_OK(c, rv))
2529 goto out;
2530
2531 logged_in = true;
2532
2533 rv = test_find_objects(c, session, find_template,
2534 ARRAY_SIZE(find_template),
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2535 obj_found, ARRAY_SIZE(obj_found), 3);
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2536 if (!ADBG_EXPECT_CK_OK(c, rv))
2537 goto out;
2538
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2539 rv = C_Logout(session);
2540 ADBG_EXPECT_CK_OK(c, rv);
2541
2542 logged_in = false;
2543
2544 Do_ADBG_EndSubCase(c, NULL);
2545
2546 /*
2547 * Sub test: Close session and open new session, find objects
2548 * without logging and after logging
2549 */
2550 Do_ADBG_BeginSubCase(c, "Find objects from brand new session");
2551
2552 rv = C_CloseSession(session);
2553 if (!ADBG_EXPECT_CK_OK(c, rv))
2554 goto destr_obj;
2555
2556 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2557 if (!ADBG_EXPECT_CK_OK(c, rv))
2558 goto destr_obj;
2559
2560 rv = test_find_objects(c, session, find_template,
2561 ARRAY_SIZE(find_template),
2562 obj_found, ARRAY_SIZE(obj_found), 1);
2563 if (!ADBG_EXPECT_CK_OK(c, rv))
2564 goto out;
2565
2566 /* Login to Test Token */
2567 rv = C_Login(session, CKU_USER, test_token_user_pin,
2568 sizeof(test_token_user_pin));
2569 if (!ADBG_EXPECT_CK_OK(c, rv))
2570 goto out;
2571
2572 logged_in = true;
2573
2574 rv = test_find_objects(c, session, find_template,
2575 ARRAY_SIZE(find_template),
2576 obj_found, ARRAY_SIZE(obj_found), 2);
2577 if (!ADBG_EXPECT_CK_OK(c, rv))
2578 goto out;
2579
2580 rv = C_Logout(session);
2581 ADBG_EXPECT_CK_OK(c, rv);
2582
2583 logged_in = false;
2584
2585 Do_ADBG_EndSubCase(c, NULL);
2586
2587 /*
2588 * Sub test: invalid call cases
2589 */
2590 Do_ADBG_BeginSubCase(c, "Invalid cases");
2591
2592 rv = C_FindObjectsFinal(session);
2593 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
2594
2595 rv = C_FindObjects(session,
2596 obj_found, ARRAY_SIZE(obj_found), &hdl_count);
2597 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
2598
2599 rv = C_FindObjectsInit(session, find_template,
2600 ARRAY_SIZE(find_template));
2601 if (!ADBG_EXPECT_CK_OK(c, rv))
2602 goto out;
2603
2604 rv = C_FindObjectsInit(session, find_template,
2605 ARRAY_SIZE(find_template));
2606 ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK);
2607
2608 rv = C_FindObjectsFinal(session);
2609 ADBG_EXPECT_CK_OK(c, rv);
2610
2611 rv = C_FindObjectsInit(session, find_template,
2612 ARRAY_SIZE(find_template));
2613 ADBG_EXPECT_CK_OK(c, rv);
2614
2615 /*
2616 * Intentionally do not finalize the active object search. It should be
2617 * released together with the session closure.
2618 */
2619 Do_ADBG_EndSubCase(c, NULL);
2620
2621out:
2622 if (logged_in)
2623 ADBG_EXPECT_CK_OK(c, C_Logout(session));
2624
2625 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2626
2627destr_obj:
2628 destroy_persistent_objects(c, slot);
2629close_lib:
2630 ADBG_EXPECT_CK_OK(c, close_lib());
2631}
2632ADBG_CASE_DEFINE(pkcs11, 1011, xtest_pkcs11_test_1011,
2633 "PKCS11: Test Find Objects");
Vesa Jääskeläinen33ada292021-01-13 23:17:55 +0200[diff] [blame]2634
2635static void xtest_pkcs11_test_1012(ADBG_Case_t *c)
2636{
2637 CK_RV rv = CKR_GENERAL_ERROR;
2638 CK_SLOT_ID slot = 0;
2639 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2640 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2641 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2642 CK_OBJECT_HANDLE key_hdl = CK_INVALID_HANDLE;
2643 size_t i = 0;
2644
2645 CK_OBJECT_CLASS obj_class = CKO_DATA;
2646 CK_BBOOL obj_token = CK_FALSE;
2647 CK_BBOOL obj_private = CK_FALSE;
2648 uint8_t obj_value[5] = { 1, 2, 3, 4, 5 };
2649 const char *obj_label = "Label";
2650
2651 CK_ATTRIBUTE object_template[] = {
2652 { CKA_CLASS, &obj_class, sizeof(obj_class) },
2653 { CKA_TOKEN, &obj_token, sizeof(obj_token) },
2654 { CKA_PRIVATE, &obj_private, sizeof(obj_private) },
2655 { CKA_VALUE, obj_value, sizeof(obj_value) },
2656 { CKA_LABEL, (CK_UTF8CHAR_PTR)obj_label, strlen(obj_label) },
2657 };
2658
2659 CK_OBJECT_CLASS secret_class = CKO_SECRET_KEY;
2660 CK_BBOOL secret_token = CK_FALSE;
2661 CK_BBOOL secret_private = CK_FALSE;
2662 CK_KEY_TYPE secret_key_type = CKK_GENERIC_SECRET;
2663 CK_ULONG secret_len = 32;
2664 CK_MECHANISM_TYPE secret_allowed_mecha[] = { CKM_SHA_1_HMAC,
2665 CKM_SHA224_HMAC,
2666 CKM_SHA256_HMAC };
2667
2668 CK_ATTRIBUTE secret_template[] = {
2669 { CKA_CLASS, &secret_class, sizeof(secret_class) },
2670 { CKA_TOKEN, &secret_token, sizeof(secret_token) },
2671 { CKA_PRIVATE, &secret_private, sizeof(secret_private) },
2672 { CKA_KEY_TYPE, &secret_key_type, sizeof(secret_key_type) },
2673 { CKA_VALUE_LEN, &secret_len, sizeof(secret_len) },
2674 { CKA_ALLOWED_MECHANISMS, secret_allowed_mecha,
2675 sizeof(secret_allowed_mecha) }
2676 };
2677
2678 CK_BBOOL g_token = CK_TRUE;
2679 CK_BBOOL g_private = CK_TRUE;
2680 CK_OBJECT_CLASS g_class = ~0;
2681 uint8_t g_value[128] = { 0 };
2682 CK_MECHANISM_TYPE g_mecha_list[10] = { 0 };
2683
2684 uint8_t *data_ptr = NULL;
2685
2686 CK_ATTRIBUTE get_attr_template_bc[] = {
2687 { CKA_TOKEN, &g_token, sizeof(g_token) },
2688 { CKA_CLASS, &g_class, sizeof(g_class) },
2689 };
2690
2691 CK_ATTRIBUTE get_attr_template_cb[] = {
2692 { CKA_CLASS, &g_class, sizeof(g_class) },
2693 { CKA_TOKEN, &g_token, sizeof(g_token) },
2694 };
2695
2696 CK_ATTRIBUTE get_attr_template_ve[] = {
2697 { CKA_VALUE, &g_value, sizeof(obj_value) },
2698 };
2699
2700 CK_ATTRIBUTE get_attr_template_vl[] = {
2701 { CKA_VALUE, &g_value, sizeof(g_value) },
2702 };
2703
2704 CK_ATTRIBUTE get_attr_template_bvecb[] = {
2705 { CKA_TOKEN, &g_token, sizeof(g_token) },
2706 { CKA_VALUE, &g_value, sizeof(obj_value) },
2707 { CKA_CLASS, &g_class, sizeof(g_class) },
2708 { CKA_TOKEN, &g_private, sizeof(g_private) },
2709 };
2710
2711 CK_ATTRIBUTE get_attr_template_bvlcb[] = {
2712 { CKA_TOKEN, &g_token, sizeof(g_token) },
2713 { CKA_VALUE, &g_value, sizeof(g_value) },
2714 { CKA_CLASS, &g_class, sizeof(g_class) },
2715 { CKA_TOKEN, &g_private, sizeof(g_private) },
2716 };
2717
2718 CK_ATTRIBUTE get_attr_template_am[] = {
2719 { CKA_ALLOWED_MECHANISMS, &g_mecha_list, sizeof(g_mecha_list) },
2720 };
2721
2722 rv = init_lib_and_find_token_slot(&slot);
2723 if (!ADBG_EXPECT_CK_OK(c, rv))
2724 return;
2725
2726 rv = init_test_token(slot);
2727 if (!ADBG_EXPECT_CK_OK(c, rv))
2728 goto close_lib;
2729
2730 rv = init_user_test_token(slot);
2731 if (!ADBG_EXPECT_CK_OK(c, rv))
2732 goto close_lib;
2733
2734 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2735 if (!ADBG_EXPECT_CK_OK(c, rv))
2736 goto close_lib;
2737
2738 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2739 rv = C_CreateObject(session, object_template,
2740 ARRAY_SIZE(object_template), &obj_hdl);
2741 if (!ADBG_EXPECT_CK_OK(c, rv))
2742 goto out;
2743
2744 /*
2745 * Sub test: Test Boolean (1 byte) + object class (CK_ULONG)
2746 */
2747 Do_ADBG_BeginSubCase(c, "Get Attribute - boolean + class");
2748 g_token = CK_TRUE;
2749 g_class = ~0;
2750
2751 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bc,
2752 ARRAY_SIZE(get_attr_template_bc));
2753 if (!ADBG_EXPECT_CK_OK(c, rv))
2754 goto out;
2755
2756 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2757 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2758
2759 Do_ADBG_EndSubCase(c, NULL);
2760
2761 /*
2762 * Sub test: object class (CK_ULONG) + Test Boolean (1 byte)
2763 */
2764 Do_ADBG_BeginSubCase(c, "Get Attribute - class + boolean");
2765 g_token = CK_TRUE;
2766 g_class = ~0;
2767
2768 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_cb,
2769 ARRAY_SIZE(get_attr_template_cb));
2770 if (!ADBG_EXPECT_CK_OK(c, rv))
2771 goto out;
2772
2773 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2774 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2775
2776 Do_ADBG_EndSubCase(c, NULL);
2777
2778 /*
2779 * Sub test: value with exact size
2780 */
2781 Do_ADBG_BeginSubCase(c, "Get Attribute - value with exact size buffer");
2782 memset(g_value, 0xCC, sizeof(g_value));
2783
2784 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_ve,
2785 ARRAY_SIZE(get_attr_template_ve));
2786 if (!ADBG_EXPECT_CK_OK(c, rv))
2787 goto out;
2788
2789 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_ve[0].ulValueLen, ==, sizeof(obj_value));
2790 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2791 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2792 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2793 break;
2794
2795 Do_ADBG_EndSubCase(c, NULL);
2796
2797 /*
2798 * Sub test: value with larger buffer
2799 */
2800 Do_ADBG_BeginSubCase(c, "Get Attribute - value with larger buffer");
2801 memset(g_value, 0xCC, sizeof(g_value));
2802
2803 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_vl,
2804 ARRAY_SIZE(get_attr_template_vl));
2805 if (!ADBG_EXPECT_CK_OK(c, rv))
2806 goto out;
2807
2808 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_vl[0].ulValueLen, ==, sizeof(obj_value));
2809 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2810 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2811 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2812 break;
2813
2814 Do_ADBG_EndSubCase(c, NULL);
2815
2816 /*
2817 * Sub test: bool + value with exact size + class + bool
2818 */
2819 Do_ADBG_BeginSubCase(c, "Get Attribute - bool + value with exact size + class + bool");
2820 memset(g_value, 0xCC, sizeof(g_value));
2821 g_token = CK_TRUE;
2822 g_private = CK_TRUE;
2823 g_class = ~0;
2824
2825 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bvecb,
2826 ARRAY_SIZE(get_attr_template_bvecb));
2827 if (!ADBG_EXPECT_CK_OK(c, rv))
2828 goto out;
2829
2830 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_bvecb[1].ulValueLen,
2831 ==, sizeof(obj_value));
2832 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2833 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2834 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2835 break;
2836
2837 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2838 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2839 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE);
2840
2841 Do_ADBG_EndSubCase(c, NULL);
2842
2843 /*
2844 * Sub test: bool + value with larger buffer + class + bool
2845 */
2846 Do_ADBG_BeginSubCase(c, "Get Attribute - bool + value with larger buffer + class + bool");
2847 memset(g_value, 0xCC, sizeof(g_value));
2848 g_token = CK_TRUE;
2849 g_private = CK_TRUE;
2850 g_class = ~0;
2851
2852 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bvlcb,
2853 ARRAY_SIZE(get_attr_template_bvlcb));
2854 if (!ADBG_EXPECT_CK_OK(c, rv))
2855 goto out;
2856
2857 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_bvlcb[1].ulValueLen,
2858 ==, sizeof(obj_value));
2859 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2860 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2861 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2862 break;
2863
2864 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2865 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2866 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE);
2867
2868 Do_ADBG_EndSubCase(c, NULL);
2869
2870 /*
2871 * Sub test: allowed mechanism list
2872 */
2873 Do_ADBG_BeginSubCase(c, "Get Attribute - allowed mechanism list");
2874 memset(g_mecha_list, 0xCC, sizeof(g_mecha_list));
2875
2876 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2877 secret_template, ARRAY_SIZE(secret_template),
2878 &key_hdl);
2879 if (!ADBG_EXPECT_CK_OK(c, rv))
2880 goto out;
2881
2882 rv = C_GetAttributeValue(session, key_hdl, get_attr_template_am,
2883 ARRAY_SIZE(get_attr_template_am));
2884 if (!ADBG_EXPECT_CK_OK(c, rv))
2885 goto out;
2886
2887 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_am[0].ulValueLen, ==,
2888 sizeof(secret_allowed_mecha));
2889
2890 for (i = 0; i < sizeof(secret_allowed_mecha) / sizeof(*secret_allowed_mecha); i++)
2891 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_mecha_list[i], ==, secret_allowed_mecha[i]))
2892 break;
2893
2894 data_ptr = (uint8_t *)g_mecha_list;
2895 for (i = sizeof(secret_allowed_mecha); i < sizeof(g_mecha_list); i++)
2896 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, data_ptr[i], ==, 0xCC))
2897 break;
2898
2899 Do_ADBG_EndSubCase(c, NULL);
2900
2901out:
2902 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2903
2904close_lib:
2905 ADBG_EXPECT_CK_OK(c, close_lib());
2906}
2907ADBG_CASE_DEFINE(pkcs11, 1012, xtest_pkcs11_test_1012,
2908 "PKCS11: Serializer tests");
Ruchika Guptafdabbfa2021-01-25 11:55:18 +0530[diff] [blame]2909
2910static void xtest_pkcs11_test_1013(ADBG_Case_t *c)
2911{
2912 CK_RV rv = CKR_GENERAL_ERROR;
2913 CK_SLOT_ID slot = 0;
2914 CK_SESSION_HANDLE rw_session = CK_INVALID_HANDLE;
2915 CK_SESSION_HANDLE ro_session = CK_INVALID_HANDLE;
2916 CK_FLAGS rw_session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2917 CK_FLAGS ro_session_flags = CKF_SERIAL_SESSION;
2918 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2919 const char *label = "Dummy Objects";
2920 bool ro_logged_in = false;
2921
2922 rv = init_lib_and_find_token_slot(&slot);
2923 if (!ADBG_EXPECT_CK_OK(c, rv))
2924 return;
2925
2926 rv = init_test_token(slot);
2927 if (!ADBG_EXPECT_CK_OK(c, rv))
2928 goto close_lib;
2929
2930 rv = init_user_test_token(slot);
2931 if (!ADBG_EXPECT_CK_OK(c, rv))
2932 goto close_lib;
2933
2934 /* Open a RW session */
2935 rv = C_OpenSession(slot, rw_session_flags, NULL, 0, &rw_session);
2936 if (!ADBG_EXPECT_CK_OK(c, rv))
2937 goto close_lib;
2938
2939 /* Open a RO session */
2940 rv = C_OpenSession(slot, ro_session_flags, NULL, 0, &ro_session);
2941 if (!ADBG_EXPECT_CK_OK(c, rv))
2942 goto close_lib;
2943
2944 /*
2945 * Sub test: Check object creation from a R/O Public session
2946 */
2947 Do_ADBG_BeginSubCase(c, "Create objects in R/O Public Session");
2948
2949 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2950 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
2951 CK_FALSE, label);
2952 if (!ADBG_EXPECT_CK_OK(c, rv))
2953 goto out;
2954
2955 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2956 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
2957 CK_TRUE, label);
2958 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2959 goto out;
2960
2961 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2962 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
2963 CK_FALSE, label);
2964 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
2965 goto out;
2966
2967 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
2968 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
2969 CK_TRUE, label);
2970 /* For Token object creation, SESSION_READ_ONLY will take priority */
2971 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
2972 goto out;
2973
2974 Do_ADBG_EndSubCase(c, NULL);
2975
2976 /*
2977 * Sub test: Check access for a R/W Public session
2978 */
2979 Do_ADBG_BeginSubCase(c, "Create objects in R/O Public Session");
2980
2981 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2982 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
2983 CK_FALSE, label);
2984 if (!ADBG_EXPECT_CK_OK(c, rv))
2985 goto out;
2986
2987 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2988 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
2989 CK_TRUE, label);
2990 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2991 goto out;
2992
2993 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2994 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
2995 CK_FALSE, label);
2996 if (!ADBG_EXPECT_CK_OK(c, rv))
2997 goto out;
2998
2999 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3000 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3001 CK_TRUE, label);
3002 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3003 goto out;
3004
3005 Do_ADBG_EndSubCase(c, NULL);
3006
3007 /*
3008 * Sub test: Check access for a R/O User session
3009 */
3010 Do_ADBG_BeginSubCase(c, "Create objects in R/O User Session");
3011
3012 /* Login to Test Token */
3013 rv = C_Login(ro_session, CKU_USER, test_token_user_pin,
3014 sizeof(test_token_user_pin));
3015 if (!ADBG_EXPECT_CK_OK(c, rv))
3016 goto out;
3017
3018 ro_logged_in = true;
3019
3020 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3021 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3022 CK_FALSE, label);
3023 if (!ADBG_EXPECT_CK_OK(c, rv))
3024 goto out;
3025
3026 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3027 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3028 CK_TRUE, label);
3029 if (!ADBG_EXPECT_CK_OK(c, rv))
3030 goto out;
3031
3032 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3033 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3034 CK_FALSE, label);
3035 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3036 goto out;
3037
3038 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3039 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3040 CK_TRUE, label);
3041 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3042 goto out;
3043
3044 Do_ADBG_EndSubCase(c, NULL);
3045
3046 /*
3047 * Sub test: Check access for a R/W User session
3048 */
3049 Do_ADBG_BeginSubCase(c, "Create objects in R/W User Session");
3050
3051 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3052 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3053 CK_FALSE, label);
3054 if (!ADBG_EXPECT_CK_OK(c, rv))
3055 goto out;
3056
3057 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3058 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3059 CK_TRUE, label);
3060 if (!ADBG_EXPECT_CK_OK(c, rv))
3061 goto out;
3062
3063 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3064 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3065 CK_FALSE, label);
3066 if (!ADBG_EXPECT_CK_OK(c, rv))
3067 goto out;
3068
3069 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3070 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3071 CK_TRUE, label);
3072 if (!ADBG_EXPECT_CK_OK(c, rv))
3073 goto out;
3074
3075 /* Log out */
3076 ADBG_EXPECT_CK_OK(c, C_Logout(ro_session));
3077 ro_logged_in = false;
3078
3079 /* Close RO session */
3080 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3081 ro_session = CK_INVALID_HANDLE;
3082
3083 Do_ADBG_EndSubCase(c, NULL);
3084
3085 /*
3086 * Sub test: Check access for a R/W SO session
3087 */
3088 Do_ADBG_BeginSubCase(c, "Create objects in R/W SO Session");
3089
3090 /* Login as security officer in RW session */
3091 rv = C_Login(rw_session, CKU_SO, test_token_so_pin,
3092 sizeof(test_token_so_pin));
3093 if (!ADBG_EXPECT_CK_OK(c, rv))
3094 goto out;
3095
3096 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3097 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3098 CK_FALSE, label);
3099 if (!ADBG_EXPECT_CK_OK(c, rv))
3100 goto logout;
3101
3102 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3103 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3104 CK_TRUE, label);
3105 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3106 goto logout;
3107
3108 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3109 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3110 CK_FALSE, label);
3111 if (!ADBG_EXPECT_CK_OK(c, rv))
3112 goto logout;
3113
3114 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3115 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3116 CK_TRUE, label);
3117 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3118 goto logout;
3119
3120logout:
3121 ADBG_EXPECT_CK_OK(c, C_Logout(rw_session));
3122out:
3123 if (ro_logged_in)
3124 ADBG_EXPECT_CK_OK(c, C_Logout(ro_session));
3125
3126 if (ro_session != CK_INVALID_HANDLE)
3127 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3128
3129 ADBG_EXPECT_CK_OK(c, C_CloseSession(rw_session));
3130
3131 Do_ADBG_EndSubCase(c, NULL);
3132
3133 destroy_persistent_objects(c, slot);
3134close_lib:
3135 ADBG_EXPECT_CK_OK(c, close_lib());
3136
3137}
3138ADBG_CASE_DEFINE(pkcs11, 1013, xtest_pkcs11_test_1013,
3139 "PKCS11: Object creation upon session type");
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3140
3141static void xtest_pkcs11_test_1014(ADBG_Case_t *c)
3142{
3143 CK_RV rv = CKR_GENERAL_ERROR;
3144 CK_SLOT_ID slot = 0;
3145 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3146 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3147 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
3148 const char *id = "1";
3149 const char *label = "Dummy Objects";
3150 const char *new_label = "New Object lable";
3151 size_t n = 0;
3152 char *g_label[100] = { };
3153 char *g_id[100] = { };
3154 CK_MECHANISM_TYPE secret_allowed_mecha[] = { CKM_SHA_1_HMAC,
3155 CKM_SHA224_HMAC,
3156 CKM_SHA256_HMAC };
3157 CK_ATTRIBUTE secret_key_template[] = {
3158 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3159 sizeof(CK_OBJECT_CLASS) },
3160 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3161 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3162 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3163 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3164 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3165 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3166 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
3167 sizeof(CK_KEY_TYPE) },
3168 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3169 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3170 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3171 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3172 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3173 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3174 { CKA_ALLOWED_MECHANISMS, secret_allowed_mecha,
3175 sizeof(secret_allowed_mecha) },
3176 };
3177 CK_BBOOL g_derive = CK_FALSE;
3178 CK_BBOOL g_sign = CK_FALSE;
3179 CK_BBOOL g_verify = CK_FALSE;
3180 CK_BBOOL g_encrypt = CK_FALSE;
3181 CK_BBOOL g_decrypt = CK_FALSE;
3182 CK_BBOOL g_wrap = CK_FALSE;
3183 CK_BBOOL g_unwrap = CK_FALSE;
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3184 uint32_t g_len = 0;
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3185 CK_ATTRIBUTE get_template[] = {
3186 { CKA_LABEL, (CK_UTF8CHAR_PTR)g_label, sizeof(g_label) },
3187 { CKA_ID, (CK_BYTE_PTR)g_id, sizeof(g_id) },
3188 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
3189 { CKA_SIGN, &g_sign, sizeof(CK_BBOOL) },
3190 { CKA_VERIFY, &g_verify, sizeof(CK_BBOOL) },
3191 { CKA_ENCRYPT, &g_encrypt, sizeof(CK_BBOOL) },
3192 { CKA_DECRYPT, &g_decrypt, sizeof(CK_BBOOL) },
3193 { CKA_WRAP, &g_wrap, sizeof(CK_BBOOL) },
3194 { CKA_UNWRAP, &g_unwrap, sizeof(CK_BBOOL) },
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3195 { CKA_VALUE_LEN, &g_len, sizeof(CK_ULONG) },
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3196 };
3197 CK_ATTRIBUTE set_template[] = {
3198 { CKA_LABEL, (CK_UTF8CHAR_PTR)new_label, strlen(new_label) },
3199 { CKA_ID, (CK_BYTE_PTR)id, strlen(id) },
3200 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3201 { CKA_WRAP, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3202 { CKA_UNWRAP, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3203 { CKA_SIGN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3204 { CKA_VERIFY, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3205 { CKA_ENCRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3206 { CKA_DECRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3207 /* CKA_SENSITIVE -> CK_FALSE to CK_TRUE is allowed */
3208 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3209 /* CKA_EXTRACTABLE -> CK_TRUE to CK_FALSE is allowed */
3210 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3211 /* CKA_COPYABLE -> CK_TRUE to CK_FALSE is allowed */
3212 { CKA_COPYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3213 };
3214 CK_ATTRIBUTE set_inv_template1[] = {
3215 /* Attributes Not Modifiable */
3216 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA},
3217 sizeof(CK_OBJECT_CLASS) },
3218 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3219 { CKA_ALWAYS_SENSITIVE, &(CK_BBOOL){CK_FALSE},
3220 sizeof(CK_BBOOL) },
3221 { CKA_NEVER_EXTRACTABLE, &(CK_BBOOL){CK_FALSE},
3222 sizeof(CK_BBOOL) },
3223 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3224 { CKA_PRIVATE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3225 { CKA_MODIFIABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3226 { CKA_DESTROYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3227 /* Change not allowed from CK_TRUE -> CK_FALSE */
3228 { CKA_SENSITIVE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3229 /* Change not allowed from CK_FALSE -> CK_TRUE */
3230 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3231 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3232 };
3233 CK_ATTRIBUTE set_inv_template2[] = {
3234 { CKA_APPLICATION, (CK_UTF8CHAR_PTR)label, sizeof(label) },
3235 };
3236 CK_ATTRIBUTE set_trusted_template[] = {
3237 { CKA_TRUSTED, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3238 };
3239
3240 rv = init_lib_and_find_token_slot(&slot);
3241 if (!ADBG_EXPECT_CK_OK(c, rv))
3242 return;
3243
3244 rv = init_test_token(slot);
3245 if (!ADBG_EXPECT_CK_OK(c, rv))
3246 goto close_lib;
3247
3248 rv = init_user_test_token(slot);
3249 if (!ADBG_EXPECT_CK_OK(c, rv))
3250 goto close_lib;
3251
3252 /* Open a RW session */
3253 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3254 if (!ADBG_EXPECT_CK_OK(c, rv))
3255 goto close_lib;
3256
3257 /* Create a secret key object */
3258 rv = C_CreateObject(session, secret_key_template,
3259 ARRAY_SIZE(secret_key_template), &obj_hdl);
3260 if (!ADBG_EXPECT_CK_OK(c, rv))
3261 goto close_session;
3262
3263 Do_ADBG_BeginSubCase(c, "Set attributes on secret key object");
3264
3265 rv = C_GetAttributeValue(session, obj_hdl, get_template,
3266 ARRAY_SIZE(get_template));
3267 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3268 !ADBG_EXPECT_BUFFER(c, label, strlen(label), g_label,
3269 get_template[0].ulValueLen) ||
3270 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
3271 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_FALSE) ||
3272 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_FALSE) ||
3273 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_TRUE) ||
3274 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_TRUE) ||
3275 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_TRUE) ||
3276 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_TRUE) ||
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3277 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_len, ==, 16) ||
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3278 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_template[1].ulValueLen, ==, 0))
3279 goto out;
3280
3281 rv = C_SetAttributeValue(session, obj_hdl, set_template,
3282 ARRAY_SIZE(set_template));
3283 if (!ADBG_EXPECT_CK_OK(c, rv))
3284 goto out;
3285
3286 get_template[0].ulValueLen = sizeof(g_label);
3287 get_template[1].ulValueLen = sizeof(g_id);
3288 rv = C_GetAttributeValue(session, obj_hdl, get_template,
3289 ARRAY_SIZE(get_template));
3290 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3291 !ADBG_EXPECT_BUFFER(c, new_label, strlen(new_label), g_label,
3292 get_template[0].ulValueLen) ||
3293 !ADBG_EXPECT_BUFFER(c, id, strlen(id), g_id,
3294 get_template[1].ulValueLen) ||
3295 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_TRUE) ||
3296 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_TRUE) ||
3297 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_TRUE) ||
3298 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_FALSE) ||
3299 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_FALSE) ||
3300 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_FALSE) ||
3301 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_FALSE))
3302 goto out;
3303
3304 Do_ADBG_EndSubCase(c, NULL);
3305
3306 Do_ADBG_BeginSubCase(c, "Test Invalid template with R/O Attributes");
3307
3308 for (n = 0; n < ARRAY_SIZE(set_inv_template1); n++) {
3309 rv = C_SetAttributeValue(session, obj_hdl,
3310 &set_inv_template1[n], 1);
3311 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_READ_ONLY, rv))
3312 goto out;
3313 }
3314
3315 Do_ADBG_EndSubCase(c, NULL);
3316
3317 Do_ADBG_BeginSubCase(c, "Test Invalid template with Invalid Attribute");
3318
3319 rv = C_SetAttributeValue(session, obj_hdl, set_inv_template2,
3320 ARRAY_SIZE(set_inv_template2));
3321 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_TYPE_INVALID, rv))
3322 goto out;
3323
3324 Do_ADBG_EndSubCase(c, NULL);
3325
3326 Do_ADBG_BeginSubCase(c, "Set CKA_TRUSTED with and w/o SO Login");
3327
3328 rv = C_SetAttributeValue(session, obj_hdl, set_trusted_template,
3329 ARRAY_SIZE(set_trusted_template));
3330 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_READ_ONLY, rv))
3331 goto out;
3332
3333 /* Login as SO in RW session */
3334 rv = C_Login(session, CKU_SO, test_token_so_pin,
3335 sizeof(test_token_so_pin));
3336 if (!ADBG_EXPECT_CK_OK(c, rv))
3337 goto out;
3338
3339 rv = C_SetAttributeValue(session, obj_hdl, set_trusted_template,
3340 ARRAY_SIZE(set_trusted_template));
3341 ADBG_EXPECT_CK_OK(c, rv);
3342
3343 ADBG_EXPECT_CK_OK(c, C_Logout(session));
3344out:
3345 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, obj_hdl));
3346
3347 Do_ADBG_EndSubCase(c, NULL);
3348
3349close_session:
3350 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
3351
3352close_lib:
3353 ADBG_EXPECT_CK_OK(c, close_lib());
3354}
3355ADBG_CASE_DEFINE(pkcs11, 1014, xtest_pkcs11_test_1014,
3356 "PKCS11: Test C_SetAttributeValue()");
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3357
3358static void xtest_pkcs11_test_1015(ADBG_Case_t *c)
3359{
3360 CK_RV rv = CKR_GENERAL_ERROR;
3361 CK_SLOT_ID slot = 0;
3362 CK_SESSION_HANDLE rw_session = CK_INVALID_HANDLE;
3363 CK_SESSION_HANDLE ro_session = CK_INVALID_HANDLE;
3364 CK_FLAGS rw_session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3365 CK_FLAGS ro_session_flags = CKF_SERIAL_SESSION;
3366 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
3367 CK_OBJECT_HANDLE obj_hdl_ro = CK_INVALID_HANDLE;
3368 CK_OBJECT_HANDLE obj_hdl_cp = CK_INVALID_HANDLE;
3369 const char *label = "Dummy Objects";
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3370 CK_ATTRIBUTE secret_key_create_template[] = {
3371 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3372 sizeof(CK_OBJECT_CLASS) },
3373 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
3374 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3375 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3376 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3377 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3378 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3379 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3380 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
3381 };
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3382 CK_ATTRIBUTE secret_key_template[] = {
3383 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3384 sizeof(CK_OBJECT_CLASS) },
3385 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
3386 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3387 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3388 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3389 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3390 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3391 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3392 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3393 };
3394 CK_BBOOL g_token = CK_FALSE;
3395 CK_BBOOL g_private = CK_FALSE;
3396 CK_BBOOL g_modify = CK_FALSE;
3397 CK_BBOOL g_copy = CK_FALSE;
3398 CK_BBOOL g_destroy = CK_FALSE;
3399 CK_BBOOL g_extract = CK_FALSE;
3400 CK_BBOOL g_sensitive = CK_FALSE;
3401 CK_BBOOL g_nextract = CK_FALSE;
3402 CK_BBOOL g_asensitive = CK_FALSE;
3403 CK_BBOOL g_local = CK_FALSE;
3404 CK_ATTRIBUTE get_template[] = {
3405 { CKA_TOKEN, &g_token, sizeof(CK_BBOOL) },
3406 { CKA_PRIVATE, &g_private, sizeof(CK_BBOOL) },
3407 { CKA_MODIFIABLE, &g_modify, sizeof(CK_BBOOL) },
3408 { CKA_COPYABLE, &g_copy, sizeof(CK_BBOOL) },
3409 { CKA_DESTROYABLE, &g_destroy, sizeof(CK_BBOOL) },
3410 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
3411 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
3412 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
3413 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
3414 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
3415 };
3416 CK_ATTRIBUTE copy_template[] = {
3417 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3418 { CKA_MODIFIABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3419 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3420 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3421 };
3422 CK_ATTRIBUTE copy_template_inv[] = {
3423 { CKA_APPLICATION, (CK_UTF8CHAR_PTR)label, sizeof(label) },
3424 };
3425 CK_ATTRIBUTE copy_template_priv[] = {
3426 { CKA_PRIVATE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3427 };
3428 CK_ATTRIBUTE set_template[] = {
3429 { CKA_COPYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3430 };
3431
3432 rv = init_lib_and_find_token_slot(&slot);
3433 if (!ADBG_EXPECT_CK_OK(c, rv))
3434 return;
3435
3436 rv = init_test_token(slot);
3437 if (!ADBG_EXPECT_CK_OK(c, rv))
3438 goto close_lib;
3439
3440 rv = init_user_test_token(slot);
3441 if (!ADBG_EXPECT_CK_OK(c, rv))
3442 goto close_lib;
3443
3444 /* Open a RW session */
3445 rv = C_OpenSession(slot, rw_session_flags, NULL, 0, &rw_session);
3446 if (!ADBG_EXPECT_CK_OK(c, rv))
3447 goto close_lib;
3448
3449 /* Open a RO session */
3450 rv = C_OpenSession(slot, ro_session_flags, NULL, 0, &ro_session);
3451 if (!ADBG_EXPECT_CK_OK(c, rv))
3452 goto close_session;
3453
3454 /* Generate a secret key object in rw session */
3455 rv = C_GenerateKey(rw_session, &cktest_aes_keygen_mechanism,
3456 secret_key_template,
3457 ARRAY_SIZE(secret_key_template), &obj_hdl);
3458 if (!ADBG_EXPECT_CK_OK(c, rv))
3459 goto close_session;
3460
3461 /* Check its attribute values */
3462 rv = C_GetAttributeValue(rw_session, obj_hdl, get_template,
3463 ARRAY_SIZE(get_template));
3464 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3465 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3466 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3467 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3468 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3469 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3470 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
3471 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3472 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3473 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3474 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3475 goto close_session;
3476
3477 /* Create a secret key object in ro session*/
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3478 rv = C_CreateObject(ro_session, secret_key_create_template,
3479 ARRAY_SIZE(secret_key_create_template), &obj_hdl_ro);
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3480 if (!ADBG_EXPECT_CK_OK(c, rv))
3481 goto close_session;
3482
3483 /*
3484 * Duplicate the object generated in RW session using C_GenerateKey() to
3485 * another object. Pass Template as NULL and test the attributes of
3486 * new created object.
3487 */
3488 Do_ADBG_BeginSubCase(c, "Copy Local Obj with NULL Template");
3489 rv = C_CopyObject(rw_session, obj_hdl, NULL, 0, &obj_hdl_cp);
3490 if (!ADBG_EXPECT_CK_OK(c, rv))
3491 goto out;
3492
3493 /*
3494 * Check its attribute values, should match the original object.
3495 * CKA_LOCAL shall be TRUE even in copied object as original object
3496 * was generated using C_GenerateKey()
3497 */
3498 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_template,
3499 ARRAY_SIZE(get_template));
3500 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3501 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3502 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3503 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3504 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3505 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3506 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
3507 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3508 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3509 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3510 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3511 goto out;
3512
3513 rv = C_DestroyObject(rw_session, obj_hdl_cp);
3514 if (!ADBG_EXPECT_CK_OK(c, rv))
3515 goto out;
3516
3517 obj_hdl_cp = CK_INVALID_HANDLE;
3518
3519 Do_ADBG_EndSubCase(c, NULL);
3520
3521 /*
3522 * Duplicate the object generated in RO session using C_CreateObject()
3523 * to another object. Pass Template as NULL and test the attributes of
3524 * new created object.
3525 */
3526 Do_ADBG_BeginSubCase(c, "Copy a non-local object with NULL Template");
3527
3528 /* Copy ro session object */
3529 rv = C_CopyObject(ro_session, obj_hdl_ro, NULL, 0, &obj_hdl_cp);
3530 if (!ADBG_EXPECT_CK_OK(c, rv))
3531 goto out;
3532
3533 /*
3534 * Check its attribute values, should match the original object.
3535 * CKA_LOCAL shall be FALSE even in copied object as original object
3536 * was generated using C_CreateObject()
3537 */
3538 rv = C_GetAttributeValue(ro_session, obj_hdl_cp, get_template,
3539 ARRAY_SIZE(get_template));
3540 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3541 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3542 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3543 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3544 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3545 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3546 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
3547 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3548 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3549 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3550 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3551 goto out;
3552
3553 rv = C_DestroyObject(ro_session, obj_hdl_cp);
3554 if (!ADBG_EXPECT_CK_OK(c, rv))
3555 goto out;
3556
3557 obj_hdl_cp = CK_INVALID_HANDLE;
3558
3559 Do_ADBG_EndSubCase(c, NULL);
3560
3561 /*
3562 * Test copying object with a valid template and check if attributes
3563 * get modified as indicated in the template. Checks modification of
3564 * attributes like CKA_TOKEN, CKA_MODIFIABLE which were not modifiable
3565 * via C_SetAttributeValue(). Also modifies the CKA_SENSITIVE,
3566 * CKA_EXTRACTABLE and checks corresponding values of RO attributes
3567 * CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE.
3568 */
3569 Do_ADBG_BeginSubCase(c, "Copy Object with Valid Template");
3570
3571 /*
3572 * Copy Session Object as a Token object
3573 * Properties CKA_MODIFIABLE turned to FALSE
3574 * CKA_EXTRACTABLE changed from TRUE to FALSE
3575 * CKA_NEVER_EXTRACTABLE should be FALSE.
3576 * CKA_SENSITIVE set to TRUE
3577 * However CKA_ALWAYS_SENSITIVE should be FALSE
3578 */
3579 rv = C_CopyObject(rw_session, obj_hdl, copy_template,
3580 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3581 if (!ADBG_EXPECT_CK_OK(c, rv))
3582 goto out;
3583
3584 /* Check the changed attribute values */
3585 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_template,
3586 ARRAY_SIZE(get_template));
3587 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3588 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_TRUE) ||
3589 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_FALSE) ||
3590 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
3591 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3592 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
3593 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3594 goto out;
3595
3596 /*
3597 * The copied object has CKA_MODIFIABLE set to FALSE. Check if
3598 * call to C_SetAttributeValue() returns CKR_ACTION_PROHIBITED
3599 */
3600 rv = C_SetAttributeValue(rw_session, obj_hdl_cp, set_template,
3601 ARRAY_SIZE(set_template));
3602 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ACTION_PROHIBITED, rv))
3603 goto out;
3604
3605 rv = C_DestroyObject(rw_session, obj_hdl_cp);
3606 if (!ADBG_EXPECT_CK_OK(c, rv))
3607 goto out;
3608
3609 obj_hdl_cp = CK_INVALID_HANDLE;
3610
3611 Do_ADBG_EndSubCase(c, NULL);
3612
3613 /*
3614 * Test changing the CKA_PRIVATE to TRUE when copying object.
3615 * Fails when user is not logged in. Passes after user logs in
3616 */
3617 Do_ADBG_BeginSubCase(c, "Copy Object as a Private Object");
3618
3619 /* The first attempt will fail as user is not logged in */
3620 rv = C_CopyObject(rw_session, obj_hdl, copy_template_priv,
3621 ARRAY_SIZE(copy_template_priv), &obj_hdl_cp);
3622 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3623 goto out;
3624
3625 /* Login to Test Token and repeat*/
3626 rv = C_Login(rw_session, CKU_USER, test_token_user_pin,
3627 sizeof(test_token_user_pin));
3628 if (!ADBG_EXPECT_CK_OK(c, rv))
3629 goto out;
3630
3631 /* Try copying a public object to a private object - should pass */
3632 rv = C_CopyObject(rw_session, obj_hdl, copy_template_priv,
3633 ARRAY_SIZE(copy_template_priv), &obj_hdl_cp);
3634 if (!ADBG_EXPECT_CK_OK(c, rv)) {
3635 ADBG_EXPECT_CK_OK(c, C_Logout(rw_session));
3636 goto out;
3637 }
3638
3639 if (!ADBG_EXPECT_CK_OK(c, C_Logout(rw_session)))
3640 goto out;
3641
3642 Do_ADBG_EndSubCase(c, NULL);
3643
3644 Do_ADBG_BeginSubCase(c, "Copy Object with Invalid Template");
3645
3646 rv = C_CopyObject(rw_session, obj_hdl, copy_template_inv,
3647 ARRAY_SIZE(copy_template_inv), &obj_hdl_cp);
3648 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_TYPE_INVALID, rv))
3649 goto out;
3650
3651 Do_ADBG_EndSubCase(c, NULL);
3652
3653 Do_ADBG_BeginSubCase(c, "Copy Object with COPYABLE false");
3654
3655 rv = C_SetAttributeValue(rw_session, obj_hdl, set_template,
3656 ARRAY_SIZE(set_template));
3657 if (!ADBG_EXPECT_CK_OK(c, rv))
3658 goto out;
3659
3660 rv = C_CopyObject(rw_session, obj_hdl, copy_template,
3661 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3662 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ACTION_PROHIBITED, rv))
3663 goto out;
3664
3665 Do_ADBG_EndSubCase(c, NULL);
3666
3667 Do_ADBG_BeginSubCase(c, "Copy session object to token in RO session");
3668
3669 rv = C_CopyObject(ro_session, obj_hdl_ro, copy_template,
3670 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3671 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3672 goto out;
3673
3674out:
3675 Do_ADBG_EndSubCase(c, NULL);
3676
3677 /* Destroy any token objects which may have been created */
3678 destroy_persistent_objects(c, slot);
3679
3680close_session:
3681 /* Closing session will also destroy all session objects */
3682 if (ro_session != CK_INVALID_HANDLE)
3683 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3684
3685 ADBG_EXPECT_CK_OK(c, C_CloseSession(rw_session));
3686
3687close_lib:
3688 ADBG_EXPECT_CK_OK(c, close_lib());
3689}
3690ADBG_CASE_DEFINE(pkcs11, 1015, xtest_pkcs11_test_1015,
3691 "PKCS11: Test C_CopyObject()");
Vesa Jääskeläinenf8687fe2021-02-06 20:58:22 +0200[diff] [blame]3692
3693static void xtest_pkcs11_test_1016(ADBG_Case_t *c)
3694{
3695 CK_RV rv = CKR_GENERAL_ERROR;
3696 CK_SLOT_ID slot = 0;
3697 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3698 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3699 uint8_t buffer[64] = { 0 };
3700 size_t i = 0;
3701
3702 rv = init_lib_and_find_token_slot(&slot);
3703 if (!ADBG_EXPECT_CK_OK(c, rv))
3704 return;
3705
3706 rv = init_test_token(slot);
3707 if (!ADBG_EXPECT_CK_OK(c, rv))
3708 goto close_lib;
3709
3710 rv = init_user_test_token(slot);
3711 if (!ADBG_EXPECT_CK_OK(c, rv))
3712 goto close_lib;
3713
3714 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3715 if (!ADBG_EXPECT_CK_OK(c, rv))
3716 goto close_lib;
3717
3718 Do_ADBG_BeginSubCase(c, "Seed random bytes");
3719
3720 memset(buffer, 0xCC, sizeof(buffer));
3721
3722 rv = C_SeedRandom(session, buffer, sizeof(buffer));
3723 if (!ADBG_EXPECT_CK_OK(c, rv))
3724 goto out;
3725
3726 Do_ADBG_EndSubCase(c, NULL);
3727
3728 Do_ADBG_BeginSubCase(c, "Seed random bytes with zero length buffer");
3729
3730 rv = C_SeedRandom(session, buffer, 0);
3731 if (!ADBG_EXPECT_CK_OK(c, rv))
3732 goto out;
3733
3734 rv = C_SeedRandom(session, NULL, 0);
3735 if (!ADBG_EXPECT_CK_OK(c, rv))
3736 goto out;
3737
3738 Do_ADBG_EndSubCase(c, NULL);
3739
3740 Do_ADBG_BeginSubCase(c, "Generate random bytes");
3741
3742 memset(buffer, 0xCC, sizeof(buffer));
3743
3744 rv = C_GenerateRandom(session, buffer, 61);
3745 if (!ADBG_EXPECT_CK_OK(c, rv))
3746 goto out;
3747
3748 /* Verify that end of buffer is still 0xCC */
3749 for (i = 61; i < sizeof(buffer); i++)
3750 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, buffer[i], ==, 0xCC))
3751 break;
3752
3753 Do_ADBG_EndSubCase(c, NULL);
3754
3755 Do_ADBG_BeginSubCase(c, "Generate random bytes with zero length buffer");
3756
3757 memset(buffer, 0xCC, sizeof(buffer));
3758
3759 rv = C_GenerateRandom(session, buffer, 0);
3760 if (!ADBG_EXPECT_CK_OK(c, rv))
3761 goto out;
3762
3763 /* Verify that whole buffer is still 0xCC */
3764 for (i = 0; i < sizeof(buffer); i++)
3765 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, buffer[i], ==, 0xCC))
3766 break;
3767
3768 rv = C_GenerateRandom(session, NULL, 0);
3769 ADBG_EXPECT_CK_OK(c, rv);
3770
3771out:
3772 Do_ADBG_EndSubCase(c, NULL);
3773
3774 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
3775
3776close_lib:
3777 ADBG_EXPECT_CK_OK(c, close_lib());
3778}
3779ADBG_CASE_DEFINE(pkcs11, 1016, xtest_pkcs11_test_1016,
3780 "PKCS11: Random number generator tests");
Ruchika Gupta5f7717a2021-02-17 13:34:24 +0530[diff] [blame]3781
3782static CK_RV derive_sym_key(CK_SESSION_HANDLE session,
3783 CK_OBJECT_HANDLE parent_key,
3784 CK_MECHANISM_TYPE mechanism, size_t data_len,
3785 CK_OBJECT_HANDLE_PTR derv_key_hdl, size_t key_len,
3786 CK_OBJECT_CLASS key_class, CK_KEY_TYPE key_type,
3787 CK_BBOOL sensitive, CK_BBOOL extble)
3788{
3789 CK_RV rv = CKR_GENERAL_ERROR;
3790 uint8_t buffer[512] = { 0 };
3791 uint8_t iv[16] = { 0 };
3792 CK_MECHANISM mech_derive = { 0 };
3793 CK_KEY_DERIVATION_STRING_DATA key_derv_param = { 0 };
Victor Chonge3a876d2021-05-04 18:03:07 +0100[diff] [blame]3794 CK_AES_CBC_ENCRYPT_DATA_PARAMS aes_cbc_param = { };
Ruchika Gupta5f7717a2021-02-17 13:34:24 +0530[diff] [blame]3795 CK_ATTRIBUTE derived_key_template[] = {
3796 { CKA_CLASS, &key_class, sizeof(key_class) },
3797 { CKA_KEY_TYPE, &key_type, sizeof(key_type) },
3798 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3799 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3800 { CKA_SENSITIVE, &sensitive, sizeof(sensitive) },
3801 { CKA_EXTRACTABLE, &extble, sizeof(extble) },
3802 { CKA_VALUE_LEN, &key_len, sizeof(key_len) }
3803 };
3804
3805 if (data_len > sizeof(buffer))
3806 return rv;
3807
3808 switch (mechanism) {
3809 case CKM_AES_ECB_ENCRYPT_DATA:
3810 key_derv_param.pData = buffer;
3811 key_derv_param.ulLen = data_len;
3812 mech_derive.mechanism = mechanism;
3813 mech_derive.pParameter = &key_derv_param;
3814 mech_derive.ulParameterLen = sizeof(key_derv_param);
3815 break;
3816 case CKM_AES_CBC_ENCRYPT_DATA:
3817 memcpy(aes_cbc_param.iv, iv, 16);
3818 aes_cbc_param.pData = buffer;
3819 aes_cbc_param.length = data_len;
3820 mech_derive.mechanism = mechanism;
3821 mech_derive.pParameter = &aes_cbc_param;
3822 mech_derive.ulParameterLen = sizeof(aes_cbc_param);
3823 break;
3824 case CKM_AES_ECB:
3825 /* Not a derivation algorithm */
3826 mech_derive.mechanism = mechanism;
3827 mech_derive.pParameter = NULL;
3828 mech_derive.ulParameterLen = 0;
3829 break;
3830 default:
3831 return rv;
3832 }
3833
3834 /* Don't use VALUE_LEN parameter if key_len passed is 0 */
3835 if (key_len)
3836 rv = C_DeriveKey(session, &mech_derive, parent_key,
3837 derived_key_template,
3838 ARRAY_SIZE(derived_key_template),
3839 derv_key_hdl);
3840 else
3841 /* last attribute in template is the derived key size */
3842 rv = C_DeriveKey(session, &mech_derive, parent_key,
3843 derived_key_template,
3844 ARRAY_SIZE(derived_key_template) - 1,
3845 derv_key_hdl);
3846 return rv;
3847}
3848
3849static void xtest_pkcs11_test_1017(ADBG_Case_t *c)
3850{
3851 CK_RV rv = CKR_GENERAL_ERROR;
3852 CK_SLOT_ID slot = 0;
3853 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3854 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3855 CK_OBJECT_HANDLE derv_key_hdl = CK_INVALID_HANDLE;
3856 CK_OBJECT_HANDLE aes_key1 = CK_INVALID_HANDLE;
3857 CK_OBJECT_HANDLE aes_key2 = CK_INVALID_HANDLE;
3858 CK_OBJECT_HANDLE aes_key_enc = CK_INVALID_HANDLE;
3859 size_t data_len = 0;
3860 size_t key_len = 0;
3861 CK_BBOOL g_extract = CK_FALSE;
3862 CK_BBOOL g_sensitive = CK_FALSE;
3863 CK_BBOOL g_nextract = CK_FALSE;
3864 CK_BBOOL g_asensitive = CK_FALSE;
3865 CK_BBOOL g_local = CK_FALSE;
3866 CK_OBJECT_CLASS g_class = CKO_VENDOR_DEFINED;
3867 CK_KEY_TYPE g_key_type = CKK_VENDOR_DEFINED;
3868 uint8_t g_val[516] = { 0 };
3869 CK_ULONG secret_len = 0;
3870 CK_ATTRIBUTE get_template[] = {
3871 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
3872 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
3873 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
3874 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
3875 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
3876 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
3877 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
3878 { CKA_VALUE_LEN, &secret_len, sizeof(secret_len) },
3879 /*
3880 * CKA_VALUE should remain last attribute in template,
3881 * in this test case as we check the length returned
3882 * from last index of the get_template in this test.
3883 */
3884 { CKA_VALUE, g_val, sizeof(g_val) },
3885 };
3886 uint32_t idx = ARRAY_SIZE(get_template) - 1;
3887 CK_ATTRIBUTE parent_template1[] = {
3888 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3889 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3890 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3891 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3892 };
3893 CK_ATTRIBUTE parent_template2[] = {
3894 { CKA_SENSITIVE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3895 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3896 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3897 { CKA_ENCRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3898 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3899 };
3900 CK_ATTRIBUTE parent_template_wo_derive[] = {
3901 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3902 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3903 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3904 };
3905 CK_ATTRIBUTE parent_template_w_enc_der[] = {
3906 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3907 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3908 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3909 };
3910
3911 rv = init_lib_and_find_token_slot(&slot);
3912 if (!ADBG_EXPECT_CK_OK(c, rv))
3913 return;
3914
3915 rv = init_test_token(slot);
3916 if (!ADBG_EXPECT_CK_OK(c, rv))
3917 goto close_lib;
3918
3919 rv = init_user_test_token(slot);
3920 if (!ADBG_EXPECT_CK_OK(c, rv))
3921 goto close_lib;
3922
3923 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3924 if (!ADBG_EXPECT_CK_OK(c, rv))
3925 goto close_lib;
3926
3927 /*
3928 * Parent AES Key 1
3929 * SENSITIVE = TRUE, EXTRACTABLE = FALSE
3930 * ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
3931 */
3932 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
3933 parent_template1, ARRAY_SIZE(parent_template1),
3934 &aes_key1);
3935 if (!ADBG_EXPECT_CK_OK(c, rv))
3936 goto close_session;
3937
3938 /*
3939 * Parent AES Key 2
3940 * SENSITIVE = FALSE, EXTRACTABLE = TRUE
3941 * ALWAYS_SENSITIVE = FALSE, NEVER_EXTRACTABLE = FALSE
3942 */
3943 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
3944 parent_template2, ARRAY_SIZE(parent_template2),
3945 &aes_key2);
3946 if (!ADBG_EXPECT_CK_OK(c, rv))
3947 goto close_session;
3948
3949 Do_ADBG_BeginSubCase(c, "Derive Generic secret - AES-ECB Mechanism");
3950
3951 /*
3952 * Use AES key 1 as Parent key
3953 * 1. VALUE_LEN attribute not given in derivation template. Length
3954 * of key should be same as that of data length.
3955 * 2. Derivation template has SENSITIVE = TRUE, EXTRACTABLE = FALSE
3956 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
3957 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
3958 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
3959 * 3. LOCAL should be false
3960 */
3961 data_len = 512;
3962 key_len = 0;
3963 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
3964 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
3965 CKK_GENERIC_SECRET, CK_TRUE, CK_FALSE);
3966 if (!ADBG_EXPECT_CK_OK(c, rv))
3967 goto out;
3968
3969 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
3970 ARRAY_SIZE(get_template) - 1);
3971 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3972 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, data_len) ||
3973 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
3974 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==,
3975 CKK_GENERIC_SECRET) ||
3976 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
3977 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
3978 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
3979 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_TRUE) ||
3980 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE))
3981 goto out;
3982
3983 rv = C_DestroyObject(session, derv_key_hdl);
3984 if (!ADBG_EXPECT_CK_OK(c, rv))
3985 goto out;
3986
3987 Do_ADBG_EndSubCase(c, NULL);
3988
3989 Do_ADBG_BeginSubCase(c, "Derive AES key using AES-EBC");
3990
3991 /*
3992 * Use AES key 2 as Parent key
3993 * 1. VALUE_LEN < DATA_LEN, Derived key should have VALUE_LEN key size
3994 * 2. Derivation template has SENSITIVE = TRUE, EXTRACTABLE = FALSE
3995 * Parent key has ALWAYS_SENSITIVE = FALSE, NEVER_EXTRACTABLE = FALSE
3996 * So derived key, ALWAYS_SENSITIVE will be FALSE and
3997 * NEVER_EXTRACTABLE will be FALSE
3998 * 3. LOCAL should be false
3999 */
4000 data_len = 32;
4001 key_len = 16;
4002 rv = derive_sym_key(session, aes_key2, CKM_AES_ECB_ENCRYPT_DATA,
4003 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4004 CKK_AES, CK_TRUE, CK_FALSE);
4005 if (!ADBG_EXPECT_CK_OK(c, rv))
4006 goto out;
4007
4008 /* This being a SENSITIVE object, we can't get the VALUE */
4009 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4010 ARRAY_SIZE(get_template) - 1);
4011 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4012 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4013 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4014 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
4015 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4016 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
4017 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
4018 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4019 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
4020 goto out;
4021
4022 rv = C_DestroyObject(session, derv_key_hdl);
4023 if (!ADBG_EXPECT_CK_OK(c, rv))
4024 goto out;
4025
4026 Do_ADBG_EndSubCase(c, NULL);
4027
4028 Do_ADBG_BeginSubCase(c, "Derive AES key using AES-CBC");
4029
4030 /*
4031 * Use AES key 1 as Parent key
4032 * 1. VALUE_LEN = DATA_LEN, Derived key should have VALUE_LEN key size
4033 * 2. Derivation template has SENSITIVE = FALSE, EXTRACTABLE = FALSE
4034 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4035 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4036 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4037 * 3. LOCAL should be false
4038 */
4039 data_len = 32;
4040 key_len = 32;
4041 rv = derive_sym_key(session, aes_key1, CKM_AES_CBC_ENCRYPT_DATA,
4042 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4043 CKK_AES, CK_FALSE, CK_FALSE);
4044 if (!ADBG_EXPECT_CK_OK(c, rv))
4045 goto out;
4046
4047 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4048 ARRAY_SIZE(get_template) - 1);
4049 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4050 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4051 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4052 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
4053 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4054 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
4055 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
4056 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4057 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE))
4058 goto out;
4059
4060 rv = C_DestroyObject(session, derv_key_hdl);
4061 if (!ADBG_EXPECT_CK_OK(c, rv))
4062 goto out;
4063
4064 Do_ADBG_EndSubCase(c, NULL);
4065
4066 Do_ADBG_BeginSubCase(c, "Derive Generic secret key using AES-CBC");
4067 /*
4068 * Use AES key 2 as Parent key
4069 * 1. VALUE_LEN < DATA_LEN, Derived key should have VALUE_LEN key size
4070 * 2. Derivation template has SENSITIVE = FALSE, EXTRACTABLE = TRUE
4071 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4072 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4073 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4074 * 3. LOCAL should be false
4075 */
4076 data_len = 512;
4077 key_len = 256;
4078 rv = derive_sym_key(session, aes_key2, CKM_AES_CBC_ENCRYPT_DATA,
4079 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4080 CKK_GENERIC_SECRET, CK_FALSE, CK_TRUE);
4081 if (!ADBG_EXPECT_CK_OK(c, rv))
4082 goto out;
4083
4084 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4085 ARRAY_SIZE(get_template));
4086 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4087 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_template[idx].ulValueLen, ==,
4088 key_len) ||
4089 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4090 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4091 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==,
4092 CKK_GENERIC_SECRET) ||
4093 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4094 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
4095 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
4096 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4097 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
4098 goto out;
4099
4100 rv = C_DestroyObject(session, derv_key_hdl);
4101 if (!ADBG_EXPECT_CK_OK(c, rv))
4102 goto out;
4103
4104 Do_ADBG_EndSubCase(c, NULL);
4105
4106 Do_ADBG_BeginSubCase(c, "Invalid parameters during derivation");
4107
4108 /* Length of data used for derivation < key length */
4109 data_len = 16;
4110 key_len = 32;
4111 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4112 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4113 CKK_AES, CK_FALSE, CK_TRUE);
4114 if (!ADBG_EXPECT_CK_RESULT(c, CKR_DATA_LEN_RANGE, rv))
4115 goto out;
4116
4117 /* Data is not multiple of 16 */
4118 data_len = 18;
4119 key_len = 32;
4120 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4121 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4122 CKK_AES, CK_FALSE, CK_TRUE);
4123 if (!ADBG_EXPECT_CK_RESULT(c, CKR_DATA_LEN_RANGE, rv))
4124 goto out;
4125
4126 /* Wrong Mechanism */
4127 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB,
4128 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4129 CKK_AES, CK_FALSE, CK_TRUE);
4130 if (!ADBG_EXPECT_CK_RESULT(c, CKR_MECHANISM_INVALID, rv))
4131 goto out;
4132
4133 Do_ADBG_EndSubCase(c, NULL);
4134
4135 Do_ADBG_BeginSubCase(c, "Failure if operation already active");
4136
4137 /* Generate an AES key which can perform Encryption */
4138 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4139 parent_template_w_enc_der,
4140 ARRAY_SIZE(parent_template_w_enc_der),
4141 &aes_key_enc);
4142 if (!ADBG_EXPECT_CK_OK(c, rv))
4143 goto out;
4144
4145 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, aes_key_enc);
4146 if (!ADBG_EXPECT_CK_OK(c, rv))
4147 goto out;
4148
4149 data_len = 32;
4150 key_len = 32;
4151 rv = derive_sym_key(session, aes_key2, CKM_AES_ECB_ENCRYPT_DATA,
4152 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4153 CKK_AES, CK_FALSE, CK_TRUE);
4154 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_ACTIVE, rv))
4155 goto out;
4156
4157 rv = C_EncryptFinal(session, NULL, NULL);
4158 /* Only check that the operation is no more active */
4159 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
4160 goto out;
4161
4162 Do_ADBG_EndSubCase(c, NULL);
4163
4164 Do_ADBG_BeginSubCase(c, "Failure if parent key CKA_ENCRYPT is TRUE");
4165
4166 data_len = 32;
4167 key_len = 32;
4168 rv = derive_sym_key(session, aes_key_enc, CKM_AES_ECB_ENCRYPT_DATA,
4169 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4170 CKK_AES, CK_FALSE, CK_TRUE);
4171 /*
4172 * Not strictly expecting FUNCTION_FAILED but expecting a failure
4173 * as we have added a restriction that keys with attribute CKA_ENCRYPT
4174 * set can't be used for derivation.
4175 */
4176 if (!ADBG_EXPECT_CK_RESULT(c, CKR_FUNCTION_FAILED, rv))
4177 goto out;
4178
4179 Do_ADBG_EndSubCase(c, NULL);
4180
4181 Do_ADBG_BeginSubCase(c, "Failure if parent key CKA_DERIVE is FALSE");
4182
4183 rv = C_DestroyObject(session, aes_key1);
4184 if (!ADBG_EXPECT_CK_OK(c, rv))
4185 goto out;
4186
4187 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4188 parent_template_wo_derive,
4189 ARRAY_SIZE(parent_template_wo_derive),
4190 &aes_key1);
4191 if (!ADBG_EXPECT_CK_OK(c, rv))
4192 goto out;
4193
4194 data_len = 32;
4195 key_len = 32;
4196 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4197 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4198 CKK_AES, CK_FALSE, CK_TRUE);
4199 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_TYPE_INCONSISTENT, rv))
4200 goto out;
4201
4202out:
4203 Do_ADBG_EndSubCase(c, NULL);
4204
4205close_session:
4206 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
4207
4208close_lib:
4209 ADBG_EXPECT_CK_OK(c, close_lib());
4210}
4211ADBG_CASE_DEFINE(pkcs11, 1017, xtest_pkcs11_test_1017,
4212 "PKCS11: AES Key Derivation tests");
Vesa Jääskeläinenc95ee1e2021-03-06 12:20:12 +0200[diff] [blame]4213
4214/* Digest test patterns */
4215static const char digest_test_pattern[] = "The quick brown fox jumps over the lazy dog";
4216static const char digest_test_pattern_empty[] = "";
4217
4218/* MD5 checksums for digest test patterns */
4219static const uint8_t digest_test_pattern_md5[] = {
4220 0x9e, 0x10, 0x7d, 0x9d, 0x37, 0x2b, 0xb6, 0x82, 0x6b, 0xd8, 0x1d, 0x35,
4221 0x42, 0xa4, 0x19, 0xd6
4222};
4223static const uint8_t digest_test_pattern_empty_md5[] = {
4224 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, 0xe9, 0x80, 0x09, 0x98,
4225 0xec, 0xf8, 0x42, 0x7e
4226};
4227
4228/* SHA-1 checksums for digest test patterns */
4229static const uint8_t digest_test_pattern_sha1[] = {
4230 0x2f, 0xd4, 0xe1, 0xc6, 0x7a, 0x2d, 0x28, 0xfc, 0xed, 0x84, 0x9e, 0xe1,
4231 0xbb, 0x76, 0xe7, 0x39, 0x1b, 0x93, 0xeb, 0x12
4232};
4233static const uint8_t digest_test_pattern_empty_sha1[] = {
4234 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55, 0xbf, 0xef,
4235 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09
4236};
4237
4238/* SHA-224 checksums for digest test patterns */
4239static const uint8_t digest_test_pattern_sha224[] = {
4240 0x73, 0x0e, 0x10, 0x9b, 0xd7, 0xa8, 0xa3, 0x2b, 0x1c, 0xb9, 0xd9, 0xa0,
4241 0x9a, 0xa2, 0x32, 0x5d, 0x24, 0x30, 0x58, 0x7d, 0xdb, 0xc0, 0xc3, 0x8b,
4242 0xad, 0x91, 0x15, 0x25
4243};
4244static const uint8_t digest_test_pattern_empty_sha224[] = {
4245 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47, 0x61, 0x02, 0xbb,
4246 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
4247 0xc5, 0xb3, 0xe4, 0x2f
4248};
4249
4250/* SHA-256 checksums for digest test patterns */
4251static const uint8_t digest_test_pattern_sha256[] = {
4252 0xd7, 0xa8, 0xfb, 0xb3, 0x07, 0xd7, 0x80, 0x94, 0x69, 0xca, 0x9a, 0xbc,
4253 0xb0, 0x08, 0x2e, 0x4f, 0x8d, 0x56, 0x51, 0xe4, 0x6d, 0x3c, 0xdb, 0x76,
4254 0x2d, 0x02, 0xd0, 0xbf, 0x37, 0xc9, 0xe5, 0x92
4255};
4256static const uint8_t digest_test_pattern_empty_sha256[] = {
4257 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
4258 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
4259 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
4260};
4261
4262/* SHA-384 checksums for digest test patterns */
4263static const uint8_t digest_test_pattern_sha384[] = {
4264 0xca, 0x73, 0x7f, 0x10, 0x14, 0xa4, 0x8f, 0x4c, 0x0b, 0x6d, 0xd4, 0x3c,
4265 0xb1, 0x77, 0xb0, 0xaf, 0xd9, 0xe5, 0x16, 0x93, 0x67, 0x54, 0x4c, 0x49,
4266 0x40, 0x11, 0xe3, 0x31, 0x7d, 0xbf, 0x9a, 0x50, 0x9c, 0xb1, 0xe5, 0xdc,
4267 0x1e, 0x85, 0xa9, 0x41, 0xbb, 0xee, 0x3d, 0x7f, 0x2a, 0xfb, 0xc9, 0xb1
4268};
4269static const uint8_t digest_test_pattern_empty_sha384[] = {
4270 0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e,
4271 0xb1, 0xb1, 0xe3, 0x6a, 0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43,
4272 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, 0x27, 0x4e, 0xde, 0xbf,
4273 0xe7, 0x6f, 0x65, 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b
4274};
4275
4276/* SHA-512 checksums for digest test patterns */
4277static const uint8_t digest_test_pattern_sha512[] = {
4278 0x07, 0xe5, 0x47, 0xd9, 0x58, 0x6f, 0x6a, 0x73, 0xf7, 0x3f, 0xba, 0xc0,
4279 0x43, 0x5e, 0xd7, 0x69, 0x51, 0x21, 0x8f, 0xb7, 0xd0, 0xc8, 0xd7, 0x88,
4280 0xa3, 0x09, 0xd7, 0x85, 0x43, 0x6b, 0xbb, 0x64, 0x2e, 0x93, 0xa2, 0x52,
4281 0xa9, 0x54, 0xf2, 0x39, 0x12, 0x54, 0x7d, 0x1e, 0x8a, 0x3b, 0x5e, 0xd6,
4282 0xe1, 0xbf, 0xd7, 0x09, 0x78, 0x21, 0x23, 0x3f, 0xa0, 0x53, 0x8f, 0x3d,
4283 0xb8, 0x54, 0xfe, 0xe6
4284};
4285static const uint8_t digest_test_pattern_empty_sha512[] = {
4286 0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, 0xf1, 0x54, 0x28, 0x50,
4287 0xd6, 0x6d, 0x80, 0x07, 0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
4288 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, 0x47, 0xd0, 0xd1, 0x3c,
4289 0x5d, 0x85, 0xf2, 0xb0, 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
4290 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, 0xa5, 0x38, 0x32, 0x7a,
4291 0xf9, 0x27, 0xda, 0x3e
4292};
4293
4294#define DIGEST_TEST(_test_name, _mecha, _data, _digest) \
4295 { \
4296 .test_name = _test_name, \
4297 .mecha = _mecha, \
4298 .data = _data, \
4299 .data_size = sizeof(_data) - 1, \
4300 .digest = _digest, \
4301 .digest_size = sizeof(_digest) \
4302 }
4303
4304/* Digest simple test suite */
4305static struct {
4306 const char *test_name;
4307 CK_MECHANISM_TYPE mecha;
4308 const void *data;
4309 CK_ULONG data_size;
4310 const uint8_t *digest;
4311 CK_ULONG digest_size;
4312} digest_test_patterns[] = {
4313 DIGEST_TEST("CKM_MD5/empty", CKM_MD5, digest_test_pattern_empty,
4314 digest_test_pattern_empty_md5),
4315 DIGEST_TEST("CKM_MD5/test pattern", CKM_MD5, digest_test_pattern,
4316 digest_test_pattern_md5),
4317 DIGEST_TEST("CKM_SHA_1/empty", CKM_SHA_1, digest_test_pattern_empty,
4318 digest_test_pattern_empty_sha1),
4319 DIGEST_TEST("CKM_SHA_1/test pattern", CKM_SHA_1, digest_test_pattern,
4320 digest_test_pattern_sha1),
4321 DIGEST_TEST("CKM_SHA224/empty", CKM_SHA224, digest_test_pattern_empty,
4322 digest_test_pattern_empty_sha224),
4323 DIGEST_TEST("CKM_SHA224/test pattern", CKM_SHA224, digest_test_pattern,
4324 digest_test_pattern_sha224),
4325 DIGEST_TEST("CKM_SHA256/empty", CKM_SHA256, digest_test_pattern_empty,
4326 digest_test_pattern_empty_sha256),
4327 DIGEST_TEST("CKM_SHA256/test pattern", CKM_SHA256, digest_test_pattern,
4328 digest_test_pattern_sha256),
4329 DIGEST_TEST("CKM_SHA384/empty", CKM_SHA384, digest_test_pattern_empty,
4330 digest_test_pattern_empty_sha384),
4331 DIGEST_TEST("CKM_SHA384/test pattern", CKM_SHA384, digest_test_pattern,
4332 digest_test_pattern_sha384),
4333 DIGEST_TEST("CKM_SHA512/empty", CKM_SHA512, digest_test_pattern_empty,
4334 digest_test_pattern_empty_sha512),
4335 DIGEST_TEST("CKM_SHA512/test pattern", CKM_SHA512, digest_test_pattern,
4336 digest_test_pattern_sha512),
4337};
4338
4339static CK_ATTRIBUTE digest_generate_aes_object[] = {
4340 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
4341 sizeof(CK_OBJECT_CLASS) },
4342 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_AES }, sizeof(CK_KEY_TYPE) },
4343 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4344 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4345 { CKA_SENSITIVE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4346 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
4347 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
4348};
4349
4350static CK_ATTRIBUTE digest_generate_gensecret_object[] = {
4351 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
4352 sizeof(CK_OBJECT_CLASS) },
4353 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_GENERIC_SECRET },
4354 sizeof(CK_KEY_TYPE) },
4355 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4356 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4357 { CKA_SENSITIVE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4358 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]4359 { CKA_VALUE_LEN, &(CK_ULONG){ 32 }, sizeof(CK_ULONG) },
Vesa Jääskeläinenc95ee1e2021-03-06 12:20:12 +0200[diff] [blame]4360};
4361
4362static CK_ATTRIBUTE digest_data_object[] = {
4363 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_DATA },
4364 sizeof(CK_OBJECT_CLASS) },
4365 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4366 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4367};
4368
4369static void xtest_pkcs11_test_1018(ADBG_Case_t *c)
4370{
4371 CK_RV rv = CKR_GENERAL_ERROR;
4372 CK_SLOT_ID slot = 0;
4373 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
4374 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
4375 bool logged_in = false;
4376 uint8_t data[128] = { 0 };
4377 CK_ULONG data_size = 0;
4378 uint8_t digest[64] = { 0 };
4379 CK_ULONG digest_size = 0;
4380 const uint8_t *expect_digest = NULL;
4381 CK_ULONG expect_digest_size = 0;
4382 CK_MECHANISM mechanism = { CKM_MD5, NULL, 0 };
4383 uint8_t secret_data[128] = { 0 };
4384 CK_ULONG secret_data_size __maybe_unused = 0;
4385 CK_ATTRIBUTE digest_get_secret_value[] = {
4386 { CKA_VALUE, &secret_data, sizeof(secret_data) },
4387 };
4388 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
4389#ifdef OPENSSL_FOUND
4390 EVP_MD_CTX *mdctx = NULL;
4391 unsigned char hash[EVP_MAX_MD_SIZE] = { 0 };
4392 unsigned int md_len = 0;
4393 int ret = 0;
4394#endif
4395 size_t i = 0;
4396
4397 rv = init_lib_and_find_token_slot(&slot);
4398 if (!ADBG_EXPECT_CK_OK(c, rv))
4399 return;
4400
4401 rv = init_test_token(slot);
4402 if (!ADBG_EXPECT_CK_OK(c, rv))
4403 goto close_lib;
4404
4405 rv = init_user_test_token(slot);
4406 if (!ADBG_EXPECT_CK_OK(c, rv))
4407 goto close_lib;
4408
4409 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
4410 if (!ADBG_EXPECT_CK_OK(c, rv))
4411 goto close_lib;
4412
4413 /* Test out simple successful cases with init+update+final*/
4414 for (i = 0; i < ARRAY_SIZE(digest_test_patterns); i++) {
4415 Do_ADBG_BeginSubCase(c, "Simple digest tests - update - %s",
4416 digest_test_patterns[i].test_name);
4417
4418 mechanism.mechanism = digest_test_patterns[i].mecha;
4419 memset(data, 0xCC, sizeof(data));
4420 memset(digest, 0xCC, sizeof(digest));
4421 digest_size = sizeof(digest);
4422
4423 memcpy(data, digest_test_patterns[i].data,
4424 digest_test_patterns[i].data_size);
4425 data_size = digest_test_patterns[i].data_size;
4426
4427 expect_digest = digest_test_patterns[i].digest;
4428 expect_digest_size = digest_test_patterns[i].digest_size;
4429
4430 rv = C_DigestInit(session, &mechanism);
4431 if (!ADBG_EXPECT_CK_OK(c, rv))
4432 goto out;
4433
4434 rv = C_DigestUpdate(session, data, data_size);
4435 if (!ADBG_EXPECT_CK_OK(c, rv))
4436 goto out;
4437
4438 rv = C_DigestFinal(session, digest, &digest_size);
4439 if (!ADBG_EXPECT_CK_OK(c, rv))
4440 goto out;
4441
4442 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4443 digest, digest_size))
4444 goto out;
4445
4446 /* Verify that end of buffer is still 0xCC */
4447 for (i = expect_digest_size; i < sizeof(digest); i++)
4448 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest[i], ==,
4449 0xCC))
4450 goto out;
4451
4452 Do_ADBG_EndSubCase(c, NULL);
4453 }
4454
4455 /* Test out simple successful cases */
4456 for (i = 0; i < ARRAY_SIZE(digest_test_patterns); i++) {
4457 Do_ADBG_BeginSubCase(c, "Simple digest tests - oneshot - %s",
4458 digest_test_patterns[i].test_name);
4459
4460 mechanism.mechanism = digest_test_patterns[i].mecha;
4461 memset(data, 0xCC, sizeof(data));
4462 memset(digest, 0xCC, sizeof(digest));
4463 digest_size = sizeof(digest);
4464
4465 memcpy(data, digest_test_patterns[i].data,
4466 digest_test_patterns[i].data_size);
4467 data_size = digest_test_patterns[i].data_size;
4468
4469 expect_digest = digest_test_patterns[i].digest;
4470 expect_digest_size = digest_test_patterns[i].digest_size;
4471
4472 rv = C_DigestInit(session, &mechanism);
4473 if (!ADBG_EXPECT_CK_OK(c, rv))
4474 goto out;
4475
4476 rv = C_Digest(session, data, data_size, digest, &digest_size);
4477 if (!ADBG_EXPECT_CK_OK(c, rv))
4478 goto out;
4479
4480 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4481 digest, digest_size))
4482 goto out;
4483
4484 /* Verify that end of buffer is still 0xCC */
4485 for (i = expect_digest_size; i < sizeof(digest); i++)
4486 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest[i], ==,
4487 0xCC))
4488 goto out;
4489
4490 Do_ADBG_EndSubCase(c, NULL);
4491 }
4492
4493 /* Test out key updates */
4494
4495 Do_ADBG_BeginSubCase(c, "Simple digest tests - AES key update - SHA-256");
4496
4497 /* Login to Test Token */
4498 rv = C_Login(session, CKU_USER, test_token_user_pin,
4499 sizeof(test_token_user_pin));
4500 if (!ADBG_EXPECT_CK_OK(c, rv))
4501 goto out;
4502
4503 logged_in = true;
4504
4505 /* Generate AES key */
4506 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4507 digest_generate_aes_object,
4508 ARRAY_SIZE(digest_generate_aes_object),
4509 &key_handle);
4510 if (!ADBG_EXPECT_CK_OK(c, rv))
4511 goto out;
4512
4513 memset(secret_data, 0xCC, sizeof(data));
4514 digest_get_secret_value[0].ulValueLen = sizeof(secret_data);
4515
4516 /* Get value of generated secret for verification purposes */
4517 rv = C_GetAttributeValue(session, key_handle, digest_get_secret_value,
4518 ARRAY_SIZE(digest_get_secret_value));
4519 if (!ADBG_EXPECT_CK_OK(c, rv))
4520 goto out;
4521
4522 secret_data_size = digest_get_secret_value[0].ulValueLen;
4523
4524 /* Calculate digest with PKCS11 */
4525 mechanism.mechanism = CKM_SHA256;
4526
4527 memset(data, 0xCC, sizeof(data));
4528 memset(digest, 0xCC, sizeof(digest));
4529 digest_size = sizeof(digest);
4530
4531 memcpy(data, digest_test_patterns[0].data,
4532 digest_test_patterns[0].data_size);
4533 data_size = digest_test_patterns[0].data_size;
4534
4535 rv = C_DigestInit(session, &mechanism);
4536 if (!ADBG_EXPECT_CK_OK(c, rv))
4537 goto out;
4538
4539 rv = C_DigestUpdate(session, data, data_size);
4540 if (!ADBG_EXPECT_CK_OK(c, rv))
4541 goto out;
4542
4543 rv = C_DigestKey(session, key_handle);
4544 if (!ADBG_EXPECT_CK_OK(c, rv))
4545 goto out;
4546
4547 rv = C_DigestFinal(session, digest, &digest_size);
4548 if (!ADBG_EXPECT_CK_OK(c, rv))
4549 goto out;
4550
4551 /* Verify digest with openssl */
4552#ifdef OPENSSL_FOUND
4553 mdctx = EVP_MD_CTX_create();
4554 if (!ADBG_EXPECT_NOT_NULL(c, mdctx))
4555 goto out;
4556 ret = EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
4557 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4558 goto out;
4559 ret = EVP_DigestUpdate(mdctx, data, data_size);
4560 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4561 goto out;
4562 ret = EVP_DigestUpdate(mdctx, secret_data, secret_data_size);
4563 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4564 goto out;
4565 ret = EVP_DigestFinal_ex(mdctx, hash, &md_len);
4566 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4567 goto out;
4568 EVP_MD_CTX_destroy(mdctx);
4569 mdctx = NULL;
4570
4571 if (!ADBG_EXPECT_BUFFER(c, hash, md_len, digest, digest_size))
4572 goto out;
4573#else
4574 Do_ADBG_Log("OpenSSL not available, skipping C_DigestKey verification");
4575#endif
4576
4577 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4578 key_handle = CK_INVALID_HANDLE;
4579
4580 Do_ADBG_EndSubCase(c, NULL);
4581
4582 Do_ADBG_BeginSubCase(c, "Simple digest tests - generic secret key update - SHA-256");
4583
4584 /* Generate generic secret key */
4585 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
4586 digest_generate_gensecret_object,
4587 ARRAY_SIZE(digest_generate_gensecret_object),
4588 &key_handle);
4589 if (!ADBG_EXPECT_CK_OK(c, rv))
4590 goto out;
4591
4592 memset(secret_data, 0xCC, sizeof(data));
4593 digest_get_secret_value[0].ulValueLen = sizeof(secret_data);
4594
4595 /* Get value of generated secret for verification purposes */
4596 rv = C_GetAttributeValue(session, key_handle, digest_get_secret_value,
4597 ARRAY_SIZE(digest_get_secret_value));
4598 if (!ADBG_EXPECT_CK_OK(c, rv))
4599 goto out;
4600
4601 secret_data_size = digest_get_secret_value[0].ulValueLen;
4602
4603 /* Calculate digest with PKCS11 */
4604 mechanism.mechanism = CKM_SHA256;
4605
4606 memset(data, 0xCC, sizeof(data));
4607 memset(digest, 0xCC, sizeof(digest));
4608 digest_size = sizeof(digest);
4609
4610 memcpy(data, digest_test_patterns[0].data,
4611 digest_test_patterns[0].data_size);
4612 data_size = digest_test_patterns[0].data_size;
4613
4614 rv = C_DigestInit(session, &mechanism);
4615 if (!ADBG_EXPECT_CK_OK(c, rv))
4616 goto out;
4617
4618 rv = C_DigestUpdate(session, data, data_size);
4619 if (!ADBG_EXPECT_CK_OK(c, rv))
4620 goto out;
4621
4622 rv = C_DigestKey(session, key_handle);
4623 if (!ADBG_EXPECT_CK_OK(c, rv))
4624 goto out;
4625
4626 rv = C_DigestFinal(session, digest, &digest_size);
4627 if (!ADBG_EXPECT_CK_OK(c, rv))
4628 goto out;
4629
4630 /* Verify digest with openssl */
4631#ifdef OPENSSL_FOUND
4632 mdctx = EVP_MD_CTX_create();
4633 if (!ADBG_EXPECT_NOT_NULL(c, mdctx))
4634 goto out;
4635 ret = EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
4636 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4637 goto out;
4638 ret = EVP_DigestUpdate(mdctx, data, data_size);
4639 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4640 goto out;
4641 ret = EVP_DigestUpdate(mdctx, secret_data, secret_data_size);
4642 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4643 goto out;
4644 ret = EVP_DigestFinal_ex(mdctx, hash, &md_len);
4645 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4646 goto out;
4647 EVP_MD_CTX_destroy(mdctx);
4648 mdctx = NULL;
4649
4650 if (!ADBG_EXPECT_BUFFER(c, hash, md_len, digest, digest_size))
4651 goto out;
4652#else
4653 Do_ADBG_Log("OpenSSL not available, skipping C_DigestKey verification");
4654#endif
4655
4656 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4657 key_handle = CK_INVALID_HANDLE;
4658
4659 Do_ADBG_EndSubCase(c, NULL);
4660
4661 Do_ADBG_BeginSubCase(c, "Query digest size - C_DigestFinal");
4662
4663 mechanism.mechanism = digest_test_patterns[0].mecha;
4664
4665 memset(data, 0xCC, sizeof(data));
4666 memset(digest, 0xCC, sizeof(digest));
4667 digest_size = 0;
4668
4669 memcpy(data, digest_test_patterns[0].data,
4670 digest_test_patterns[0].data_size);
4671 data_size = digest_test_patterns[0].data_size;
4672
4673 expect_digest = digest_test_patterns[0].digest;
4674 expect_digest_size = digest_test_patterns[0].digest_size;
4675
4676 rv = C_DigestInit(session, &mechanism);
4677 if (!ADBG_EXPECT_CK_OK(c, rv))
4678 goto out;
4679
4680 rv = C_DigestUpdate(session, data, data_size);
4681 if (!ADBG_EXPECT_CK_OK(c, rv))
4682 goto out;
4683
4684 rv = C_DigestFinal(session, NULL, &digest_size);
4685 if (!ADBG_EXPECT_CK_OK(c, rv))
4686 goto out;
4687
4688 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==,
4689 expect_digest_size))
4690 goto out;
4691
4692 rv = C_DigestFinal(session, digest, &digest_size);
4693 if (!ADBG_EXPECT_CK_OK(c, rv))
4694 goto out;
4695
4696 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4697 digest, digest_size))
4698 goto out;
4699
4700 Do_ADBG_EndSubCase(c, NULL);
4701
4702 Do_ADBG_BeginSubCase(c, "Query digest size - C_Digest");
4703
4704 mechanism.mechanism = digest_test_patterns[0].mecha;
4705
4706 memset(data, 0xCC, sizeof(data));
4707 memset(digest, 0xCC, sizeof(digest));
4708 digest_size = 0;
4709
4710 memcpy(data, digest_test_patterns[0].data,
4711 digest_test_patterns[0].data_size);
4712 data_size = digest_test_patterns[0].data_size;
4713
4714 expect_digest = digest_test_patterns[0].digest;
4715 expect_digest_size = digest_test_patterns[0].digest_size;
4716
4717 rv = C_DigestInit(session, &mechanism);
4718 if (!ADBG_EXPECT_CK_OK(c, rv))
4719 goto out;
4720
4721 rv = C_Digest(session, data, data_size, NULL, &digest_size);
4722 if (!ADBG_EXPECT_CK_OK(c, rv))
4723 goto out;
4724
4725 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==,
4726 expect_digest_size))
4727 goto out;
4728
4729 rv = C_Digest(session, data, data_size, digest, &digest_size);
4730 if (!ADBG_EXPECT_CK_OK(c, rv))
4731 goto out;
4732
4733 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4734 digest, digest_size))
4735 goto out;
4736
4737 Do_ADBG_EndSubCase(c, NULL);
4738
4739 Do_ADBG_BeginSubCase(c, "Query digest size - buffer too small");
4740
4741 mechanism.mechanism = CKM_SHA256;
4742
4743 memset(data, 0xCC, sizeof(data));
4744 memset(digest, 0xCC, sizeof(digest));
4745 digest_size = 0;
4746
4747 memcpy(data, digest_test_patterns[0].data,
4748 digest_test_patterns[0].data_size);
4749 data_size = digest_test_patterns[0].data_size;
4750
4751 rv = C_DigestInit(session, &mechanism);
4752 if (!ADBG_EXPECT_CK_OK(c, rv))
4753 goto out;
4754
4755 rv = C_DigestUpdate(session, data, data_size);
4756 if (!ADBG_EXPECT_CK_OK(c, rv))
4757 goto out;
4758
4759 rv = C_DigestFinal(session, digest, &digest_size);
4760 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
4761 goto out;
4762
4763 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==, 32))
4764 goto out;
4765
4766 rv = C_DigestFinal(session, digest, &digest_size);
4767 if (!ADBG_EXPECT_CK_OK(c, rv))
4768 goto out;
4769
4770 Do_ADBG_EndSubCase(c, NULL);
4771
4772 /* Test bad arguments & operation terminations */
4773
4774 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestUpdate");
4775
4776 mechanism.mechanism = CKM_SHA256;
4777
4778 memset(data, 0xCC, sizeof(data));
4779 memset(digest, 0xCC, sizeof(digest));
4780 digest_size = sizeof(digest);
4781
4782 memcpy(data, digest_test_patterns[0].data,
4783 digest_test_patterns[0].data_size);
4784 data_size = digest_test_patterns[0].data_size;
4785
4786 rv = C_DigestInit(session, &mechanism);
4787 if (!ADBG_EXPECT_CK_OK(c, rv))
4788 goto out;
4789
4790 rv = C_DigestUpdate(session, NULL, 10);
4791 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4792 goto out;
4793
4794 rv = C_DigestUpdate(session, data, data_size);
4795 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4796 goto out;
4797
4798 Do_ADBG_EndSubCase(c, NULL);
4799
4800 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with NULL digest");
4801
4802 mechanism.mechanism = CKM_SHA256;
4803
4804 memset(data, 0xCC, sizeof(data));
4805 memset(digest, 0xCC, sizeof(digest));
4806 digest_size = sizeof(digest);
4807
4808 memcpy(data, digest_test_patterns[0].data,
4809 digest_test_patterns[0].data_size);
4810 data_size = digest_test_patterns[0].data_size;
4811
4812 rv = C_DigestInit(session, &mechanism);
4813 if (!ADBG_EXPECT_CK_OK(c, rv))
4814 goto out;
4815
4816 rv = C_DigestUpdate(session, data, data_size);
4817 if (!ADBG_EXPECT_CK_OK(c, rv))
4818 goto out;
4819
4820 rv = C_DigestFinal(session, NULL, NULL);
4821 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4822 goto out;
4823
4824 rv = C_DigestFinal(session, digest, &digest_size);
4825 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4826 goto out;
4827
4828 Do_ADBG_EndSubCase(c, NULL);
4829
4830 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with digest but NULL size");
4831
4832 mechanism.mechanism = CKM_SHA256;
4833
4834 memset(data, 0xCC, sizeof(data));
4835 memset(digest, 0xCC, sizeof(digest));
4836 digest_size = sizeof(digest);
4837
4838 memcpy(data, digest_test_patterns[0].data,
4839 digest_test_patterns[0].data_size);
4840 data_size = digest_test_patterns[0].data_size;
4841
4842 rv = C_DigestInit(session, &mechanism);
4843 if (!ADBG_EXPECT_CK_OK(c, rv))
4844 goto out;
4845
4846 rv = C_DigestUpdate(session, data, data_size);
4847 if (!ADBG_EXPECT_CK_OK(c, rv))
4848 goto out;
4849
4850 rv = C_DigestFinal(session, digest, NULL);
4851 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4852 goto out;
4853
4854 rv = C_DigestFinal(session, digest, &digest_size);
4855 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4856 goto out;
4857
4858 Do_ADBG_EndSubCase(c, NULL);
4859
4860 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_Digest with NULL data but non-zero size");
4861
4862 mechanism.mechanism = CKM_SHA256;
4863
4864 memset(data, 0xCC, sizeof(data));
4865 memset(digest, 0xCC, sizeof(digest));
4866 digest_size = sizeof(digest);
4867
4868 memcpy(data, digest_test_patterns[0].data,
4869 digest_test_patterns[0].data_size);
4870 data_size = digest_test_patterns[0].data_size;
4871
4872 rv = C_DigestInit(session, &mechanism);
4873 if (!ADBG_EXPECT_CK_OK(c, rv))
4874 goto out;
4875
4876 rv = C_Digest(session, NULL, 10, digest, &digest_size);
4877 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4878 goto out;
4879
4880 rv = C_Digest(session, data, data_size, digest, &digest_size);
4881 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4882 goto out;
4883
4884 Do_ADBG_EndSubCase(c, NULL);
4885
4886 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_Digest with NULL digest");
4887
4888 mechanism.mechanism = CKM_SHA256;
4889
4890 memset(data, 0xCC, sizeof(data));
4891 memset(digest, 0xCC, sizeof(digest));
4892 digest_size = sizeof(digest);
4893
4894 memcpy(data, digest_test_patterns[0].data,
4895 digest_test_patterns[0].data_size);
4896 data_size = digest_test_patterns[0].data_size;
4897
4898 rv = C_DigestInit(session, &mechanism);
4899 if (!ADBG_EXPECT_CK_OK(c, rv))
4900 goto out;
4901
4902 rv = C_Digest(session, data, data_size, NULL, NULL);
4903 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4904 goto out;
4905
4906 rv = C_Digest(session, data, data_size, digest, &digest_size);
4907 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4908 goto out;
4909
4910 Do_ADBG_EndSubCase(c, NULL);
4911
4912 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with digest but NULL size");
4913
4914 mechanism.mechanism = CKM_SHA256;
4915
4916 memset(data, 0xCC, sizeof(data));
4917 memset(digest, 0xCC, sizeof(digest));
4918 digest_size = sizeof(digest);
4919
4920 memcpy(data, digest_test_patterns[0].data,
4921 digest_test_patterns[0].data_size);
4922 data_size = digest_test_patterns[0].data_size;
4923
4924 rv = C_DigestInit(session, &mechanism);
4925 if (!ADBG_EXPECT_CK_OK(c, rv))
4926 goto out;
4927
4928 rv = C_Digest(session, data, data_size, digest, NULL);
4929 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4930 goto out;
4931
4932 rv = C_Digest(session, data, data_size, digest, &digest_size);
4933 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4934 goto out;
4935
4936 Do_ADBG_EndSubCase(c, NULL);
4937
4938 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestKey with invalid key handle");
4939
4940 rv = C_CreateObject(session, digest_data_object,
4941 ARRAY_SIZE(digest_data_object), &key_handle);
4942 if (!ADBG_EXPECT_CK_OK(c, rv))
4943 goto out;
4944
4945 mechanism.mechanism = CKM_SHA256;
4946
4947 memset(data, 0xCC, sizeof(data));
4948 memset(digest, 0xCC, sizeof(digest));
4949 digest_size = sizeof(digest);
4950
4951 memcpy(data, digest_test_patterns[0].data,
4952 digest_test_patterns[0].data_size);
4953 data_size = digest_test_patterns[0].data_size;
4954
4955 rv = C_DigestInit(session, &mechanism);
4956 if (!ADBG_EXPECT_CK_OK(c, rv))
4957 goto out;
4958
4959 rv = C_DigestKey(session, 9999);
4960 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_HANDLE_INVALID, rv))
4961 goto out;
4962
4963 rv = C_DigestKey(session, key_handle);
4964 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4965 goto out;
4966
4967 Do_ADBG_EndSubCase(c, NULL);
4968
4969 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestKey with non-secret key type");
4970
4971 mechanism.mechanism = CKM_SHA256;
4972
4973 memset(data, 0xCC, sizeof(data));
4974 memset(digest, 0xCC, sizeof(digest));
4975 digest_size = sizeof(digest);
4976
4977 memcpy(data, digest_test_patterns[0].data,
4978 digest_test_patterns[0].data_size);
4979 data_size = digest_test_patterns[0].data_size;
4980
4981 rv = C_DigestInit(session, &mechanism);
4982 if (!ADBG_EXPECT_CK_OK(c, rv))
4983 goto out;
4984
4985 rv = C_DigestKey(session, key_handle);
4986 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_INDIGESTIBLE, rv))
4987 goto out;
4988
4989 rv = C_DigestKey(session, key_handle);
4990 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4991 goto out;
4992
4993 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4994 key_handle = CK_INVALID_HANDLE;
4995
4996out:
4997#ifdef OPENSSL_FOUND
4998 if (!ADBG_EXPECT_POINTER(c, NULL, mdctx)) {
4999 Do_ADBG_Log("Unexpected failure in openssl functions: %d",
5000 ret);
5001 EVP_MD_CTX_destroy(mdctx);
5002 }
5003#endif
5004
5005 Do_ADBG_EndSubCase(c, NULL);
5006
5007 if (logged_in)
5008 ADBG_EXPECT_CK_OK(c, C_Logout(session));
5009
5010 if (key_handle != CK_INVALID_HANDLE) {
5011 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
5012 key_handle = CK_INVALID_HANDLE;
5013 }
5014
5015 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
5016
5017close_lib:
5018 ADBG_EXPECT_CK_OK(c, close_lib());
5019}
5020ADBG_CASE_DEFINE(pkcs11, 1018, xtest_pkcs11_test_1018,
5021 "PKCS11: Digest tests");
Vesa Jääskeläinena4ab9572021-04-07 12:50:06 +0300[diff] [blame]5022
5023/**
5024 * 0:d=0 hl=2 l= 22 cons: SEQUENCE
5025 * 2:d=1 hl=2 l= 20 cons: SET
5026 * 4:d=2 hl=2 l= 18 cons: SEQUENCE
5027 * 6:d=3 hl=2 l= 3 prim: OBJECT :commonName
5028 * 11:d=3 hl=2 l= 11 prim: UTF8STRING :common name
5029 */
5030static uint8_t subject_common_name[] = {
5031 0x30, 0x16, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
5032 0x0b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x20, 0x6e, 0x61, 0x6d, 0x65
5033};
5034
5035/**
5036 * 0:d=0 hl=2 l= 8 prim: OBJECT :prime256v1
5037 */
5038static uint8_t ecdsa_nist_p256[] = {
5039 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03,
5040 0x01, 0x07
5041};
5042
5043/**
5044 * 0:d=0 hl=2 l= 5 prim: OBJECT :secp384r1
5045 */
5046static uint8_t ecdsa_nist_p384[] = {
5047 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22
5048};
5049
5050/**
5051 * 0:d=0 hl=2 l= 5 prim: OBJECT :secp521r1
5052 */
5053static uint8_t ecdsa_nist_p521[] = {
5054 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23
5055};
5056
5057#define EC_SIGN_TEST(_test_name, _mecha, _data) \
5058 { \
5059 .test_name = _test_name, \
5060 .mecha = _mecha, \
5061 .data = _data, \
5062 .data_size = sizeof(_data) - 1, \
5063 }
5064
5065/* List of elliptic curve signing multi stage digest mechas */
5066static struct {
5067 const char *test_name;
5068 CK_MECHANISM_TYPE mecha;
5069 const void *data;
5070 CK_ULONG data_size;
5071} ec_sign_tests[] = {
5072 EC_SIGN_TEST("CKM_ECDSA_SHA1", CKM_ECDSA_SHA1, digest_test_pattern),
5073 EC_SIGN_TEST("CKM_ECDSA_SHA224", CKM_ECDSA_SHA224, digest_test_pattern),
5074 EC_SIGN_TEST("CKM_ECDSA_SHA256", CKM_ECDSA_SHA256, digest_test_pattern),
5075 EC_SIGN_TEST("CKM_ECDSA_SHA384", CKM_ECDSA_SHA384, digest_test_pattern),
5076 EC_SIGN_TEST("CKM_ECDSA_SHA512", CKM_ECDSA_SHA512, digest_test_pattern),
5077};
5078
5079static int test_ec_operations(ADBG_Case_t *c, CK_SESSION_HANDLE session,
5080 const char *curve_name, uint8_t *curve,
5081 size_t curve_size)
5082{
5083 CK_RV rv = CKR_GENERAL_ERROR;
5084
5085 CK_OBJECT_HANDLE public_key = CK_INVALID_HANDLE;
5086 CK_OBJECT_HANDLE private_key = CK_INVALID_HANDLE;
5087
5088 CK_MECHANISM mechanism = {
5089 CKM_EC_KEY_PAIR_GEN, NULL, 0
5090 };
5091 CK_MECHANISM sign_mechanism = {
5092 CKM_ECDSA, NULL, 0
5093 };
5094 CK_BYTE id[] = { 123 };
5095
5096 CK_ATTRIBUTE public_key_template[] = {
5097 { CKA_ENCRYPT, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5098 { CKA_VERIFY, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5099 { CKA_WRAP, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5100 { CKA_EC_PARAMS, ecdsa_nist_p256, sizeof(ecdsa_nist_p256) }
5101 };
5102
5103 CK_ATTRIBUTE private_key_template[] = {
5104 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5105 { CKA_PRIVATE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5106 { CKA_SUBJECT, subject_common_name,
5107 sizeof(subject_common_name) },
5108 { CKA_ID, id, sizeof(id) },
5109 { CKA_SENSITIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5110 { CKA_DECRYPT, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5111 { CKA_SIGN, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5112 { CKA_UNWRAP, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) }
5113 };
5114
5115 CK_OBJECT_CLASS g_class = 0;
5116 CK_KEY_TYPE g_key_type = 0;
5117 CK_BYTE g_id[32] = { 0 };
5118 CK_DATE g_start_date = { 0 };
5119 CK_DATE g_end_date = { 0 };
5120 CK_BBOOL g_derive = CK_FALSE;
5121 CK_BBOOL g_local = CK_FALSE;
5122 CK_MECHANISM_TYPE g_keygen_mecha = 0;
5123 CK_BYTE g_subject[64] = { 0 };
5124 CK_BBOOL g_encrypt = CK_FALSE;
5125 CK_BBOOL g_verify = CK_FALSE;
5126 CK_BBOOL g_verify_recover = CK_FALSE;
5127 CK_BBOOL g_wrap = CK_FALSE;
5128 CK_BBOOL g_trusted = CK_FALSE;
5129 CK_BYTE g_public_key_info[1024] = { 0 };
5130 CK_BBOOL g_sensitive = CK_FALSE;
5131 CK_BBOOL g_decrypt = CK_FALSE;
5132 CK_BBOOL g_sign = CK_FALSE;
5133 CK_BBOOL g_sign_recover = CK_FALSE;
5134 CK_BBOOL g_unwrap = CK_FALSE;
5135 CK_BBOOL g_extract = CK_FALSE;
5136 CK_BBOOL g_asensitive = CK_FALSE;
5137 CK_BBOOL g_nextract = CK_FALSE;
5138 CK_BBOOL g_wrap_with_trusted = CK_FALSE;
5139 CK_BBOOL g_always_authenticate = CK_FALSE;
5140
5141 CK_ATTRIBUTE get_public_template[] = {
5142 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
5143 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
5144 { CKA_ID, g_id, sizeof(g_id) },
5145 { CKA_START_DATE, &g_start_date, sizeof(CK_DATE) },
5146 { CKA_END_DATE, &g_end_date, sizeof(CK_DATE) },
5147 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
5148 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
5149 { CKA_KEY_GEN_MECHANISM, &g_keygen_mecha, sizeof(CK_MECHANISM_TYPE) },
5150 { CKA_SUBJECT, g_subject, sizeof(g_subject) },
5151 { CKA_ENCRYPT, &g_encrypt, sizeof(CK_BBOOL) },
5152 { CKA_VERIFY, &g_verify, sizeof(CK_BBOOL) },
5153 { CKA_VERIFY_RECOVER, &g_verify_recover, sizeof(CK_BBOOL) },
5154 { CKA_WRAP, &g_wrap, sizeof(CK_BBOOL) },
5155 { CKA_TRUSTED, &g_trusted, sizeof(CK_BBOOL) },
5156 { CKA_PUBLIC_KEY_INFO, g_public_key_info, sizeof(g_public_key_info) },
5157 };
5158
5159 CK_ATTRIBUTE get_private_template[] = {
5160 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
5161 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
5162 { CKA_ID, g_id, sizeof(g_id) },
5163 { CKA_START_DATE, &g_start_date, sizeof(CK_DATE) },
5164 { CKA_END_DATE, &g_end_date, sizeof(CK_DATE) },
5165 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
5166 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
5167 { CKA_KEY_GEN_MECHANISM, &g_keygen_mecha, sizeof(CK_MECHANISM_TYPE) },
5168 { CKA_SUBJECT, g_subject, sizeof(g_subject) },
5169 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
5170 { CKA_DECRYPT, &g_decrypt, sizeof(CK_BBOOL) },
5171 { CKA_SIGN, &g_sign, sizeof(CK_BBOOL) },
5172 { CKA_SIGN_RECOVER, &g_sign_recover, sizeof(CK_BBOOL) },
5173 { CKA_UNWRAP, &g_unwrap, sizeof(CK_BBOOL) },
5174 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
5175 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
5176 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
5177 { CKA_WRAP_WITH_TRUSTED, &g_wrap_with_trusted, sizeof(CK_BBOOL) },
5178 { CKA_ALWAYS_AUTHENTICATE, &g_always_authenticate, sizeof(CK_BBOOL) },
5179 { CKA_PUBLIC_KEY_INFO, g_public_key_info, sizeof(g_public_key_info) },
5180 };
5181
5182 uint8_t signature[512] = { 0 };
5183 CK_ULONG signature_len = 0;
5184
5185 size_t i = 0;
5186
5187 Do_ADBG_BeginSubCase(c, "%s: Generate key pair",
5188 curve_name);
5189
5190 public_key_template[3].pValue = curve;
5191 public_key_template[3].ulValueLen = curve_size;
5192
5193 rv = C_GenerateKeyPair(session, &mechanism, public_key_template,
5194 ARRAY_SIZE(public_key_template),
5195 private_key_template,
5196 ARRAY_SIZE(private_key_template),
5197 &public_key, &private_key);
5198 if (!ADBG_EXPECT_CK_OK(c, rv))
5199 goto err;
5200
5201 /* reset get public key template */
5202 memset(g_id, 0, sizeof(g_id));
5203 memset(g_subject, 0, sizeof(g_subject));
5204 memset(g_public_key_info, 0, sizeof(g_public_key_info));
5205 get_public_template[2].ulValueLen = sizeof(g_id);
5206 get_public_template[8].ulValueLen = sizeof(g_subject);
5207 get_public_template[14].ulValueLen = sizeof(g_public_key_info);
5208
5209 rv = C_GetAttributeValue(session, public_key, get_public_template,
5210 ARRAY_SIZE(get_public_template));
5211 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5212 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_PUBLIC_KEY) ||
5213 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_EC) ||
5214 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
5215 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
5216 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_keygen_mecha, ==,
5217 CKM_EC_KEY_PAIR_GEN) ||
5218 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_FALSE) ||
5219 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_TRUE) ||
5220 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify_recover, ==, CK_FALSE) ||
5221 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_FALSE) ||
5222 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_trusted, ==, CK_FALSE))
5223 goto err_destr_obj;
5224
5225 /* reset get private key template */
5226 memset(g_id, 0, sizeof(g_id));
5227 memset(g_subject, 0, sizeof(g_subject));
5228 memset(g_public_key_info, 0, sizeof(g_public_key_info));
5229 get_private_template[2].ulValueLen = sizeof(g_id);
5230 get_private_template[8].ulValueLen = sizeof(g_subject);
5231 get_private_template[19].ulValueLen = sizeof(g_public_key_info);
5232
5233 rv = C_GetAttributeValue(session, private_key, get_private_template,
5234 ARRAY_SIZE(get_private_template));
5235 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5236 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_PRIVATE_KEY) ||
5237 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_EC) ||
5238 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
5239 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
5240 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_keygen_mecha, ==,
5241 CKM_EC_KEY_PAIR_GEN) ||
5242 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
5243 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_FALSE) ||
5244 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_TRUE) ||
5245 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign_recover, ==, CK_FALSE) ||
5246 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_FALSE) ||
5247 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
5248 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_TRUE) ||
5249 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE) ||
5250 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap_with_trusted, ==, CK_FALSE) ||
5251 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_always_authenticate, ==, CK_FALSE))
5252 goto err_destr_obj;
5253
5254 Do_ADBG_EndSubCase(c, NULL);
5255
5256 Do_ADBG_BeginSubCase(c,
5257 "%s: Sign & verify tests - oneshot - CKM_ECDSA",
5258 curve_name);
5259
5260 sign_mechanism.mechanism = CKM_ECDSA;
5261 memset(signature, 0, sizeof(signature));
5262 signature_len = sizeof(signature);
5263
5264 rv = C_SignInit(session, &sign_mechanism, private_key);
5265 if (!ADBG_EXPECT_CK_OK(c, rv))
5266 goto err_destr_obj;
5267
5268 rv = C_Sign(session, (void *)digest_test_pattern_sha256,
5269 sizeof(digest_test_pattern_sha256), (void *)signature,
5270 &signature_len);
5271 if (!ADBG_EXPECT_CK_OK(c, rv))
5272 goto err_destr_obj;
5273
5274 rv = C_VerifyInit(session, &sign_mechanism, public_key);
5275 if (!ADBG_EXPECT_CK_OK(c, rv))
5276 goto err_destr_obj;
5277
5278 rv = C_Verify(session, (void *)digest_test_pattern_sha256,
5279 sizeof(digest_test_pattern_sha256), (void *)signature,
5280 signature_len);
5281 if (!ADBG_EXPECT_CK_OK(c, rv))
5282 goto err_destr_obj;
5283
5284 Do_ADBG_EndSubCase(c, NULL);
5285
5286 for (i = 0; i < ARRAY_SIZE(ec_sign_tests); i++) {
5287 Do_ADBG_BeginSubCase(c, "%s: Sign & verify - oneshot - %s",
5288 curve_name, ec_sign_tests[i].test_name);
5289
5290 sign_mechanism.mechanism = ec_sign_tests[i].mecha;
5291 memset(signature, 0, sizeof(signature));
5292 signature_len = sizeof(signature);
5293
5294 rv = C_SignInit(session, &sign_mechanism, private_key);
5295 if (!ADBG_EXPECT_CK_OK(c, rv))
5296 goto err_destr_obj;
5297
5298 rv = C_Sign(session, (void *)ec_sign_tests[i].data,
5299 ec_sign_tests[i].data_size,
5300 (void *)signature, &signature_len);
5301 if (!ADBG_EXPECT_CK_OK(c, rv))
5302 goto err_destr_obj;
5303
5304 rv = C_VerifyInit(session, &sign_mechanism, public_key);
5305 if (!ADBG_EXPECT_CK_OK(c, rv))
5306 goto err_destr_obj;
5307
5308 rv = C_Verify(session, (void *)ec_sign_tests[i].data,
5309 ec_sign_tests[i].data_size,
5310 (void *)signature, signature_len);
5311 if (!ADBG_EXPECT_CK_OK(c, rv))
5312 goto err_destr_obj;
5313
5314 Do_ADBG_EndSubCase(c, NULL);
5315 }
5316
5317 Do_ADBG_BeginSubCase(c, "%s: Destroy keys", curve_name);
5318
5319 rv = C_DestroyObject(session, private_key);
5320 if (!ADBG_EXPECT_CK_OK(c, rv))
5321 goto err_destr_obj;
5322
5323 rv = C_DestroyObject(session, public_key);
5324 if (!ADBG_EXPECT_CK_OK(c, rv))
5325 goto err;
5326
5327 Do_ADBG_EndSubCase(c, NULL);
5328
5329 return 1;
5330
5331err_destr_obj:
5332 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, private_key));
5333 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, public_key));
5334err:
5335 Do_ADBG_EndSubCase(c, NULL);
5336
5337 return 0;
5338}
5339
5340static void xtest_pkcs11_test_1019(ADBG_Case_t *c)
5341{
5342 CK_RV rv = CKR_GENERAL_ERROR;
5343 CK_SLOT_ID slot = 0;
5344 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
5345 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
5346 int ret = 0;
5347
5348 rv = init_lib_and_find_token_slot(&slot);
5349 if (!ADBG_EXPECT_CK_OK(c, rv))
5350 return;
5351
5352 rv = init_test_token(slot);
5353 if (!ADBG_EXPECT_CK_OK(c, rv))
5354 goto close_lib;
5355
5356 rv = init_user_test_token(slot);
5357 if (!ADBG_EXPECT_CK_OK(c, rv))
5358 goto close_lib;
5359
5360 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
5361 if (!ADBG_EXPECT_CK_OK(c, rv))
5362 goto close_lib;
5363
5364 /* Login to Test Token */
5365 rv = C_Login(session, CKU_USER, test_token_user_pin,
5366 sizeof(test_token_user_pin));
5367 if (!ADBG_EXPECT_CK_OK(c, rv))
5368 goto out;
5369
5370 ret = test_ec_operations(c, session, "P-256", ecdsa_nist_p256,
5371 sizeof(ecdsa_nist_p256));
5372 if (!ret)
5373 goto out;
5374 ret = test_ec_operations(c, session, "P-384", ecdsa_nist_p384,
5375 sizeof(ecdsa_nist_p384));
5376 if (!ret)
5377 goto out;
5378
5379 if (level > 0) {
5380 ret = test_ec_operations(c, session, "P-521", ecdsa_nist_p521,
5381 sizeof(ecdsa_nist_p521));
5382 if (!ret)
5383 goto out;
5384 }
5385out:
5386 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
5387close_lib:
5388 ADBG_EXPECT_CK_OK(c, close_lib());
5389}
5390ADBG_CASE_DEFINE(pkcs11, 1019, xtest_pkcs11_test_1019,
5391 "PKCS11: Elliptic Curve key generation and signing");