TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / c95ee1edebfce7407e221b60911e71f27c0dc85b / . / host / xtest / pkcs11_1000.c
blob: 22092f971ccd892b0d76a3900c54be1d9acc5b0a [file] [log] [blame]
Etienne Carriere9b7b70d2020-05-16 10:27:23 +0200[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]2/*
3 * Copyright (c) 2018, Linaro Limited
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]4 */
5
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]6#include <ck_debug.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]7#include <inttypes.h>
Vesa Jääskeläinenc95ee1e2021-03-06 12:20:12 +0200[diff] [blame^]8#ifdef OPENSSL_FOUND
9#include <openssl/evp.h>
10#endif
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]11#include <pkcs11.h>
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]12#include <stdio.h>
13#include <stdlib.h>
14#include <string.h>
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]15#include <util.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]16
17#include "xtest_test.h"
18#include "xtest_helpers.h"
19
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]20#include <regression_4000_data.h>
21
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]22/*
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]23 * Some PKCS#11 object resources used in the tests
24 */
25static const CK_BYTE cktest_aes128_key[16];
26
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]27static const CK_BYTE cktest_aes128_iv[16];
28
29static const CK_AES_CTR_PARAMS cktest_aes_ctr_params = {
30 .ulCounterBits = 1,
31};
32
33static CK_MECHANISM cktest_aes_ecb_mechanism = {
34 CKM_AES_ECB,
35 NULL, 0,
36};
37static CK_MECHANISM cktest_aes_cbc_mechanism = {
38 CKM_AES_CBC,
39 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
40};
41static CK_MECHANISM cktest_aes_ctr_mechanism = {
42 CKM_AES_CTR,
43 (CK_BYTE_PTR)&cktest_aes_ctr_params, sizeof(cktest_aes_ctr_params),
44};
45static CK_MECHANISM cktest_aes_cts_mechanism = {
46 CKM_AES_CTS,
47 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
48};
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]49static CK_MECHANISM cktest_hmac_md5_mechanism = {
50 CKM_MD5_HMAC, NULL, 0,
51};
52static CK_MECHANISM cktest_hmac_sha1_mechanism = {
53 CKM_SHA_1_HMAC, NULL, 0,
54};
55static CK_MECHANISM cktest_hmac_sha224_mechanism = {
56 CKM_SHA224_HMAC, NULL, 0,
57};
58static CK_MECHANISM cktest_hmac_sha256_mechanism = {
59 CKM_SHA256_HMAC, NULL, 0,
60};
61static CK_MECHANISM cktest_hmac_sha384_mechanism = {
62 CKM_SHA384_HMAC, NULL, 0,
63};
64static CK_MECHANISM cktest_hmac_sha512_mechanism = {
65 CKM_SHA512_HMAC, NULL, 0,
66};
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]67static CK_MECHANISM cktest_gensecret_keygen_mechanism = {
68 CKM_GENERIC_SECRET_KEY_GEN, NULL, 0,
69};
70static CK_MECHANISM cktest_aes_keygen_mechanism = {
71 CKM_AES_KEY_GEN, NULL, 0,
72};
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]73
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]74/*
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]75 * Util to find a slot on which to open a session
76 */
77static CK_RV close_lib(void)
78{
79 return C_Finalize(0);
80}
81
82static CK_RV init_lib_and_find_token_slot(CK_SLOT_ID *slot)
83{
84 CK_RV rv = CKR_GENERAL_ERROR;
85 CK_SLOT_ID_PTR slots = NULL;
86 CK_ULONG count = 0;
87
88 rv = C_Initialize(0);
89 if (rv)
90 return rv;
91
92 rv = C_GetSlotList(CK_TRUE, NULL, &count);
93 if (rv != CKR_OK)
94 goto bail;
95
96 if (count < 1) {
97 rv = CKR_GENERAL_ERROR;
98 goto bail;
99 }
100
101 slots = malloc(count * sizeof(CK_SLOT_ID));
102 if (!slots) {
103 rv = CKR_HOST_MEMORY;
104 goto bail;
105 }
106
107 rv = C_GetSlotList(CK_TRUE, slots, &count);
108 if (rv)
109 goto bail;
110
111 /* Use the last slot */
112 *slot = slots[count - 1];
113
114bail:
115 free(slots);
116 if (rv)
117 close_lib();
118
119 return rv;
120}
121
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]122static void xtest_pkcs11_test_1000(ADBG_Case_t *c)
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]123{
124 CK_RV rv;
125
126 rv = C_Initialize(NULL);
127 if (!ADBG_EXPECT_CK_OK(c, rv))
128 return;
129
130 rv = C_Finalize(NULL);
131 if (!ADBG_EXPECT_CK_OK(c, rv))
132 return;
133
134 rv = C_Initialize(NULL);
135 if (!ADBG_EXPECT_CK_OK(c, rv))
136 return;
137
138 rv = C_Initialize(NULL);
139 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_ALREADY_INITIALIZED, rv);
140
141 rv = C_Finalize(NULL);
142 ADBG_EXPECT_CK_OK(c, rv);
Etienne Carriere21f4e3c2020-02-05 15:40:24 +0100[diff] [blame]143
144 rv = C_Finalize(NULL);
145 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_NOT_INITIALIZED, rv);
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]146}
147
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]148ADBG_CASE_DEFINE(pkcs11, 1000, xtest_pkcs11_test_1000,
149 "Initialize and close Cryptoki library");
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]150
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]151static void xtest_pkcs11_test_1001(ADBG_Case_t *c)
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]152{
153 CK_RV rv = CKR_GENERAL_ERROR;
154 CK_SLOT_ID_PTR slot_ids = NULL;
155 CK_ULONG slot_count = 0;
156 CK_ULONG present_slot_count = 0;
157 CK_INFO lib_info = { };
158 CK_SLOT_INFO slot_info = { };
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]159 CK_TOKEN_INFO token_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]160 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
161 size_t i = 0;
162 CK_SLOT_ID max_slot_id = 0;
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]163 CK_MECHANISM_TYPE_PTR mecha_types = NULL;
164 CK_ULONG mecha_count = 0;
165 CK_MECHANISM_INFO mecha_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]166
167 rv = C_Initialize(NULL);
168 if (!ADBG_EXPECT_CK_OK(c, rv))
169 return;
170
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]171 Do_ADBG_BeginSubCase(c, "Test C_GetFunctionList()");
172
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]173 rv = C_GetFunctionList(&ckfunc_list);
174 if (!ADBG_EXPECT_CK_OK(c, rv))
175 goto out;
176
177 if (!ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetInfo) ||
178 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotList) ||
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]179 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotInfo) ||
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]180 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetTokenInfo) ||
181 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismList) ||
182 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismInfo))
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]183 goto out;
184
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]185 Do_ADBG_EndSubCase(c, "Test C_GetFunctionList()");
186 Do_ADBG_BeginSubCase(c, "Test C_GetInfo()");
187
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]188 rv = C_GetInfo(&lib_info);
189 if (!ADBG_EXPECT_CK_OK(c, rv))
190 goto out;
191
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]192 Do_ADBG_EndSubCase(c, "Test C_GetInfo()");
193 Do_ADBG_BeginSubCase(c, "Test C_GetSlotList()");
194
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]195 rv = C_GetSlotList(0, NULL, &slot_count);
196 if (!ADBG_EXPECT_CK_OK(c, rv))
197 goto out;
198
199 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, !=, 0))
200 goto out;
201
Etienne Carrierede746332020-03-04 19:43:53 +0100[diff] [blame]202 if (slot_count > 1) {
203 /* Ensure case non-NULL-buffer and zero-count is tested */
204 CK_SLOT_ID id = 0;
205
206 slot_count = 0;
207 rv = C_GetSlotList(0, &id, &slot_count);
208 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
209 goto out;
210 }
211
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]212 rv = C_GetSlotList(1, NULL, &present_slot_count);
213 if (!ADBG_EXPECT_CK_OK(c, rv))
214 goto out;
215
216 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, ==,
217 present_slot_count))
218 goto out;
219
220 slot_ids = calloc(slot_count, sizeof(CK_SLOT_ID));
221 if (!ADBG_EXPECT_NOT_NULL(c, slot_ids))
222 goto out;
223
224 slot_count--;
225 rv = C_GetSlotList(1, slot_ids, &slot_count);
226 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
227 goto out;
228
229 rv = C_GetSlotList(1, slot_ids, &slot_count);
230 if (!ADBG_EXPECT_CK_OK(c, rv))
231 goto out;
232
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]233 Do_ADBG_EndSubCase(c, "Test C_GetSlotList()");
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]234 Do_ADBG_BeginSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]235
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]236 for (i = 0; i < slot_count; i++) {
237 CK_SLOT_ID slot = slot_ids[i];
238
239 rv = C_GetSlotInfo(slot, &slot_info);
240 if (!ADBG_EXPECT_CK_OK(c, rv))
241 goto out;
242
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]243 rv = C_GetTokenInfo(slot, &token_info);
244 if (!ADBG_EXPECT_CK_OK(c, rv))
245 goto out;
246
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]247 if (max_slot_id < slot)
248 max_slot_id = slot;
249 }
250
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]251 Do_ADBG_EndSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]252 Do_ADBG_BeginSubCase(c, "Test C_GetMechanism{List|Info}()");
253
254 for (i = 0; i < slot_count; i++) {
255 CK_SLOT_ID slot = slot_ids[i];
256 size_t j = 0;
257
258 mecha_count = 0;
259 rv = C_GetMechanismList(slot, NULL, &mecha_count);
260 if (!ADBG_EXPECT_CK_OK(c, rv))
261 goto out;
262
263 if (mecha_count == 0)
264 continue;
265
266 free(mecha_types);
267 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
268 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
269 goto out;
270
271 /* Test specific case: valid buffer reference with 0 count */
272 mecha_count = 0;
273 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
274 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
275 goto out;
276
277 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
278 if (!ADBG_EXPECT_CK_OK(c, rv))
279 goto out;
280
281 for (j = 0; j < mecha_count; j++) {
282 rv = C_GetMechanismInfo(slot, mecha_types[j],
283 &mecha_info);
284 if (!ADBG_EXPECT_CK_OK(c, rv))
285 goto out;
286 }
287 }
288
289 Do_ADBG_EndSubCase(c, "Test C_GetMechanism{List|Info}()");
Vesa Jääskeläinen60298cc2021-01-19 09:06:00 +0200[diff] [blame]290 Do_ADBG_BeginSubCase(c, "Test C_GetMechanismList() with larger result buffer");
291
292 for (i = 0; i < slot_count; i++) {
293 CK_SLOT_ID slot = slot_ids[i];
294 CK_ULONG real_mecha_count = 0;
295 CK_ULONG alloc_mecha_count = 0;
296 uint8_t *data_ptr = NULL;
297 size_t j = 0;
298
299 rv = C_GetMechanismList(slot, NULL, &real_mecha_count);
300 if (!ADBG_EXPECT_CK_OK(c, rv))
301 goto out;
302
303 if (real_mecha_count == 0)
304 continue;
305
306 /* Allocate more memory for mechanisms than required */
307 alloc_mecha_count = real_mecha_count + 16;
308 mecha_count = alloc_mecha_count;
309
310 free(mecha_types);
311 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
312 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
313 goto out;
314 memset(mecha_types, 0xCC,
315 alloc_mecha_count * sizeof(*mecha_types));
316
317 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
318 if (!ADBG_EXPECT_CK_OK(c, rv))
319 goto out;
320
321 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, mecha_count, ==,
322 real_mecha_count))
323 goto out;
324
325 data_ptr = (uint8_t *)mecha_types;
326 for (j = real_mecha_count * sizeof(*mecha_types);
327 j < alloc_mecha_count * sizeof(*mecha_types); j++)
328 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, data_ptr[j], ==,
329 0xCC))
330 break;
331 }
332
333 Do_ADBG_EndSubCase(c, "Test C_GetMechanismList() with larger result buffer");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]334 Do_ADBG_BeginSubCase(c, "Test C_Get*Info() with invalid reference");
335
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]336 rv = C_GetSlotInfo(max_slot_id + 1, &slot_info);
337 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
338 goto out;
339
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]340 rv = C_GetTokenInfo(max_slot_id + 1, &token_info);
341 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
342 goto out;
343
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]344 mecha_count = 1;
345 if (!mecha_types)
346 mecha_types = malloc(sizeof(*mecha_types));
347 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
348 goto out;
349
350 rv = C_GetMechanismList(max_slot_id + 1, mecha_types, &mecha_count);
351 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
352 goto out;
353
354 rv = C_GetMechanismInfo(max_slot_id + 1, CKM_AES_KEY_GEN, &mecha_info);
355 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
356 goto out;
357
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]358 rv = C_GetSlotInfo(ULONG_MAX, &slot_info);
359 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
360 goto out;
361
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]362 rv = C_GetTokenInfo(ULONG_MAX, &token_info);
363 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
364 goto out;
365
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]366 mecha_count = 1;
367 rv = C_GetMechanismList(ULONG_MAX, mecha_types, &mecha_count);
368 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
369 goto out;
370
371 rv = C_GetMechanismInfo(ULONG_MAX, CKM_AES_KEY_GEN, &mecha_info);
372 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
373 goto out;
374
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]375out:
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]376 Do_ADBG_EndSubCase(c, NULL);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]377 free(slot_ids);
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]378 free(mecha_types);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]379
380 rv = C_Finalize(NULL);
381 ADBG_EXPECT_CK_OK(c, rv);
382}
383
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]384ADBG_CASE_DEFINE(pkcs11, 1001, xtest_pkcs11_test_1001,
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]385 "PKCS11: List PKCS#11 slots and get information from");
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]386
387static void xtest_pkcs11_test_1002(ADBG_Case_t *c)
388{
389 CK_RV rv = CKR_GENERAL_ERROR;
390 CK_SLOT_ID slot = 0;
391 CK_SESSION_HANDLE session[3] = { 0 };
392 CK_FLAGS session_flags = 0;
393 CK_SESSION_INFO session_info = { };
394 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
395
396 rv = init_lib_and_find_token_slot(&slot);
397 if (!ADBG_EXPECT_CK_OK(c, rv))
398 return;
399
400 rv = C_GetFunctionList(&ckfunc_list);
401 if (!ADBG_EXPECT_CK_OK(c, rv) ||
402 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_OpenSession) ||
403 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseSession) ||
404 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseAllSessions) ||
405 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSessionInfo))
406 goto bail;
407
408 Do_ADBG_BeginSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
409
410 session_flags = CKF_RW_SESSION;
411
412 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
Vesa Jääskeläinenc1378d92020-12-31 12:53:10 +0200[diff] [blame]413 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_PARALLEL_NOT_SUPPORTED, rv))
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]414 goto bail;
415
416 session_flags = CKF_SERIAL_SESSION;
417
418 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
419 if (!ADBG_EXPECT_CK_OK(c, rv))
420 goto bail;
421
422 rv = C_GetSessionInfo(session[0], &session_info);
423 if (!ADBG_EXPECT_CK_OK(c, rv) ||
424 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
425 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
426 session_flags) ||
427 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
428 CKS_RO_PUBLIC_SESSION) ||
429 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
430 goto bail;
431
432 session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
433
434 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[1]);
435 if (!ADBG_EXPECT_CK_OK(c, rv))
436 goto bail;
437
438 rv = C_GetSessionInfo(session[1], &session_info);
439 if (!ADBG_EXPECT_CK_OK(c, rv) ||
440 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
441 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
442 session_flags) ||
443 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
444 CKS_RW_PUBLIC_SESSION) ||
445 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
446 goto bail;
447
448 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[2]);
449 if (!ADBG_EXPECT_CK_OK(c, rv))
450 goto bail;
451
452 rv = C_GetSessionInfo(session[2], &session_info);
453 if (!ADBG_EXPECT_CK_OK(c, rv) ||
454 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
455 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
456 session_flags) ||
457 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
458 CKS_RW_PUBLIC_SESSION) ||
459 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
460 goto bail;
461
462 Do_ADBG_EndSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
463 Do_ADBG_BeginSubCase(c, "Test C_CloseSession()");
464
465 /* Close 2 of them */
466 rv = C_CloseSession(session[0]);
467 if (!ADBG_EXPECT_CK_OK(c, rv))
468 goto bail;
469
470 rv = C_GetSessionInfo(session[0], &session_info);
471 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
472 goto bail;
473
474 rv = C_GetSessionInfo(session[1], &session_info);
475 if (!ADBG_EXPECT_CK_OK(c, rv))
476 goto bail;
477
478 rv = C_GetSessionInfo(session[2], &session_info);
479 if (!ADBG_EXPECT_CK_OK(c, rv))
480 goto bail;
481
482 /* Close all remaining sessions, later calls should failed on session */
483 rv = C_CloseAllSessions(slot);
484 if (!ADBG_EXPECT_CK_OK(c, rv))
485 goto bail;
486
487 rv = C_CloseSession(session[1]);
488 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
489 goto bail;
490
491 rv = C_CloseSession(session[2]);
492 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
493 goto bail;
494
495 rv = C_GetSessionInfo(session[1], &session_info);
496 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
497 goto bail;
498
499 rv = C_GetSessionInfo(session[2], &session_info);
500 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
501 goto bail;
502
503 /* Open a session, should be closed from library closure */
504 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
505 if (!ADBG_EXPECT_CK_OK(c, rv))
506 goto bail;
507
508bail:
509 Do_ADBG_EndSubCase(c, NULL);
510 rv = close_lib();
511 ADBG_EXPECT_CK_OK(c, rv);
512}
513
514ADBG_CASE_DEFINE(pkcs11, 1002, xtest_pkcs11_test_1002,
515 "PKCS11: Open and close PKCS#11 sessions");
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]516
517/*
518 * Helpers for tests where we must log into the token.
519 * These define the genuine PINs and label to be used with the test token.
520 */
521static CK_UTF8CHAR test_token_so_pin[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 , 9, 10, };
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]522static CK_UTF8CHAR test_token_user_pin[] = {
523 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
524};
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]525static CK_UTF8CHAR test_token_label[] = "PKCS11 TA test token";
526
527static CK_RV init_test_token(CK_SLOT_ID slot)
528{
529 return C_InitToken(slot, test_token_so_pin, sizeof(test_token_so_pin),
530 test_token_label);
531}
532
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]533/* Login as user, eventually reset user PIN if needed */
534static CK_RV init_user_test_token(CK_SLOT_ID slot)
535{
536 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
537 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
538 CK_RV rv = CKR_GENERAL_ERROR;
539
540 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
541 if (rv)
542 return rv;
543
544 rv = C_Login(session, CKU_USER, test_token_user_pin,
545 sizeof(test_token_user_pin));
546 if (rv == CKR_OK) {
547 C_Logout(session);
548 C_CloseSession(session);
549 return rv;
550 }
551
552 rv = C_Login(session, CKU_SO, test_token_so_pin,
553 sizeof(test_token_so_pin));
554 if (rv) {
555 C_CloseSession(session);
556
557 rv = init_test_token(slot);
558 if (rv)
559 return rv;
560
561 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
562 if (rv)
563 return rv;
564
565 rv = C_Login(session, CKU_SO, test_token_so_pin,
566 sizeof(test_token_so_pin));
567 if (rv) {
568 C_CloseSession(session);
569 return rv;
570 }
571 }
572
573 rv = C_InitPIN(session, test_token_user_pin,
574 sizeof(test_token_user_pin));
575
576 C_Logout(session);
577 C_CloseSession(session);
578
579 return rv;
580}
581
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]582static CK_RV test_already_initialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
583{
584 CK_RV rv = CKR_GENERAL_ERROR;
585 CK_TOKEN_INFO token_info = { };
586 /* Same content as test_token_so_pin[] but 1 more byte */
587 CK_UTF8CHAR pin1[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, };
588 /* Same content as test_token_so_pin[] but 1 different byte */
589 CK_UTF8CHAR pin2[] = { 0, 1, 2, 3, 4, 5, 6, 6, 8, 9, 10, };
590 CK_FLAGS flags = 0;
591
592 Do_ADBG_BeginSubCase(c, "C_InitToken() on initialized token");
593
594 rv = C_GetTokenInfo(slot, &token_info);
595 if (!ADBG_EXPECT_CK_OK(c, rv))
596 goto out;
597
598 rv = C_InitToken(slot, test_token_so_pin,
599 sizeof(test_token_so_pin) - 1, test_token_label);
600 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
601 goto out;
602
603 rv = C_InitToken(slot, pin1, sizeof(pin1), test_token_label);
604 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
605 goto out;
606
607 rv = C_InitToken(slot, pin2, sizeof(pin2), test_token_label);
608 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
609 goto out;
610
611 rv = C_GetTokenInfo(slot, &token_info);
612 if (!ADBG_EXPECT_CK_OK(c, rv))
613 goto out;
614
615 flags = token_info.flags;
616
617 /* Token should have set CKF_SO_PIN_COUNT_LOW to 1 */
618 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_SO_PIN_COUNT_LOW))) {
619 rv = CKR_GENERAL_ERROR;
620 goto out;
621 }
622
623 rv = init_test_token(slot);
624 if (!ADBG_EXPECT_CK_OK(c, rv))
625 goto out;
626
627 rv = C_GetTokenInfo(slot, &token_info);
628 if (!ADBG_EXPECT_CK_OK(c, rv))
629 goto out;
630
631 flags = token_info.flags;
632
633 /*
634 * Token should have reset CKF_SO_PIN_COUNT_LOW to 0.
635 * Other flags should show a sane initialized state.
636 */
637 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_SO_PIN_COUNT_LOW)) ||
638 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
639 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
640 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
641 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]642 goto out;
643 }
644
645 rv = init_user_test_token(slot);
646 if (!ADBG_EXPECT_CK_OK(c, rv))
647 goto out;
648
649 rv = C_GetTokenInfo(slot, &token_info);
650 if (!ADBG_EXPECT_CK_OK(c, rv))
651 goto out;
652
653 flags = token_info.flags;
654
655 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
656 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
657 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
658 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
659 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
660 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE))) {
661 rv = CKR_GENERAL_ERROR;
662 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]663 }
664
665out:
666 Do_ADBG_EndSubCase(c, "C_InitToken() on initialized token");
667
668 return rv;
669}
670
671static CK_RV test_uninitialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
672{
673 CK_RV rv = CKR_GENERAL_ERROR;
674 CK_TOKEN_INFO token_info = { };
675 CK_FLAGS flags = 0;
676
677 Do_ADBG_BeginSubCase(c, "C_InitToken() on uninitialized token");
678
679 rv = init_test_token(slot);
680 if (!ADBG_EXPECT_CK_OK(c, rv))
681 goto out;
682
683 rv = C_GetTokenInfo(slot, &token_info);
684 if (!ADBG_EXPECT_CK_OK(c, rv))
685 goto out;
686
687 flags = token_info.flags;
688
689 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
690 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
691 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
692 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]693 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]694 }
695
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]696 rv = init_user_test_token(slot);
697 if (!ADBG_EXPECT_CK_OK(c, rv))
698 goto out;
699
700 rv = C_GetTokenInfo(slot, &token_info);
701 if (!ADBG_EXPECT_CK_OK(c, rv))
702 goto out;
703
704 flags = token_info.flags;
705
706 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
707 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
708 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
709 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
710 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
711 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
712 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)))
713 rv = CKR_GENERAL_ERROR;
714
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]715out:
716 Do_ADBG_EndSubCase(c, "C_InitToken() on uninitialized token");
717
718 return rv;
719}
720
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]721static CK_RV test_login_logout(ADBG_Case_t *c, CK_SLOT_ID slot)
722{
723 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
724 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
725 CK_RV rv = CKR_GENERAL_ERROR;
726
727 Do_ADBG_BeginSubCase(c, "Test C_Login()/C_Logout()");
728
729 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
730 if (!ADBG_EXPECT_CK_OK(c, rv))
731 goto out;
732
733 /* Logout: should fail as we did not log in yet */
734 rv = C_Logout(session);
735 ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv);
736
737 /* Login/re-log/logout user */
738 rv = C_Login(session, CKU_USER, test_token_user_pin,
739 sizeof(test_token_user_pin));
740 if (!ADBG_EXPECT_CK_OK(c, rv))
741 goto out;
742
743 rv = C_Login(session, CKU_USER, test_token_user_pin,
744 sizeof(test_token_user_pin));
745 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
746
747 rv = C_Logout(session);
748 if (!ADBG_EXPECT_CK_OK(c, rv))
749 goto out;
750
751 /* Login/re-log/logout security officer */
752 rv = C_Login(session, CKU_SO, test_token_so_pin,
753 sizeof(test_token_so_pin));
754 if (!ADBG_EXPECT_CK_OK(c, rv))
755 goto out;
756
757 rv = C_Login(session, CKU_SO, test_token_so_pin,
758 sizeof(test_token_so_pin));
759 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
760
761 rv = C_Logout(session);
762 if (!ADBG_EXPECT_CK_OK(c, rv))
763 goto out;
764
765 /* Login user then SO and reverse */
766 rv = C_Login(session, CKU_SO, test_token_so_pin,
767 sizeof(test_token_so_pin));
768 ADBG_EXPECT_CK_OK(c, rv);
769
770 rv = C_Login(session, CKU_USER, test_token_user_pin,
771 sizeof(test_token_user_pin));
772 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
773
774 rv = C_Logout(session);
775 if (!ADBG_EXPECT_CK_OK(c, rv))
776 goto out;
777
778 rv = C_Login(session, CKU_USER, test_token_user_pin,
779 sizeof(test_token_user_pin));
780 ADBG_EXPECT_CK_OK(c, rv);
781
782 rv = C_Login(session, CKU_SO, test_token_so_pin,
783 sizeof(test_token_so_pin));
784 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
785
786 rv = C_Logout(session);
787 ADBG_EXPECT_CK_OK(c, rv);
788
789 /* Login context specifc, in an invalid case (need an operation) */
790 rv = C_Login(session, CKU_CONTEXT_SPECIFIC, test_token_user_pin,
791 sizeof(test_token_user_pin));
792 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
793
794 rv = C_CloseSession(session);
795 ADBG_EXPECT_CK_OK(c, rv);
796
797out:
798 Do_ADBG_EndSubCase(c, "Test C_Login()/C_Logout()");
799 return rv;
800}
801
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]802static CK_RV test_set_pin(ADBG_Case_t *c, CK_SLOT_ID slot,
803 CK_USER_TYPE user_type)
804{
805 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
806 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
807 CK_UTF8CHAR some_pin[] = { 7, 6, 5, 4, 3, 2, 1, 2, 3, 4, 5, 6, 7 };
808 CK_UTF8CHAR_PTR old_pin = NULL;
809 CK_USER_TYPE ut = user_type;
810 size_t old_pin_sz = 0;
811 CK_RV rv2 = CKR_OK;
812 CK_RV rv = CKR_OK;
813
814 Do_ADBG_BeginSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
815
816 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
817 if (!ADBG_EXPECT_CK_OK(c, rv))
818 goto out;
819
820 if (user_type == CKU_SO) {
821 old_pin = (CK_UTF8CHAR_PTR)test_token_so_pin;
822 old_pin_sz = sizeof(test_token_so_pin);
823 } else {
824 old_pin = (CK_UTF8CHAR_PTR)test_token_user_pin;
825 old_pin_sz = sizeof(test_token_user_pin);
826 ut = CKU_USER;
827 }
828
829 if (ut == user_type) {
830 rv = C_Login(session, ut, old_pin, old_pin_sz);
831 if (!ADBG_EXPECT_CK_OK(c, rv))
832 goto out_session;
833 }
834
835 rv = C_SetPIN(session, old_pin, old_pin_sz, some_pin, sizeof(some_pin));
836 if (!ADBG_EXPECT_CK_OK(c, rv)) {
837 if (ut == user_type)
838 goto out_logout;
839 else
840 goto out_session;
841 }
842
843 if (ut == user_type) {
844 rv = C_Logout(session);
845 if (!ADBG_EXPECT_CK_OK(c, rv))
846 goto out_session;
847 }
848
849 rv = C_Login(session, ut, some_pin, sizeof(some_pin));
850 if (!ADBG_EXPECT_CK_OK(c, rv))
851 goto out_session;
852
853 rv = C_SetPIN(session, some_pin, sizeof(some_pin), old_pin, old_pin_sz);
854 ADBG_EXPECT_CK_OK(c, rv);
855
856out_logout:
857 rv2 = C_Logout(session);
858 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
859 rv = rv2;
860out_session:
861 rv2 = C_CloseSession(session);
862 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
863 rv = rv2;
864out:
865 Do_ADBG_EndSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
866
867 return rv;
868}
869
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]870static void xtest_pkcs11_test_1003(ADBG_Case_t *c)
871{
872 CK_RV rv = CKR_GENERAL_ERROR;
873 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
874 CK_SLOT_ID slot = 0;
875 CK_TOKEN_INFO token_info = { };
876
877 rv = C_GetFunctionList(&ckfunc_list);
878 if (!ADBG_EXPECT_CK_OK(c, rv) ||
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]879 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitToken) ||
880 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitPIN) ||
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]881 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_SetPIN) ||
882 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Login) ||
883 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Logout))
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]884 goto out;
885
886 rv = init_lib_and_find_token_slot(&slot);
887 if (!ADBG_EXPECT_CK_OK(c, rv))
888 return;
889
890 rv = C_GetTokenInfo(slot, &token_info);
891 if (!ADBG_EXPECT_CK_OK(c, rv))
892 goto out;
893
894 /* Abort test if token is about to lock */
895 if (!ADBG_EXPECT_TRUE(c, !(token_info.flags & CKF_SO_PIN_FINAL_TRY)))
896 goto out;
897
898 if (!(token_info.flags & CKF_TOKEN_INITIALIZED)) {
899 rv = test_uninitialized_token(c, slot);
900 if (rv != CKR_OK)
901 goto out;
902 }
903
904 rv = test_already_initialized_token(c, slot);
905 if (rv != CKR_OK)
906 goto out;
907
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]908 rv = test_login_logout(c, slot);
909 if (rv != CKR_OK)
910 goto out;
911
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]912 rv = test_set_pin(c, slot, CKU_USER);
913 if (rv != CKR_OK)
914 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]915
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]916 rv = test_set_pin(c, slot, CKU_SO);
917 if (rv != CKR_OK)
918 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]919
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]920 /*
921 * CKU_CONTEXT_SPECIFIC is anything not CKU_USER or CKU_SO in order
922 * to skip the initial login.
923 */
924 test_set_pin(c, slot, CKU_CONTEXT_SPECIFIC);
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]925out:
926 rv = close_lib();
927 ADBG_EXPECT_CK_OK(c, rv);
928}
929
930ADBG_CASE_DEFINE(pkcs11, 1003, xtest_pkcs11_test_1003,
931 "PKCS11: Login to PKCS#11 token");
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]932
933static CK_ATTRIBUTE cktest_token_object[] = {
934 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
935 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
936 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
937 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
938 sizeof(CK_OBJECT_CLASS) },
939 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
940 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
941};
942
943static CK_ATTRIBUTE cktest_session_object[] = {
944 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
945 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
946 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
947 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
948 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
949 sizeof(CK_OBJECT_CLASS) },
950 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
951};
952
953/* Create session object and token object from a session */
954static void test_create_destroy_single_object(ADBG_Case_t *c, bool persistent)
955{
956 CK_RV rv = CKR_GENERAL_ERROR;
957 CK_SLOT_ID slot = 0;
958 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
959 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
960 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
961
962 rv = init_lib_and_find_token_slot(&slot);
963 if (!ADBG_EXPECT_CK_OK(c, rv))
964 return;
965
966 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
967 if (!ADBG_EXPECT_CK_OK(c, rv))
968 goto out;
969
970 if (persistent) {
971 rv = C_CreateObject(session, cktest_token_object,
972 ARRAY_SIZE(cktest_token_object),
973 &obj_hdl);
974 } else {
975 rv = C_CreateObject(session, cktest_session_object,
976 ARRAY_SIZE(cktest_session_object),
977 &obj_hdl);
978 }
979
980 if (!ADBG_EXPECT_CK_OK(c, rv))
981 goto out;
982
983 rv = C_DestroyObject(session, obj_hdl);
984 ADBG_EXPECT_CK_OK(c, rv);
985out:
986 rv = C_CloseSession(session);
987 ADBG_EXPECT_CK_OK(c, rv);
988
989 rv = close_lib();
990 ADBG_EXPECT_CK_OK(c, rv);
991}
992
993static void test_create_destroy_session_objects(ADBG_Case_t *c)
994{
995 CK_RV rv = CKR_GENERAL_ERROR;
996 CK_SLOT_ID slot = 0;
997 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
998 CK_OBJECT_HANDLE obj_hdl[512] = { 0 };
999 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
1000 size_t n = 0;
1001
1002 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
1003 obj_hdl[n] = CK_INVALID_HANDLE;
1004
1005 rv = init_lib_and_find_token_slot(&slot);
1006 if (!ADBG_EXPECT_CK_OK(c, rv))
1007 return;
1008
1009 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1010 if (!ADBG_EXPECT_CK_OK(c, rv))
1011 goto out;
1012
1013 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++) {
1014 rv = C_CreateObject(session, cktest_session_object,
1015 ARRAY_SIZE(cktest_session_object),
1016 obj_hdl + n);
1017
1018 if (rv == CKR_DEVICE_MEMORY || !ADBG_EXPECT_CK_OK(c, rv))
1019 break;
1020 }
1021
1022 Do_ADBG_Log(" created object count: %zu", n);
1023
1024 rv = C_CloseSession(session);
1025 ADBG_EXPECT_CK_OK(c, rv);
1026
1027 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1028 if (!ADBG_EXPECT_CK_OK(c, rv))
1029 goto out;
1030
1031 rv = C_CreateObject(session, cktest_session_object,
1032 ARRAY_SIZE(cktest_session_object),
1033 obj_hdl);
1034
1035 ADBG_EXPECT_CK_OK(c, rv);
1036
1037out:
1038 rv = C_CloseSession(session);
1039 ADBG_EXPECT_CK_OK(c, rv);
1040
1041 rv = close_lib();
1042 ADBG_EXPECT_CK_OK(c, rv);
1043}
1044
1045/* Create session object and token object from a session */
1046static void test_create_objects_in_session(ADBG_Case_t *c, bool readwrite)
1047{
1048 CK_RV rv = CKR_GENERAL_ERROR;
1049 CK_SLOT_ID slot = 0;
1050 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1051 CK_OBJECT_HANDLE token_obj_hld = CK_INVALID_HANDLE;
1052 CK_OBJECT_HANDLE session_obj_hld = CK_INVALID_HANDLE;
1053 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1054
1055 rv = init_lib_and_find_token_slot(&slot);
1056 if (!ADBG_EXPECT_CK_OK(c, rv))
1057 return;
1058
1059 if (readwrite)
1060 session_flags |= CKF_RW_SESSION;
1061
1062 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1063 if (!ADBG_EXPECT_CK_OK(c, rv))
1064 goto out;
1065
1066 rv = C_CreateObject(session, cktest_token_object,
1067 ARRAY_SIZE(cktest_token_object),
1068 &token_obj_hld);
1069
1070 if (readwrite) {
1071 if (!ADBG_EXPECT_CK_OK(c, rv))
1072 goto out;
1073 } else {
1074 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
1075 goto out;
1076 }
1077
1078 rv = C_CreateObject(session, cktest_session_object,
1079 ARRAY_SIZE(cktest_session_object),
1080 &session_obj_hld);
1081
1082 if (!ADBG_EXPECT_CK_OK(c, rv))
1083 goto out_tobj;
1084
1085 rv = C_DestroyObject(session, session_obj_hld);
1086 ADBG_EXPECT_CK_OK(c, rv);
1087
1088out_tobj:
1089 if (readwrite) {
1090 rv = C_DestroyObject(session, token_obj_hld);
1091 ADBG_EXPECT_CK_OK(c, rv);
1092 }
1093out:
1094 rv = C_CloseSession(session);
1095 ADBG_EXPECT_CK_OK(c, rv);
1096
1097 rv = close_lib();
1098 ADBG_EXPECT_CK_OK(c, rv);
1099}
1100
1101static void xtest_pkcs11_test_1004(ADBG_Case_t *c)
1102{
1103 Do_ADBG_BeginSubCase(c, "Create and destroy a volatile object");
1104 test_create_destroy_single_object(c, false /*!persistent*/);
1105 Do_ADBG_EndSubCase(c, "Create and destroy a volatile object");
1106
1107 Do_ADBG_BeginSubCase(c, "Create and destroy a persistent object");
1108 test_create_destroy_single_object(c, true /*persistent*/);
1109 Do_ADBG_EndSubCase(c, "Create and destroy a persistent object");
1110
1111 Do_ADBG_BeginSubCase(c, "Create and destroy many session objects");
1112 test_create_destroy_session_objects(c);
1113 Do_ADBG_EndSubCase(c, "Create and destroy many session objects");
1114
1115 Do_ADBG_BeginSubCase(c, "Create objects in a read-only session");
1116 test_create_objects_in_session(c, false /*!readwrite*/);
1117 Do_ADBG_EndSubCase(c, "Create objects in a read-only session");
1118
1119 Do_ADBG_BeginSubCase(c, "Create objects in a read/write session");
1120 test_create_objects_in_session(c, true /*readwrite*/);
1121 Do_ADBG_EndSubCase(c, "Create objects in a read/write session");
1122}
1123
1124ADBG_CASE_DEFINE(pkcs11, 1004, xtest_pkcs11_test_1004,
1125 "PKCS11: create/destroy PKCS#11 simple objects");
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]1126
1127
1128static const CK_MECHANISM_TYPE allowed_only_aes_ecb[] = {
1129 CKM_AES_ECB,
1130};
1131static const CK_MECHANISM_TYPE allowed_not_aes_ecb[] = {
1132 CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1133 CKM_AES_GCM, CKM_AES_CCM,
1134};
1135static const CK_MECHANISM_TYPE allowed_only_aes_cbcnopad[] = {
1136 CKM_AES_CBC,
1137};
1138static const CK_MECHANISM_TYPE allowed_not_aes_cbcnopad[] = {
1139 CKM_AES_ECB, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1140 CKM_AES_GCM, CKM_AES_CCM,
1141};
1142static const CK_MECHANISM_TYPE allowed_only_aes_ctr[] = {
1143 CKM_AES_CTR,
1144};
1145static const CK_MECHANISM_TYPE allowed_not_aes_ctr[] = {
1146 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTS,
1147 CKM_AES_GCM, CKM_AES_CCM,
1148};
1149static const CK_MECHANISM_TYPE allowed_only_aes_cts[] = {
1150 CKM_AES_CTS,
1151};
1152static const CK_MECHANISM_TYPE allowed_not_aes_cts[] = {
1153 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR,
1154 CKM_AES_GCM, CKM_AES_CCM,
1155};
1156
1157#define CKTEST_AES_KEY \
1158 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1159 sizeof(CK_OBJECT_CLASS) }, \
1160 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, \
1161 sizeof(CK_KEY_TYPE) }, \
1162 { CKA_VALUE, (void *)cktest_aes128_key, \
1163 sizeof(cktest_aes128_key) }
1164
1165#define CKTEST_AES_ALLOWED_KEY(_allowed) \
1166 { CKA_ALLOWED_MECHANISMS, (void *)_allowed, sizeof(_allowed), }
1167
1168#define CK_KEY_ALLOWED_AES_TEST(_label, _allowed) \
1169 static CK_ATTRIBUTE _label[] = { \
1170 CKTEST_AES_KEY, \
1171 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1172 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1173 CKTEST_AES_ALLOWED_KEY(_allowed), \
1174 }
1175
1176#define CK_KEY_ALLOWED_AES_ENC_TEST(_label, _allowed) \
1177 static CK_ATTRIBUTE _label[] = { \
1178 CKTEST_AES_KEY, \
1179 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1180 CKTEST_AES_ALLOWED_KEY(_allowed), \
1181 }
1182#define CK_KEY_ALLOWED_AES_DEC_TEST(_label, _allowed) \
1183 static CK_ATTRIBUTE _label[] = { \
1184 CKTEST_AES_KEY, \
1185 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1186 CKTEST_AES_ALLOWED_KEY(_allowed), \
1187 }
1188
1189CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ecb, allowed_only_aes_ecb);
1190CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ecb, allowed_not_aes_ecb);
1191CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cbcnopad, allowed_only_aes_cbcnopad);
1192CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cbcnopad, allowed_not_aes_cbcnopad);
1193CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cts, allowed_only_aes_cts);
1194CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cts, allowed_not_aes_cts);
1195CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ctr, allowed_only_aes_ctr);
1196CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ctr, allowed_not_aes_ctr);
1197
1198struct cktest_allowed_test {
1199 CK_ATTRIBUTE_PTR attr_key;
1200 CK_ULONG attr_count;
1201 CK_MECHANISM_PTR mechanism;
1202};
1203
1204#define CKTEST_KEY_MECHA(key, mecha) { \
1205 .attr_key = key, \
1206 .attr_count = ARRAY_SIZE(key), \
1207 .mechanism = mecha, \
1208 }
1209
1210static const struct cktest_allowed_test cktest_allowed_valid[] = {
1211 CKTEST_KEY_MECHA(cktest_aes_only_ecb, &cktest_aes_ecb_mechanism),
1212 CKTEST_KEY_MECHA(cktest_aes_only_cbcnopad, &cktest_aes_cbc_mechanism),
1213 CKTEST_KEY_MECHA(cktest_aes_only_cts, &cktest_aes_cts_mechanism),
1214 CKTEST_KEY_MECHA(cktest_aes_only_ctr, &cktest_aes_ctr_mechanism),
1215};
1216
1217static const struct cktest_allowed_test cktest_allowed_invalid[] = {
1218 CKTEST_KEY_MECHA(cktest_aes_not_ecb, &cktest_aes_ecb_mechanism),
1219 CKTEST_KEY_MECHA(cktest_aes_not_cbcnopad, &cktest_aes_cbc_mechanism),
1220 CKTEST_KEY_MECHA(cktest_aes_not_cts, &cktest_aes_cts_mechanism),
1221 CKTEST_KEY_MECHA(cktest_aes_not_ctr, &cktest_aes_ctr_mechanism),
1222};
1223
1224/* Create session object and token object from a session */
1225static CK_RV cipher_init_final(ADBG_Case_t *c, CK_SESSION_HANDLE session,
1226 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1227 CK_MECHANISM_PTR mechanism, uint32_t mode,
1228 CK_RV expected_rc)
1229{
1230 CK_RV rv2 = CKR_GENERAL_ERROR;
1231 CK_RV rv = CKR_GENERAL_ERROR;
1232 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1233
1234 switch (mode) {
1235 case TEE_MODE_ENCRYPT:
1236 case TEE_MODE_DECRYPT:
1237 break;
1238 default:
1239 ADBG_EXPECT_TRUE(c, false);
1240 }
1241
1242 rv = C_CreateObject(session, attr_key, attr_count, &object);
1243 if (!ADBG_EXPECT_CK_OK(c, rv))
1244 return rv;
1245
1246 if (mode == TEE_MODE_ENCRYPT)
1247 rv = C_EncryptInit(session, mechanism, object);
1248 if (mode == TEE_MODE_DECRYPT)
1249 rv = C_DecryptInit(session, mechanism, object);
1250
1251 if (!ADBG_EXPECT_CK_RESULT(c, expected_rc, rv)) {
1252 rv = CKR_GENERAL_ERROR;
1253 goto out;
1254 }
1255
1256 if (rv) {
1257 /*
1258 * If we're here it was the expected error code above and
1259 * we're supposed to return OK below.
1260 */
1261 rv = CKR_OK;
1262 } else {
1263 if (mode == TEE_MODE_ENCRYPT)
1264 rv = C_EncryptFinal(session, NULL, NULL);
1265 if (mode == TEE_MODE_DECRYPT)
1266 rv = C_DecryptFinal(session, NULL, NULL);
1267
1268 /* Only check that the operation is no more active */
1269 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
1270 rv = CKR_GENERAL_ERROR;
1271 }
1272
1273out:
1274 rv2 = C_DestroyObject(session, object);
1275 ADBG_EXPECT_CK_OK(c, rv2);
1276
1277 if (rv)
1278 return rv;
1279 else
1280 return rv2;
1281}
1282
1283CK_KEY_ALLOWED_AES_ENC_TEST(cktest_aes_enc_only_cts, allowed_only_aes_cts);
1284
1285CK_KEY_ALLOWED_AES_DEC_TEST(cktest_aes_dec_only_ctr, allowed_only_aes_ctr);
1286
1287static void xtest_pkcs11_test_1005(ADBG_Case_t *c)
1288{
1289 CK_RV rv = CKR_GENERAL_ERROR;
1290 CK_SLOT_ID slot = 0;
1291 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1292 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1293 size_t n = 0;
1294
1295 rv = init_lib_and_find_token_slot(&slot);
1296 if (!ADBG_EXPECT_CK_OK(c, rv))
1297 return;
1298
1299 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1300 if (!ADBG_EXPECT_CK_OK(c, rv))
1301 goto out;
1302
1303 for (n = 0; n < ARRAY_SIZE(cktest_allowed_valid); n++) {
1304
1305 Do_ADBG_BeginSubCase(c, "valid usage #%zu", n);
1306
1307 rv = cipher_init_final(c, session,
1308 cktest_allowed_valid[n].attr_key,
1309 cktest_allowed_valid[n].attr_count,
1310 cktest_allowed_valid[n].mechanism,
1311 TEE_MODE_ENCRYPT,
1312 CKR_OK);
1313
1314 ADBG_EXPECT_CK_OK(c, rv);
1315
1316 Do_ADBG_EndSubCase(c, NULL);
1317 if (rv)
1318 goto out;
1319
1320 }
1321
1322 for (n = 0; n < ARRAY_SIZE(cktest_allowed_invalid); n++) {
1323 Do_ADBG_BeginSubCase(c, "invalid usage #%zu", n);
1324
1325 rv = cipher_init_final(c, session,
1326 cktest_allowed_invalid[n].attr_key,
1327 cktest_allowed_invalid[n].attr_count,
1328 cktest_allowed_invalid[n].mechanism,
1329 TEE_MODE_ENCRYPT,
1330 CKR_KEY_FUNCTION_NOT_PERMITTED);
1331
1332 ADBG_EXPECT_CK_OK(c, rv);
1333
1334 Do_ADBG_EndSubCase(c, NULL);
1335 if (rv)
1336 goto out;
1337
1338 }
1339
1340out:
1341 rv = C_CloseSession(session);
1342 ADBG_EXPECT_CK_OK(c, rv);
1343
1344 rv = close_lib();
1345 ADBG_EXPECT_CK_OK(c, rv);
1346}
1347
1348
1349ADBG_CASE_DEFINE(pkcs11, 1005, xtest_pkcs11_test_1005,
1350 "PKCS11: Check ciphering with valid and invalid keys #1");
1351
1352static void xtest_pkcs11_test_1006(ADBG_Case_t *c)
1353{
1354 CK_RV rv = CKR_GENERAL_ERROR;
1355 CK_SLOT_ID slot = 0;
1356 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1357 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1358
1359 rv = init_lib_and_find_token_slot(&slot);
1360 if (!ADBG_EXPECT_CK_OK(c, rv))
1361 return;
1362
1363 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1364 if (!ADBG_EXPECT_CK_OK(c, rv))
1365 goto out;
1366
1367 /* Encrypt only AES CTS key */
1368 rv = cipher_init_final(c, session,
1369 cktest_aes_enc_only_cts,
1370 ARRAY_SIZE(cktest_aes_enc_only_cts),
1371 &cktest_aes_cts_mechanism,
1372 TEE_MODE_ENCRYPT,
1373 CKR_OK);
1374 if (!ADBG_EXPECT_CK_OK(c, rv))
1375 goto out;
1376
1377 rv = cipher_init_final(c, session,
1378 cktest_aes_enc_only_cts,
1379 ARRAY_SIZE(cktest_aes_enc_only_cts),
1380 &cktest_aes_cts_mechanism,
1381 TEE_MODE_DECRYPT,
1382 CKR_KEY_FUNCTION_NOT_PERMITTED);
1383 if (!ADBG_EXPECT_CK_OK(c, rv))
1384 goto out;
1385
1386 /* Decrypt only AES CTR key */
1387 rv = cipher_init_final(c, session,
1388 cktest_aes_dec_only_ctr,
1389 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1390 &cktest_aes_ctr_mechanism,
1391 TEE_MODE_ENCRYPT,
1392 CKR_KEY_FUNCTION_NOT_PERMITTED);
1393 if (!ADBG_EXPECT_CK_OK(c, rv))
1394 goto out;
1395
1396 rv = cipher_init_final(c, session,
1397 cktest_aes_dec_only_ctr,
1398 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1399 &cktest_aes_ctr_mechanism,
1400 TEE_MODE_ENCRYPT,
1401 CKR_KEY_FUNCTION_NOT_PERMITTED);
1402 if (!ADBG_EXPECT_CK_OK(c, rv))
1403 goto out;
1404
1405out:
1406 rv = C_CloseSession(session);
1407 ADBG_EXPECT_CK_OK(c, rv);
1408
1409 rv = close_lib();
1410 ADBG_EXPECT_CK_OK(c, rv);
1411}
1412ADBG_CASE_DEFINE(pkcs11, 1006, xtest_pkcs11_test_1006,
1413 "PKCS11: Check ciphering with valid and invalid keys #2");
1414
1415static CK_RV open_cipher_session(ADBG_Case_t *c,
1416 CK_SLOT_ID slot, CK_SESSION_HANDLE_PTR session,
1417 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1418 CK_MECHANISM_PTR mechanism, uint32_t mode)
1419{
1420 CK_RV rv = CKR_GENERAL_ERROR;
1421 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1422 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1423
1424 switch (mode) {
1425 case TEE_MODE_ENCRYPT:
1426 case TEE_MODE_DECRYPT:
1427 break;
1428 default:
1429 ADBG_EXPECT_TRUE(c, false);
1430 return CKR_GENERAL_ERROR;
1431 }
1432
1433 rv = C_OpenSession(slot, session_flags, NULL, 0, session);
1434 if (rv == CKR_DEVICE_MEMORY)
1435 return rv;
1436 if (!ADBG_EXPECT_CK_OK(c, rv))
1437 return rv;
1438
1439 rv = C_CreateObject(*session, attr_key, attr_count, &object);
1440 if (rv == CKR_DEVICE_MEMORY)
1441 return rv;
1442 if (!ADBG_EXPECT_CK_OK(c, rv))
1443 return rv;
1444
1445 if (mode == TEE_MODE_ENCRYPT)
1446 rv = C_EncryptInit(*session, mechanism, object);
1447 if (mode == TEE_MODE_DECRYPT)
1448 rv = C_DecryptInit(*session, mechanism, object);
1449
1450 if (rv == CKR_DEVICE_MEMORY)
1451 return rv;
1452 if (!ADBG_EXPECT_CK_OK(c, rv))
1453 return CKR_GENERAL_ERROR;
1454
1455 return rv;
1456}
1457
1458static void xtest_pkcs11_test_1007(ADBG_Case_t *c)
1459{
1460 CK_RV rv = CKR_GENERAL_ERROR;
1461 CK_SLOT_ID slot = 0;
1462 CK_SESSION_HANDLE sessions[128];
1463 size_t n = 0;
1464
1465 for (n = 0; n < ARRAY_SIZE(sessions); n++)
1466 sessions[n] = CK_INVALID_HANDLE;
1467
1468 rv = init_lib_and_find_token_slot(&slot);
1469 if (!ADBG_EXPECT_CK_OK(c, rv))
1470 return;
1471
1472 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1473
1474 rv = open_cipher_session(c, slot, &sessions[n],
1475 cktest_allowed_valid[0].attr_key,
1476 cktest_allowed_valid[0].attr_count,
1477 cktest_allowed_valid[0].mechanism,
1478 TEE_MODE_ENCRYPT);
1479
1480 /* Failure due to memory allocation is not a error case */
1481 if (rv == CKR_DEVICE_MEMORY)
1482 break;
1483
1484 if (!ADBG_EXPECT_CK_OK(c, rv))
1485 goto out;
1486 }
1487
1488 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, >, 0))
1489 goto out;
1490
1491 Do_ADBG_Log(" created sessions count: %zu", n);
1492
1493 /* Closing session with out bound and invalid IDs (or negative ID) */
1494 rv = C_CloseSession(sessions[n - 1] + 1024);
1495 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1496 rv = C_CloseSession(CK_INVALID_HANDLE);
1497 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1498 rv = C_CloseSession(~0);
1499 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1500
1501 /* Closing each session: all related resources shall be free */
1502 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1503 if (sessions[n] == CK_INVALID_HANDLE)
1504 continue;
1505
1506 rv = C_CloseSession(sessions[n]);
1507 ADBG_EXPECT_CK_OK(c, rv);
1508 sessions[n] = CK_INVALID_HANDLE;
1509 }
1510
1511 /* Open and close another session */
1512 rv = open_cipher_session(c, slot, &sessions[0],
1513 cktest_allowed_valid[0].attr_key,
1514 cktest_allowed_valid[0].attr_count,
1515 cktest_allowed_valid[0].mechanism,
1516 TEE_MODE_ENCRYPT);
1517
1518 if (!ADBG_EXPECT_CK_OK(c, rv))
1519 goto out;
1520
1521 rv = C_CloseSession(sessions[0]);
1522 ADBG_EXPECT_CK_OK(c, rv);
1523 sessions[0] = CK_INVALID_HANDLE;
1524
1525out:
1526 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1527 if (sessions[n] == CK_INVALID_HANDLE)
1528 continue;
1529
1530 rv = C_CloseSession(sessions[n]);
1531 ADBG_EXPECT_CK_OK(c, rv);
1532 }
1533
1534 rv = close_lib();
1535 ADBG_EXPECT_CK_OK(c, rv);
1536}
1537ADBG_CASE_DEFINE(pkcs11, 1007, xtest_pkcs11_test_1007,
1538 "PKCS11: Check operations release at session closure");
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1539
1540#define CK_MAC_KEY_HMAC(_type, _key_array) \
1541 { \
1542 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, \
1543 sizeof(CK_BBOOL) }, \
1544 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, \
1545 sizeof(CK_BBOOL) }, \
1546 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1547 sizeof(CK_OBJECT_CLASS) }, \
1548 { CKA_KEY_TYPE, &(CK_KEY_TYPE){_type}, \
1549 sizeof(CK_KEY_TYPE) }, \
1550 { CKA_VALUE, (void *)(_key_array), \
1551 sizeof(_key_array) } \
1552 }
1553
1554static CK_ATTRIBUTE cktest_hmac_md5_key[] =
1555 CK_MAC_KEY_HMAC(CKK_MD5_HMAC, mac_data_md5_key1);
1556
1557static CK_ATTRIBUTE cktest_hmac_sha1_key[] =
1558 CK_MAC_KEY_HMAC(CKK_SHA_1_HMAC, mac_data_sha1_key1);
1559
1560static CK_ATTRIBUTE cktest_hmac_sha224_key[] =
1561 CK_MAC_KEY_HMAC(CKK_SHA224_HMAC, mac_data_sha224_key1);
1562
1563static CK_ATTRIBUTE cktest_hmac_sha256_key1[] =
1564 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key1);
1565
1566static CK_ATTRIBUTE cktest_hmac_sha256_key2[] =
1567 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key2);
1568
1569static CK_ATTRIBUTE cktest_hmac_sha384_key[] =
1570 CK_MAC_KEY_HMAC(CKK_SHA384_HMAC, mac_data_sha384_key1);
1571
1572static CK_ATTRIBUTE cktest_hmac_sha512_key[] =
1573 CK_MAC_KEY_HMAC(CKK_SHA512_HMAC, mac_data_sha512_key1);
1574
1575struct mac_test {
1576 CK_ATTRIBUTE_PTR attr_key;
1577 CK_ULONG attr_count;
1578 CK_MECHANISM_PTR mechanism;
1579 size_t in_incr;
1580 const uint8_t *in;
1581 size_t in_len;
1582 const uint8_t *out;
1583 size_t out_len;
1584 bool multiple_incr;
1585};
1586
1587#define CKTEST_MAC_TEST(key, mecha, input_incr, input, output, incr) { \
1588 .attr_key = key, \
1589 .attr_count = ARRAY_SIZE(key), \
1590 .mechanism = mecha, \
1591 .in_incr = input_incr, \
1592 .in = input, \
1593 .in_len = ARRAY_SIZE(input), \
1594 .out = output, \
1595 .out_len = ARRAY_SIZE(output), \
1596 .multiple_incr = incr \
1597 }
1598
1599static const struct mac_test cktest_mac_cases[] = {
1600 CKTEST_MAC_TEST(cktest_hmac_md5_key, &cktest_hmac_md5_mechanism,
1601 4, mac_data_md5_in1, mac_data_md5_out1, false),
1602 CKTEST_MAC_TEST(cktest_hmac_sha1_key, &cktest_hmac_sha1_mechanism,
1603 5, mac_data_sha1_in1, mac_data_sha1_out1, false),
1604 CKTEST_MAC_TEST(cktest_hmac_sha224_key, &cktest_hmac_sha224_mechanism,
1605 8, mac_data_sha224_in1, mac_data_sha224_out1, false),
1606 CKTEST_MAC_TEST(cktest_hmac_sha256_key1, &cktest_hmac_sha256_mechanism,
1607 1, mac_data_sha256_in1, mac_data_sha256_out1, false),
1608 CKTEST_MAC_TEST(cktest_hmac_sha256_key2, &cktest_hmac_sha256_mechanism,
1609 7, mac_data_sha256_in2, mac_data_sha256_out2, false),
1610 CKTEST_MAC_TEST(cktest_hmac_sha384_key, &cktest_hmac_sha384_mechanism,
1611 11, mac_data_sha384_in1, mac_data_sha384_out1, false),
1612 CKTEST_MAC_TEST(cktest_hmac_sha512_key, &cktest_hmac_sha512_mechanism,
1613 13, mac_data_sha512_in1, mac_data_sha512_out1, false),
1614};
1615
1616static void xtest_pkcs11_test_1008(ADBG_Case_t *c)
1617{
1618 CK_RV rv = CKR_GENERAL_ERROR;
1619 CK_SLOT_ID slot = 0;
1620 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1621 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1622 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1623 uint8_t out[512] = { 0 };
1624 CK_ULONG out_size = 0;
1625 struct mac_test const *test = NULL;
1626 size_t n = 0;
1627
1628 rv = init_lib_and_find_token_slot(&slot);
1629 if (!ADBG_EXPECT_CK_OK(c, rv))
1630 return;
1631
1632 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1633 if (!ADBG_EXPECT_CK_OK(c, rv))
1634 goto err_close_lib;
1635
1636 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1637
1638 test = &cktest_mac_cases[n];
1639 Do_ADBG_BeginSubCase(c, "Sign case %zu algo (%s)", n,
1640 ckm2str(test->mechanism->mechanism));
1641
1642 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1643 &key_handle);
1644 if (!ADBG_EXPECT_CK_OK(c, rv))
1645 goto err;
1646
1647 /* Test signature in 1 step */
1648 if (test->in != NULL) {
1649 rv = C_SignInit(session, test->mechanism, key_handle);
1650 if (!ADBG_EXPECT_CK_OK(c, rv))
1651 goto err_destr_obj;
1652
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame]1653 /* Pass input buffer of size 0 */
1654 rv = C_SignUpdate(session,
1655 (void *)test->in, 0);
1656 if (!ADBG_EXPECT_CK_OK(c, rv))
1657 goto err_destr_obj;
1658
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1659 rv = C_SignUpdate(session,
1660 (void *)test->in, test->in_len);
1661 if (!ADBG_EXPECT_CK_OK(c, rv))
1662 goto err_destr_obj;
1663
1664 /* Test too short buffer case */
1665 out_size = 1;
1666 rv = C_SignFinal(session, out, &out_size);
1667 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1668 goto err_destr_obj;
1669
1670 /*
1671 * Test NULL buffer case with size as 0
1672 * to get the out_size
1673 */
1674 out_size = 0;
1675 rv = C_SignFinal(session, NULL, &out_size);
1676 if (!ADBG_EXPECT_CK_OK(c, rv))
1677 goto err_destr_obj;
1678
1679 /* Get to full output */
1680 memset(out, 0, out_size);
1681 rv = C_SignFinal(session, out, &out_size);
1682 if (!ADBG_EXPECT_CK_OK(c, rv))
1683 goto err_destr_obj;
1684
1685 (void)ADBG_EXPECT_BUFFER(c, test->out,
1686 test->out_len,
1687 out, out_size);
1688 }
1689
1690 /* Test 2 step update signature */
1691 rv = C_SignInit(session, test->mechanism, key_handle);
1692 if (!ADBG_EXPECT_CK_OK(c, rv))
1693 goto err_destr_obj;
1694
1695 if (test->in != NULL) {
1696 rv = C_SignUpdate(session,
1697 (void *)test->in, test->in_incr);
1698 if (!ADBG_EXPECT_CK_OK(c, rv))
1699 goto err_destr_obj;
1700
1701 rv = C_SignUpdate(session,
1702 (void *)(test->in + test->in_incr),
1703 test->in_len - test->in_incr);
1704 if (!ADBG_EXPECT_CK_OK(c, rv))
1705 goto err_destr_obj;
1706 }
1707
1708 out_size = sizeof(out);
1709 memset(out, 0, sizeof(out));
1710
1711 rv = C_SignFinal(session, out, &out_size);
1712 if (!ADBG_EXPECT_CK_OK(c, rv))
1713 goto err_destr_obj;
1714
1715 (void)ADBG_EXPECT_BUFFER(c, test->out,
1716 test->out_len, out, out_size);
1717
1718 /* Test 3 signature in one shot */
1719 if (test->in != NULL) {
1720 rv = C_SignInit(session, test->mechanism, key_handle);
1721 if (!ADBG_EXPECT_CK_OK(c, rv))
1722 goto err_destr_obj;
1723
1724 /* Test too short buffer case */
1725 out_size = 1;
1726 rv = C_Sign(session,(void *)test->in, test->in_len,
1727 out, &out_size);
1728 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1729 goto err_destr_obj;
1730
1731 /*
1732 * Test NULL buffer case with size as 0
1733 * to get the out_size
1734 */
1735 out_size = 0;
1736 rv = C_Sign(session, (void *)test->in, test->in_len,
1737 NULL, &out_size);
1738 if (!ADBG_EXPECT_CK_OK(c, rv))
1739 goto err_destr_obj;
1740
1741 /* Get to full output */
1742 memset(out, 0, out_size);
1743 rv = C_Sign(session,(void *)test->in, test->in_len,
1744 out, &out_size);
1745 if (!ADBG_EXPECT_CK_OK(c, rv))
1746 goto err_destr_obj;
1747
1748 (void)ADBG_EXPECT_BUFFER(c, test->out,
1749 test->out_len,
1750 out, out_size);
1751 }
1752
1753 rv = C_DestroyObject(session, key_handle);
1754 if (!ADBG_EXPECT_CK_OK(c, rv))
1755 goto err;
1756
1757 Do_ADBG_EndSubCase(c, NULL);
1758 }
1759 goto out;
1760
1761err_destr_obj:
1762 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1763err:
1764 Do_ADBG_EndSubCase(c, NULL);
1765out:
1766 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1767err_close_lib:
1768 ADBG_EXPECT_CK_OK(c, close_lib());
1769}
1770ADBG_CASE_DEFINE(pkcs11, 1008, xtest_pkcs11_test_1008,
1771 "PKCS11: Check Compliance of C_Sign - HMAC algorithms");
1772
1773static void xtest_pkcs11_test_1009(ADBG_Case_t *c)
1774{
1775 CK_RV rv = CKR_GENERAL_ERROR;
1776 CK_SLOT_ID slot = 0;
1777 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1778 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1779 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1780 struct mac_test const *test = NULL;
1781 size_t n = 0;
1782
1783 rv = init_lib_and_find_token_slot(&slot);
1784 if (!ADBG_EXPECT_CK_OK(c, rv))
1785 return;
1786
1787 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1788 if (!ADBG_EXPECT_CK_OK(c, rv))
1789 goto err_close_lib;
1790
1791 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1792
1793 test = &cktest_mac_cases[n];
1794 Do_ADBG_BeginSubCase(c, "Verify case %zu algo (%s)", n,
1795 ckm2str(test->mechanism->mechanism));
1796
1797 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1798 &key_handle);
1799 if (!ADBG_EXPECT_CK_OK(c, rv))
1800 goto err;
1801
1802 /* Test Verification in 1 step */
1803 if (test->in != NULL) {
1804 rv = C_VerifyInit(session, test->mechanism, key_handle);
1805 if (!ADBG_EXPECT_CK_OK(c, rv))
1806 goto err_destr_obj;
1807
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame]1808 /* Pass input buffer with size 0 - No affect */
1809 rv = C_VerifyUpdate(session, (void *)test->in, 0);
1810 if (!ADBG_EXPECT_CK_OK(c, rv))
1811 goto err_destr_obj;
1812
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1813 rv = C_VerifyUpdate(session, (void *)test->in,
1814 test->in_len);
1815 if (!ADBG_EXPECT_CK_OK(c, rv))
1816 goto err_destr_obj;
1817
1818 rv = C_VerifyFinal(session,
1819 (void *)test->out, test->out_len);
1820 if (!ADBG_EXPECT_CK_OK(c, rv))
1821 goto err_destr_obj;
1822
1823 }
1824
1825 /* Test 2 step update verification*/
1826 rv = C_VerifyInit(session, test->mechanism, key_handle);
1827 if (!ADBG_EXPECT_CK_OK(c, rv))
1828 goto err_destr_obj;
1829
1830 if (test->in != NULL) {
1831 rv = C_VerifyUpdate(session,
1832 (void *)test->in, test->in_incr);
1833 if (!ADBG_EXPECT_CK_OK(c, rv))
1834 goto err_destr_obj;
1835
1836 rv = C_VerifyUpdate(session,
1837 (void *)(test->in + test->in_incr),
1838 test->in_len - test->in_incr);
1839 if (!ADBG_EXPECT_CK_OK(c, rv))
1840 goto err_destr_obj;
1841 }
1842
1843 rv = C_VerifyFinal(session, (void *)test->out, test->out_len);
1844 if (!ADBG_EXPECT_CK_OK(c, rv))
1845 goto err_destr_obj;
1846
1847 /* Error as Operation has already completed */
1848 rv = C_Verify(session,
1849 (void *)test->in, test->in_len,
1850 (void *)test->out, test->out_len);
1851 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED,
1852 rv))
1853 goto err_destr_obj;
1854
1855 /* Test 3 verification in one shot */
1856 if (test->in != NULL) {
1857 rv = C_VerifyInit(session, test->mechanism, key_handle);
1858 if (!ADBG_EXPECT_CK_OK(c, rv))
1859 goto err_destr_obj;
1860
1861 rv = C_Verify(session,
1862 (void *)test->in, test->in_len,
1863 (void *)test->out, test->out_len);
1864 if (!ADBG_EXPECT_CK_OK(c, rv))
1865 goto err_destr_obj;
1866
1867 /* Try calling Verify again */
1868 rv = C_Verify(session,
1869 (void *)test->in, test->in_len,
1870 (void *)test->out, test->out_len);
1871 if (!ADBG_EXPECT_CK_RESULT(c,
1872 CKR_OPERATION_NOT_INITIALIZED,
1873 rv))
1874 goto err_destr_obj;
1875 }
1876
1877 /*
1878 * Test 4 verification
1879 * Error - Signature Length Range with C_VerifyFinal
1880 */
1881 if (test->in != NULL) {
1882 rv = C_VerifyInit(session, test->mechanism, key_handle);
1883 if (!ADBG_EXPECT_CK_OK(c, rv))
1884 goto err_destr_obj;
1885
1886 rv = C_VerifyUpdate(session, (void *)test->in,
1887 test->in_len);
1888 if (!ADBG_EXPECT_CK_OK(c, rv))
1889 goto err_destr_obj;
1890
1891 rv = C_VerifyFinal(session, (void *)test->out, 3);
1892 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1893 rv))
1894 goto err_destr_obj;
1895 }
1896
1897 /*
1898 * Test 5 verification
1899 * Error - Signature Length Range with C_Verify
1900 */
1901 if (test->in != NULL) {
1902 rv = C_VerifyInit(session, test->mechanism, key_handle);
1903 if (!ADBG_EXPECT_CK_OK(c, rv))
1904 goto err_destr_obj;
1905
1906 rv = C_Verify(session,
1907 (void *)test->in, test->in_len,
1908 (void *)test->out, 0);
1909 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1910 rv))
1911 goto err_destr_obj;
1912 }
1913
1914 /* Test 6 verification - Invalid Operation sequence */
1915 if (test->in != NULL) {
1916 rv = C_VerifyInit(session, test->mechanism, key_handle);
1917 if (!ADBG_EXPECT_CK_OK(c, rv))
1918 goto err_destr_obj;
1919
1920 rv = C_Verify(session,
1921 (void *)test->in, test->in_len,
1922 (void *)test->out, test->out_len);
1923 if (!ADBG_EXPECT_CK_OK(c, rv))
1924 goto err_destr_obj;
1925
1926 /* Init session has already terminated with C_Verify */
1927 rv = C_VerifyUpdate(session, (void *)test->in,
1928 test->in_len);
1929 if (!ADBG_EXPECT_CK_RESULT(c,
1930 CKR_OPERATION_NOT_INITIALIZED,
1931 rv))
1932 goto err_destr_obj;
1933 }
1934
1935 rv = C_DestroyObject(session, key_handle);
1936 if (!ADBG_EXPECT_CK_OK(c, rv))
1937 goto err;
1938
1939 Do_ADBG_EndSubCase(c, NULL);
1940 }
1941 goto out;
1942
1943err_destr_obj:
1944 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1945err:
1946 Do_ADBG_EndSubCase(c, NULL);
1947out:
1948 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1949err_close_lib:
1950 ADBG_EXPECT_CK_OK(c, close_lib());
1951}
1952ADBG_CASE_DEFINE(pkcs11, 1009, xtest_pkcs11_test_1009,
1953 "PKCS11: Check Compliance of C_Verify - HMAC Algorithms");
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]1954
1955/* Bad key type */
1956static CK_ATTRIBUTE cktest_generate_gensecret_object_error1[] = {
1957 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1958 sizeof(CK_OBJECT_CLASS) },
1959 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
1960 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
1961};
1962
1963/* Missing VALUE_LEN */
1964static CK_ATTRIBUTE cktest_generate_gensecret_object_error2[] = {
1965 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1966 sizeof(CK_OBJECT_CLASS) },
1967 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1968 sizeof(CK_KEY_TYPE) },
1969};
1970
1971/* Bad object class */
1972static CK_ATTRIBUTE cktest_generate_gensecret_object_error3[] = {
1973 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA}, sizeof(CK_OBJECT_CLASS) },
1974 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1975 sizeof(CK_KEY_TYPE) },
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]1976 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]1977};
1978
1979/* Invalid template with CKA_LOCAL */
1980static CK_ATTRIBUTE cktest_generate_gensecret_object_error4[] = {
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]1981 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]1982 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1983};
1984
1985/* Valid template to generate a generic secret */
1986static CK_ATTRIBUTE cktest_generate_gensecret_object_valid1[] = {
1987 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1988 sizeof(CK_OBJECT_CLASS) },
1989 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1990 sizeof(CK_KEY_TYPE) },
1991 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1992 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]1993 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]1994};
1995
1996/* Valid template to generate a generic secret with only VALUE_LEN */
1997static CK_ATTRIBUTE cktest_generate_gensecret_object_valid2[] = {
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]1998 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]1999 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2000};
2001
2002
2003/* Valid template to generate an all AES purpose key */
2004static CK_ATTRIBUTE cktest_generate_aes_object[] = {
2005 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
2006 sizeof(CK_OBJECT_CLASS) },
2007 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
2008 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2009 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2010 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
2011};
2012
2013static void xtest_pkcs11_test_1010(ADBG_Case_t *c)
2014{
2015 CK_RV rv = CKR_GENERAL_ERROR;
2016 CK_SLOT_ID slot = 0;
2017 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2018 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2019 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
2020 struct mac_test const *test = &cktest_mac_cases[0];
2021 uint8_t out[512] = { 0 };
2022 CK_ULONG out_len = 512;
2023
2024 rv = init_lib_and_find_token_slot(&slot);
2025 if (!ADBG_EXPECT_CK_OK(c, rv))
2026 return;
2027
2028 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2029 if (!ADBG_EXPECT_CK_OK(c, rv))
2030 goto close_lib;
2031
2032 /*
2033 * Generate Generic Secret key using invalid templates
2034 */
2035 Do_ADBG_BeginSubCase(c, "Generate Secret Key with Invalid Templates");
2036
2037 /* NULL Template with !null template length */
2038 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism, NULL,
2039 3, &key_handle);
2040 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
2041 goto err;
2042
2043 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2044 cktest_generate_gensecret_object_error1,
2045 ARRAY_SIZE(cktest_generate_gensecret_object_error1),
2046 &key_handle);
2047 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2048 goto err;
2049
2050 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2051 cktest_generate_gensecret_object_error2,
2052 ARRAY_SIZE(cktest_generate_gensecret_object_error2),
2053 &key_handle);
2054 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCOMPLETE, rv))
2055 goto err;
2056
2057 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2058 cktest_generate_gensecret_object_error3,
2059 ARRAY_SIZE(cktest_generate_gensecret_object_error3),
2060 &key_handle);
2061 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2062 goto err;
2063
2064 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2065 cktest_generate_gensecret_object_error4,
2066 ARRAY_SIZE(cktest_generate_gensecret_object_error4),
2067 &key_handle);
2068 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2069 goto err;
2070
2071 Do_ADBG_EndSubCase(c, NULL);
2072
2073 /*
2074 * Generate a Generic Secret object.
2075 * Try to encrypt with, it should fail...
2076 */
2077 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Encrypting");
2078
2079 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2080 cktest_generate_gensecret_object_valid1,
2081 ARRAY_SIZE(cktest_generate_gensecret_object_valid1),
2082 &key_handle);
2083 if (!ADBG_EXPECT_CK_OK(c, rv))
2084 goto err;
2085
2086 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2087 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_FUNCTION_NOT_PERMITTED, rv))
2088 goto err_destr_obj;
2089
2090 rv = C_DestroyObject(session, key_handle);
2091 if (!ADBG_EXPECT_CK_OK(c, rv))
2092 goto err;
2093
2094 Do_ADBG_EndSubCase(c, NULL);
2095
2096 /*
2097 * Generate a Generic Secret object.
2098 * Try to sign with it, it should pass...
2099 */
2100 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Signing");
2101 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2102 cktest_generate_gensecret_object_valid2,
2103 ARRAY_SIZE(cktest_generate_gensecret_object_valid2),
2104 &key_handle);
2105 if (!ADBG_EXPECT_CK_OK(c, rv))
2106 goto err;
2107
2108 rv = C_SignInit(session, test->mechanism, key_handle);
2109 if (!ADBG_EXPECT_CK_OK(c, rv))
2110 goto err_destr_obj;
2111
2112 rv = C_Sign(session, (void *)test->in, test->in_len,
2113 (void *)out, &out_len);
2114 if (!ADBG_EXPECT_CK_OK(c, rv))
2115 goto err_destr_obj;
2116
2117 rv = C_DestroyObject(session, key_handle);
2118 if (!ADBG_EXPECT_CK_OK(c, rv))
2119 goto err;
2120
2121 Do_ADBG_EndSubCase(c, NULL);
2122
2123 /*
2124 * Generate a 128 bit AES Secret Key.
2125 * Try to encrypt with, it should pass...
2126 */
2127 Do_ADBG_BeginSubCase(c, "Generate AES Key - Try Encrypting");
2128
2129 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
2130 cktest_generate_aes_object,
2131 ARRAY_SIZE(cktest_generate_aes_object),
2132 &key_handle);
2133 if (!ADBG_EXPECT_CK_OK(c, rv))
2134 goto err;
2135
2136 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2137 if (!ADBG_EXPECT_CK_OK(c, rv))
2138 goto err_destr_obj;
2139
2140 rv = C_EncryptFinal(session, NULL, NULL);
2141 /* Only check that the operation is no more active */
2142 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
2143 goto err;
2144
2145 rv = C_DestroyObject(session, key_handle);
2146 if (!ADBG_EXPECT_CK_OK(c, rv))
2147 goto err;
2148
2149 Do_ADBG_EndSubCase(c, NULL);
2150
2151 goto out;
2152
2153err_destr_obj:
2154 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
2155err:
2156 Do_ADBG_EndSubCase(c, NULL);
2157out:
2158 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2159close_lib:
2160 ADBG_EXPECT_CK_OK(c, close_lib());
2161}
2162ADBG_CASE_DEFINE(pkcs11, 1010, xtest_pkcs11_test_1010,
2163 "PKCS11: Key Generation");
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2164
2165static CK_RV create_data_object(CK_SESSION_HANDLE session,
2166 CK_OBJECT_HANDLE *obj_handle,
2167 CK_BBOOL token, CK_BBOOL private,
2168 const char *label)
2169{
2170 CK_OBJECT_CLASS class = CKO_DATA;
2171 CK_ATTRIBUTE object_template[] = {
2172 { CKA_CLASS, &class, sizeof(CK_OBJECT_CLASS) },
2173 { CKA_TOKEN, &token, sizeof(CK_BBOOL) },
2174 { CKA_PRIVATE, &private, sizeof(CK_BBOOL) },
2175 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2176 };
2177
2178 return C_CreateObject(session, object_template,
2179 ARRAY_SIZE(object_template), obj_handle);
2180}
2181
2182static CK_RV test_find_objects(ADBG_Case_t *c, CK_SESSION_HANDLE session,
2183 CK_ATTRIBUTE_PTR find_template,
2184 CK_ULONG attr_count,
2185 CK_OBJECT_HANDLE_PTR obj_found,
2186 CK_ULONG obj_count,
2187 CK_ULONG expected_cnt)
2188{
2189 CK_RV rv = CKR_GENERAL_ERROR;
2190 CK_ULONG hdl_count = 0;
2191
2192 rv = C_FindObjectsInit(session, find_template, attr_count);
2193 if (!ADBG_EXPECT_CK_OK(c, rv))
2194 return rv;
2195
2196 rv = C_FindObjects(session, obj_found, obj_count, &hdl_count);
2197 if (!ADBG_EXPECT_CK_OK(c, rv))
2198 return rv;
2199 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, expected_cnt))
2200 return CKR_GENERAL_ERROR;
2201
2202 rv = C_FindObjectsFinal(session);
2203 if (!ADBG_EXPECT_CK_OK(c, rv))
2204 return rv;
2205
2206 return rv;
2207}
2208
2209static void destroy_persistent_objects(ADBG_Case_t *c, CK_SLOT_ID slot)
2210{
2211 uint32_t rv = CKR_GENERAL_ERROR;
2212 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2213 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2214 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2215 CK_ULONG count = 1;
2216 CK_ATTRIBUTE cktest_find_all_token_objs[] = {
2217 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2218 };
2219
2220 rv = init_user_test_token(slot);
2221 if (!ADBG_EXPECT_CK_OK(c, rv))
2222 return;
2223
2224 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2225 if (!ADBG_EXPECT_CK_OK(c, rv))
2226 return;
2227
2228 /* Login to destroy private objects */
2229 rv = C_Login(session, CKU_USER, test_token_user_pin,
2230 sizeof(test_token_user_pin));
2231 if (!ADBG_EXPECT_CK_OK(c, rv))
2232 goto bail;
2233
2234 rv = C_FindObjectsInit(session, cktest_find_all_token_objs,
2235 ARRAY_SIZE(cktest_find_all_token_objs));
2236 if (!ADBG_EXPECT_CK_OK(c, rv))
2237 goto bail;
2238
2239 while (1) {
2240 rv = C_FindObjects(session, &obj_hdl, 1, &count);
2241 if (!ADBG_EXPECT_CK_OK(c, rv))
2242 goto bail;
2243 if (!count)
2244 break;
2245
2246 rv = C_DestroyObject(session, obj_hdl);
2247 ADBG_EXPECT_CK_OK(c, rv);
2248 }
2249
2250 rv = C_FindObjectsFinal(session);
2251 ADBG_EXPECT_CK_OK(c, rv);
2252
2253 rv = C_Logout(session);
2254 ADBG_EXPECT_CK_OK(c, rv);
2255
2256bail:
2257 rv = C_CloseSession(session);
2258 ADBG_EXPECT_CK_OK(c, rv);
2259}
2260
2261static void xtest_pkcs11_test_1011(ADBG_Case_t *c)
2262{
2263 CK_RV rv = CKR_GENERAL_ERROR;
2264 CK_SLOT_ID slot = 0;
2265 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2266 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2267 CK_OBJECT_HANDLE obj_hdl[10] = { };
2268 CK_OBJECT_HANDLE obj_found[10] = { };
2269 const char *label = "Common Label";
2270 CK_ULONG hdl_count = 0;
2271 size_t n = 0;
2272 uint32_t i = 0;
2273 uint32_t object_id = 0;
2274 bool logged_in = false;
2275 CK_ATTRIBUTE find_template[] = {
2276 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2277 };
2278 CK_ATTRIBUTE find_token_template[] = {
2279 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2280 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2281 };
2282 CK_ATTRIBUTE find_session_template[] = {
2283 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2284 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
2285 };
2286 CK_BBOOL bToken = CK_FALSE;
2287 CK_ATTRIBUTE get_attr_template[] = {
2288 { CKA_TOKEN, &bToken, sizeof(bToken) },
2289 };
2290
2291 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
2292 obj_hdl[n] = CK_INVALID_HANDLE;
2293 for (n = 0; n < ARRAY_SIZE(obj_found); n++)
2294 obj_found[n] = CK_INVALID_HANDLE;
2295
2296 rv = init_lib_and_find_token_slot(&slot);
2297 if (!ADBG_EXPECT_CK_OK(c, rv))
2298 return;
2299
2300 rv = init_test_token(slot);
2301 if (!ADBG_EXPECT_CK_OK(c, rv))
2302 return;
2303
2304 rv = init_user_test_token(slot);
2305 if (!ADBG_EXPECT_CK_OK(c, rv))
2306 return;
2307
2308 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2309 if (!ADBG_EXPECT_CK_OK(c, rv))
2310 goto close_lib;
2311
2312 /*
2313 * Sub test: Create Session Public/Private,
2314 * Token Public/Private objects and find them
2315 */
2316 Do_ADBG_BeginSubCase(c, "Find created Data objects when logged in");
2317
2318 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2319 rv = create_data_object(session, &obj_hdl[object_id++], CK_FALSE,
2320 CK_FALSE, label);
2321 if (!ADBG_EXPECT_CK_OK(c, rv))
2322 goto out;
2323
2324 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2325 rv = create_data_object(session, &obj_hdl[object_id++], CK_TRUE,
2326 CK_FALSE, label);
2327 if (!ADBG_EXPECT_CK_OK(c, rv))
2328 goto out;
2329
2330 /*
2331 * Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE
2332 * Expected error as User not logged in
2333 */
2334 rv = create_data_object(session, &obj_hdl[object_id], CK_TRUE,
2335 CK_TRUE, label);
2336 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2337 goto out;
2338
2339 /* Login to Test Token */
2340 rv = C_Login(session, CKU_USER, test_token_user_pin,
2341 sizeof(test_token_user_pin));
2342 if (!ADBG_EXPECT_CK_OK(c, rv))
2343 goto out;
2344
2345 logged_in = true;
2346
2347 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
2348 rv = create_data_object(session, &obj_hdl[object_id++], CK_TRUE,
2349 CK_TRUE, label);
2350 if (!ADBG_EXPECT_CK_OK(c, rv))
2351 goto out;
2352
2353 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2354 rv = create_data_object(session, &obj_hdl[object_id++], CK_FALSE,
2355 CK_TRUE, label);
2356 if (!ADBG_EXPECT_CK_OK(c, rv))
2357 goto out;
2358
2359 rv = test_find_objects(c, session, find_template,
2360 ARRAY_SIZE(find_template),
2361 obj_found, ARRAY_SIZE(obj_found), 4);
2362 if (!ADBG_EXPECT_CK_OK(c, rv))
2363 goto out;
2364
2365 /*
2366 * Check if object handles returned when creating objects with this
2367 * session are still valid
2368 */
2369 for (i = 0; i < object_id; i++) {
2370 rv = C_GetAttributeValue(session, obj_hdl[i], get_attr_template,
2371 ARRAY_SIZE(get_attr_template));
2372 if (!ADBG_EXPECT_CK_OK(c, rv))
2373 goto out;
2374 }
2375
2376 Do_ADBG_EndSubCase(c, NULL);
2377
2378 /*
2379 * Sub test: Pass NULL template with count as 0. All objects should
2380 * get returned
2381 */
2382 Do_ADBG_BeginSubCase(c, "Find all objects by passing NULL template");
2383
2384 rv = test_find_objects(c, session, NULL, 0, obj_found,
2385 ARRAY_SIZE(obj_found), 4);
2386 if (!ADBG_EXPECT_CK_OK(c, rv))
2387 goto out;
2388
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2389 Do_ADBG_EndSubCase(c, NULL);
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2390
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2391 /*
2392 * Sub test: finalize search without getting the handles found
2393 */
2394 Do_ADBG_BeginSubCase(c, "Initiate and finalize straight a search");
2395
2396 rv = C_FindObjectsInit(session, find_template,
2397 ARRAY_SIZE(find_template));
2398 if (!ADBG_EXPECT_CK_OK(c, rv))
2399 goto out;
2400
2401 rv = C_FindObjectsFinal(session);
2402 if (!ADBG_EXPECT_CK_OK(c, rv))
2403 goto out;
2404
2405 /*
2406 * Check if object handles returned when creating objects with this
2407 * session are still valid
2408 */
2409 for (i = 0; i < object_id; i++) {
2410 rv = C_GetAttributeValue(session, obj_hdl[i], get_attr_template,
2411 ARRAY_SIZE(get_attr_template));
2412 if (!ADBG_EXPECT_CK_OK(c, rv))
2413 goto out;
2414 }
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2415 Do_ADBG_EndSubCase(c, NULL);
2416
2417 /*
2418 * Sub test: Logout and find objects. We will find only public
2419 * objects (2)
2420 */
2421 Do_ADBG_BeginSubCase(c, "Find created Data objects when logged out");
2422
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2423 rv = C_Logout(session);
2424 ADBG_EXPECT_CK_OK(c, rv);
2425
2426 logged_in = false;
2427
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2428 rv = test_find_objects(c, session, find_template,
2429 ARRAY_SIZE(find_template),
2430 obj_found, ARRAY_SIZE(obj_found), 2);
2431 if (!ADBG_EXPECT_CK_OK(c, rv))
2432 goto out;
2433
2434 Do_ADBG_EndSubCase(c, NULL);
2435
2436 /*
2437 * Sub test
2438 */
2439 Do_ADBG_BeginSubCase(c, "Find objects 1 by 1 and match handles");
2440
2441 for (n = 0; n < ARRAY_SIZE(obj_found); n++)
2442 obj_found[n] = CK_INVALID_HANDLE;
2443
2444 rv = C_FindObjectsInit(session, find_template,
2445 ARRAY_SIZE(find_template));
2446 if (!ADBG_EXPECT_CK_OK(c, rv))
2447 goto out;
2448
2449 rv = C_FindObjects(session, obj_found, 1, &hdl_count);
2450 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2451 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 1) ||
2452 !ADBG_EXPECT_TRUE(c, (obj_found[0] == obj_hdl[0]) ||
2453 (obj_found[0] == obj_hdl[1])))
2454 goto out;
2455
2456 rv = C_FindObjects(session, &obj_found[1], 1, &hdl_count);
2457 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2458 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 1) ||
2459 !ADBG_EXPECT_TRUE(c, (obj_found[1] == obj_hdl[0]) ||
2460 (obj_found[1] == obj_hdl[1])) ||
2461 !ADBG_EXPECT_TRUE(c, (obj_found[1] != obj_found[0])))
2462 goto out;
2463
2464 rv = C_FindObjects(session, obj_found, 1, &hdl_count);
2465 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2466 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 0))
2467 goto out;
2468
2469 rv = C_FindObjectsFinal(session);
2470 if (!ADBG_EXPECT_CK_OK(c, rv))
2471 goto out;
2472
2473 Do_ADBG_EndSubCase(c, NULL);
2474
2475 /*
2476 * Sub test: Find objects with CKA_TOKEN=TRUE
2477 */
2478 Do_ADBG_BeginSubCase(c, "Find persistent objects");
2479
2480 rv = test_find_objects(c, session, find_token_template,
2481 ARRAY_SIZE(find_token_template),
2482 obj_found, ARRAY_SIZE(obj_found), 1);
2483 if (!ADBG_EXPECT_CK_OK(c, rv))
2484 goto out;
2485
2486 Do_ADBG_EndSubCase(c, NULL);
2487
2488 /*
2489 * Sub test: Find only session objects
2490 */
2491 Do_ADBG_BeginSubCase(c, "Find session objects");
2492
2493 rv = test_find_objects(c, session, find_session_template,
2494 ARRAY_SIZE(find_session_template),
2495 obj_found, ARRAY_SIZE(obj_found), 1);
2496 if (!ADBG_EXPECT_CK_OK(c, rv))
2497 goto out;
2498
2499 Do_ADBG_EndSubCase(c, NULL);
2500
2501 /*
2502 * Sub test:
2503 */
2504 Do_ADBG_BeginSubCase(c, "Login again and find Data objects");
2505
2506 /* Login to Test Token */
2507 rv = C_Login(session, CKU_USER, test_token_user_pin,
2508 sizeof(test_token_user_pin));
2509 if (!ADBG_EXPECT_CK_OK(c, rv))
2510 goto out;
2511
2512 logged_in = true;
2513
2514 rv = test_find_objects(c, session, find_template,
2515 ARRAY_SIZE(find_template),
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2516 obj_found, ARRAY_SIZE(obj_found), 3);
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2517 if (!ADBG_EXPECT_CK_OK(c, rv))
2518 goto out;
2519
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2520 rv = C_Logout(session);
2521 ADBG_EXPECT_CK_OK(c, rv);
2522
2523 logged_in = false;
2524
2525 Do_ADBG_EndSubCase(c, NULL);
2526
2527 /*
2528 * Sub test: Close session and open new session, find objects
2529 * without logging and after logging
2530 */
2531 Do_ADBG_BeginSubCase(c, "Find objects from brand new session");
2532
2533 rv = C_CloseSession(session);
2534 if (!ADBG_EXPECT_CK_OK(c, rv))
2535 goto destr_obj;
2536
2537 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2538 if (!ADBG_EXPECT_CK_OK(c, rv))
2539 goto destr_obj;
2540
2541 rv = test_find_objects(c, session, find_template,
2542 ARRAY_SIZE(find_template),
2543 obj_found, ARRAY_SIZE(obj_found), 1);
2544 if (!ADBG_EXPECT_CK_OK(c, rv))
2545 goto out;
2546
2547 /* Login to Test Token */
2548 rv = C_Login(session, CKU_USER, test_token_user_pin,
2549 sizeof(test_token_user_pin));
2550 if (!ADBG_EXPECT_CK_OK(c, rv))
2551 goto out;
2552
2553 logged_in = true;
2554
2555 rv = test_find_objects(c, session, find_template,
2556 ARRAY_SIZE(find_template),
2557 obj_found, ARRAY_SIZE(obj_found), 2);
2558 if (!ADBG_EXPECT_CK_OK(c, rv))
2559 goto out;
2560
2561 rv = C_Logout(session);
2562 ADBG_EXPECT_CK_OK(c, rv);
2563
2564 logged_in = false;
2565
2566 Do_ADBG_EndSubCase(c, NULL);
2567
2568 /*
2569 * Sub test: invalid call cases
2570 */
2571 Do_ADBG_BeginSubCase(c, "Invalid cases");
2572
2573 rv = C_FindObjectsFinal(session);
2574 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
2575
2576 rv = C_FindObjects(session,
2577 obj_found, ARRAY_SIZE(obj_found), &hdl_count);
2578 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
2579
2580 rv = C_FindObjectsInit(session, find_template,
2581 ARRAY_SIZE(find_template));
2582 if (!ADBG_EXPECT_CK_OK(c, rv))
2583 goto out;
2584
2585 rv = C_FindObjectsInit(session, find_template,
2586 ARRAY_SIZE(find_template));
2587 ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK);
2588
2589 rv = C_FindObjectsFinal(session);
2590 ADBG_EXPECT_CK_OK(c, rv);
2591
2592 rv = C_FindObjectsInit(session, find_template,
2593 ARRAY_SIZE(find_template));
2594 ADBG_EXPECT_CK_OK(c, rv);
2595
2596 /*
2597 * Intentionally do not finalize the active object search. It should be
2598 * released together with the session closure.
2599 */
2600 Do_ADBG_EndSubCase(c, NULL);
2601
2602out:
2603 if (logged_in)
2604 ADBG_EXPECT_CK_OK(c, C_Logout(session));
2605
2606 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2607
2608destr_obj:
2609 destroy_persistent_objects(c, slot);
2610close_lib:
2611 ADBG_EXPECT_CK_OK(c, close_lib());
2612}
2613ADBG_CASE_DEFINE(pkcs11, 1011, xtest_pkcs11_test_1011,
2614 "PKCS11: Test Find Objects");
Vesa Jääskeläinen33ada292021-01-13 23:17:55 +0200[diff] [blame]2615
2616static void xtest_pkcs11_test_1012(ADBG_Case_t *c)
2617{
2618 CK_RV rv = CKR_GENERAL_ERROR;
2619 CK_SLOT_ID slot = 0;
2620 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2621 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2622 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2623 CK_OBJECT_HANDLE key_hdl = CK_INVALID_HANDLE;
2624 size_t i = 0;
2625
2626 CK_OBJECT_CLASS obj_class = CKO_DATA;
2627 CK_BBOOL obj_token = CK_FALSE;
2628 CK_BBOOL obj_private = CK_FALSE;
2629 uint8_t obj_value[5] = { 1, 2, 3, 4, 5 };
2630 const char *obj_label = "Label";
2631
2632 CK_ATTRIBUTE object_template[] = {
2633 { CKA_CLASS, &obj_class, sizeof(obj_class) },
2634 { CKA_TOKEN, &obj_token, sizeof(obj_token) },
2635 { CKA_PRIVATE, &obj_private, sizeof(obj_private) },
2636 { CKA_VALUE, obj_value, sizeof(obj_value) },
2637 { CKA_LABEL, (CK_UTF8CHAR_PTR)obj_label, strlen(obj_label) },
2638 };
2639
2640 CK_OBJECT_CLASS secret_class = CKO_SECRET_KEY;
2641 CK_BBOOL secret_token = CK_FALSE;
2642 CK_BBOOL secret_private = CK_FALSE;
2643 CK_KEY_TYPE secret_key_type = CKK_GENERIC_SECRET;
2644 CK_ULONG secret_len = 32;
2645 CK_MECHANISM_TYPE secret_allowed_mecha[] = { CKM_SHA_1_HMAC,
2646 CKM_SHA224_HMAC,
2647 CKM_SHA256_HMAC };
2648
2649 CK_ATTRIBUTE secret_template[] = {
2650 { CKA_CLASS, &secret_class, sizeof(secret_class) },
2651 { CKA_TOKEN, &secret_token, sizeof(secret_token) },
2652 { CKA_PRIVATE, &secret_private, sizeof(secret_private) },
2653 { CKA_KEY_TYPE, &secret_key_type, sizeof(secret_key_type) },
2654 { CKA_VALUE_LEN, &secret_len, sizeof(secret_len) },
2655 { CKA_ALLOWED_MECHANISMS, secret_allowed_mecha,
2656 sizeof(secret_allowed_mecha) }
2657 };
2658
2659 CK_BBOOL g_token = CK_TRUE;
2660 CK_BBOOL g_private = CK_TRUE;
2661 CK_OBJECT_CLASS g_class = ~0;
2662 uint8_t g_value[128] = { 0 };
2663 CK_MECHANISM_TYPE g_mecha_list[10] = { 0 };
2664
2665 uint8_t *data_ptr = NULL;
2666
2667 CK_ATTRIBUTE get_attr_template_bc[] = {
2668 { CKA_TOKEN, &g_token, sizeof(g_token) },
2669 { CKA_CLASS, &g_class, sizeof(g_class) },
2670 };
2671
2672 CK_ATTRIBUTE get_attr_template_cb[] = {
2673 { CKA_CLASS, &g_class, sizeof(g_class) },
2674 { CKA_TOKEN, &g_token, sizeof(g_token) },
2675 };
2676
2677 CK_ATTRIBUTE get_attr_template_ve[] = {
2678 { CKA_VALUE, &g_value, sizeof(obj_value) },
2679 };
2680
2681 CK_ATTRIBUTE get_attr_template_vl[] = {
2682 { CKA_VALUE, &g_value, sizeof(g_value) },
2683 };
2684
2685 CK_ATTRIBUTE get_attr_template_bvecb[] = {
2686 { CKA_TOKEN, &g_token, sizeof(g_token) },
2687 { CKA_VALUE, &g_value, sizeof(obj_value) },
2688 { CKA_CLASS, &g_class, sizeof(g_class) },
2689 { CKA_TOKEN, &g_private, sizeof(g_private) },
2690 };
2691
2692 CK_ATTRIBUTE get_attr_template_bvlcb[] = {
2693 { CKA_TOKEN, &g_token, sizeof(g_token) },
2694 { CKA_VALUE, &g_value, sizeof(g_value) },
2695 { CKA_CLASS, &g_class, sizeof(g_class) },
2696 { CKA_TOKEN, &g_private, sizeof(g_private) },
2697 };
2698
2699 CK_ATTRIBUTE get_attr_template_am[] = {
2700 { CKA_ALLOWED_MECHANISMS, &g_mecha_list, sizeof(g_mecha_list) },
2701 };
2702
2703 rv = init_lib_and_find_token_slot(&slot);
2704 if (!ADBG_EXPECT_CK_OK(c, rv))
2705 return;
2706
2707 rv = init_test_token(slot);
2708 if (!ADBG_EXPECT_CK_OK(c, rv))
2709 goto close_lib;
2710
2711 rv = init_user_test_token(slot);
2712 if (!ADBG_EXPECT_CK_OK(c, rv))
2713 goto close_lib;
2714
2715 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2716 if (!ADBG_EXPECT_CK_OK(c, rv))
2717 goto close_lib;
2718
2719 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2720 rv = C_CreateObject(session, object_template,
2721 ARRAY_SIZE(object_template), &obj_hdl);
2722 if (!ADBG_EXPECT_CK_OK(c, rv))
2723 goto out;
2724
2725 /*
2726 * Sub test: Test Boolean (1 byte) + object class (CK_ULONG)
2727 */
2728 Do_ADBG_BeginSubCase(c, "Get Attribute - boolean + class");
2729 g_token = CK_TRUE;
2730 g_class = ~0;
2731
2732 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bc,
2733 ARRAY_SIZE(get_attr_template_bc));
2734 if (!ADBG_EXPECT_CK_OK(c, rv))
2735 goto out;
2736
2737 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2738 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2739
2740 Do_ADBG_EndSubCase(c, NULL);
2741
2742 /*
2743 * Sub test: object class (CK_ULONG) + Test Boolean (1 byte)
2744 */
2745 Do_ADBG_BeginSubCase(c, "Get Attribute - class + boolean");
2746 g_token = CK_TRUE;
2747 g_class = ~0;
2748
2749 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_cb,
2750 ARRAY_SIZE(get_attr_template_cb));
2751 if (!ADBG_EXPECT_CK_OK(c, rv))
2752 goto out;
2753
2754 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2755 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2756
2757 Do_ADBG_EndSubCase(c, NULL);
2758
2759 /*
2760 * Sub test: value with exact size
2761 */
2762 Do_ADBG_BeginSubCase(c, "Get Attribute - value with exact size buffer");
2763 memset(g_value, 0xCC, sizeof(g_value));
2764
2765 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_ve,
2766 ARRAY_SIZE(get_attr_template_ve));
2767 if (!ADBG_EXPECT_CK_OK(c, rv))
2768 goto out;
2769
2770 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_ve[0].ulValueLen, ==, sizeof(obj_value));
2771 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2772 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2773 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2774 break;
2775
2776 Do_ADBG_EndSubCase(c, NULL);
2777
2778 /*
2779 * Sub test: value with larger buffer
2780 */
2781 Do_ADBG_BeginSubCase(c, "Get Attribute - value with larger buffer");
2782 memset(g_value, 0xCC, sizeof(g_value));
2783
2784 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_vl,
2785 ARRAY_SIZE(get_attr_template_vl));
2786 if (!ADBG_EXPECT_CK_OK(c, rv))
2787 goto out;
2788
2789 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_vl[0].ulValueLen, ==, sizeof(obj_value));
2790 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2791 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2792 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2793 break;
2794
2795 Do_ADBG_EndSubCase(c, NULL);
2796
2797 /*
2798 * Sub test: bool + value with exact size + class + bool
2799 */
2800 Do_ADBG_BeginSubCase(c, "Get Attribute - bool + value with exact size + class + bool");
2801 memset(g_value, 0xCC, sizeof(g_value));
2802 g_token = CK_TRUE;
2803 g_private = CK_TRUE;
2804 g_class = ~0;
2805
2806 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bvecb,
2807 ARRAY_SIZE(get_attr_template_bvecb));
2808 if (!ADBG_EXPECT_CK_OK(c, rv))
2809 goto out;
2810
2811 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_bvecb[1].ulValueLen,
2812 ==, sizeof(obj_value));
2813 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2814 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2815 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2816 break;
2817
2818 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2819 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2820 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE);
2821
2822 Do_ADBG_EndSubCase(c, NULL);
2823
2824 /*
2825 * Sub test: bool + value with larger buffer + class + bool
2826 */
2827 Do_ADBG_BeginSubCase(c, "Get Attribute - bool + value with larger buffer + class + bool");
2828 memset(g_value, 0xCC, sizeof(g_value));
2829 g_token = CK_TRUE;
2830 g_private = CK_TRUE;
2831 g_class = ~0;
2832
2833 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bvlcb,
2834 ARRAY_SIZE(get_attr_template_bvlcb));
2835 if (!ADBG_EXPECT_CK_OK(c, rv))
2836 goto out;
2837
2838 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_bvlcb[1].ulValueLen,
2839 ==, sizeof(obj_value));
2840 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2841 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2842 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2843 break;
2844
2845 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2846 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2847 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE);
2848
2849 Do_ADBG_EndSubCase(c, NULL);
2850
2851 /*
2852 * Sub test: allowed mechanism list
2853 */
2854 Do_ADBG_BeginSubCase(c, "Get Attribute - allowed mechanism list");
2855 memset(g_mecha_list, 0xCC, sizeof(g_mecha_list));
2856
2857 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2858 secret_template, ARRAY_SIZE(secret_template),
2859 &key_hdl);
2860 if (!ADBG_EXPECT_CK_OK(c, rv))
2861 goto out;
2862
2863 rv = C_GetAttributeValue(session, key_hdl, get_attr_template_am,
2864 ARRAY_SIZE(get_attr_template_am));
2865 if (!ADBG_EXPECT_CK_OK(c, rv))
2866 goto out;
2867
2868 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_am[0].ulValueLen, ==,
2869 sizeof(secret_allowed_mecha));
2870
2871 for (i = 0; i < sizeof(secret_allowed_mecha) / sizeof(*secret_allowed_mecha); i++)
2872 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_mecha_list[i], ==, secret_allowed_mecha[i]))
2873 break;
2874
2875 data_ptr = (uint8_t *)g_mecha_list;
2876 for (i = sizeof(secret_allowed_mecha); i < sizeof(g_mecha_list); i++)
2877 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, data_ptr[i], ==, 0xCC))
2878 break;
2879
2880 Do_ADBG_EndSubCase(c, NULL);
2881
2882out:
2883 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2884
2885close_lib:
2886 ADBG_EXPECT_CK_OK(c, close_lib());
2887}
2888ADBG_CASE_DEFINE(pkcs11, 1012, xtest_pkcs11_test_1012,
2889 "PKCS11: Serializer tests");
Ruchika Guptafdabbfa2021-01-25 11:55:18 +0530[diff] [blame]2890
2891static void xtest_pkcs11_test_1013(ADBG_Case_t *c)
2892{
2893 CK_RV rv = CKR_GENERAL_ERROR;
2894 CK_SLOT_ID slot = 0;
2895 CK_SESSION_HANDLE rw_session = CK_INVALID_HANDLE;
2896 CK_SESSION_HANDLE ro_session = CK_INVALID_HANDLE;
2897 CK_FLAGS rw_session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2898 CK_FLAGS ro_session_flags = CKF_SERIAL_SESSION;
2899 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2900 const char *label = "Dummy Objects";
2901 bool ro_logged_in = false;
2902
2903 rv = init_lib_and_find_token_slot(&slot);
2904 if (!ADBG_EXPECT_CK_OK(c, rv))
2905 return;
2906
2907 rv = init_test_token(slot);
2908 if (!ADBG_EXPECT_CK_OK(c, rv))
2909 goto close_lib;
2910
2911 rv = init_user_test_token(slot);
2912 if (!ADBG_EXPECT_CK_OK(c, rv))
2913 goto close_lib;
2914
2915 /* Open a RW session */
2916 rv = C_OpenSession(slot, rw_session_flags, NULL, 0, &rw_session);
2917 if (!ADBG_EXPECT_CK_OK(c, rv))
2918 goto close_lib;
2919
2920 /* Open a RO session */
2921 rv = C_OpenSession(slot, ro_session_flags, NULL, 0, &ro_session);
2922 if (!ADBG_EXPECT_CK_OK(c, rv))
2923 goto close_lib;
2924
2925 /*
2926 * Sub test: Check object creation from a R/O Public session
2927 */
2928 Do_ADBG_BeginSubCase(c, "Create objects in R/O Public Session");
2929
2930 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2931 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
2932 CK_FALSE, label);
2933 if (!ADBG_EXPECT_CK_OK(c, rv))
2934 goto out;
2935
2936 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2937 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
2938 CK_TRUE, label);
2939 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2940 goto out;
2941
2942 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2943 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
2944 CK_FALSE, label);
2945 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
2946 goto out;
2947
2948 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
2949 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
2950 CK_TRUE, label);
2951 /* For Token object creation, SESSION_READ_ONLY will take priority */
2952 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
2953 goto out;
2954
2955 Do_ADBG_EndSubCase(c, NULL);
2956
2957 /*
2958 * Sub test: Check access for a R/W Public session
2959 */
2960 Do_ADBG_BeginSubCase(c, "Create objects in R/O Public Session");
2961
2962 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2963 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
2964 CK_FALSE, label);
2965 if (!ADBG_EXPECT_CK_OK(c, rv))
2966 goto out;
2967
2968 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2969 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
2970 CK_TRUE, label);
2971 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2972 goto out;
2973
2974 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2975 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
2976 CK_FALSE, label);
2977 if (!ADBG_EXPECT_CK_OK(c, rv))
2978 goto out;
2979
2980 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
2981 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
2982 CK_TRUE, label);
2983 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2984 goto out;
2985
2986 Do_ADBG_EndSubCase(c, NULL);
2987
2988 /*
2989 * Sub test: Check access for a R/O User session
2990 */
2991 Do_ADBG_BeginSubCase(c, "Create objects in R/O User Session");
2992
2993 /* Login to Test Token */
2994 rv = C_Login(ro_session, CKU_USER, test_token_user_pin,
2995 sizeof(test_token_user_pin));
2996 if (!ADBG_EXPECT_CK_OK(c, rv))
2997 goto out;
2998
2999 ro_logged_in = true;
3000
3001 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3002 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3003 CK_FALSE, label);
3004 if (!ADBG_EXPECT_CK_OK(c, rv))
3005 goto out;
3006
3007 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3008 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3009 CK_TRUE, label);
3010 if (!ADBG_EXPECT_CK_OK(c, rv))
3011 goto out;
3012
3013 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3014 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3015 CK_FALSE, label);
3016 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3017 goto out;
3018
3019 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3020 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3021 CK_TRUE, label);
3022 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3023 goto out;
3024
3025 Do_ADBG_EndSubCase(c, NULL);
3026
3027 /*
3028 * Sub test: Check access for a R/W User session
3029 */
3030 Do_ADBG_BeginSubCase(c, "Create objects in R/W User Session");
3031
3032 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3033 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3034 CK_FALSE, label);
3035 if (!ADBG_EXPECT_CK_OK(c, rv))
3036 goto out;
3037
3038 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3039 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3040 CK_TRUE, label);
3041 if (!ADBG_EXPECT_CK_OK(c, rv))
3042 goto out;
3043
3044 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3045 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3046 CK_FALSE, label);
3047 if (!ADBG_EXPECT_CK_OK(c, rv))
3048 goto out;
3049
3050 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3051 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3052 CK_TRUE, label);
3053 if (!ADBG_EXPECT_CK_OK(c, rv))
3054 goto out;
3055
3056 /* Log out */
3057 ADBG_EXPECT_CK_OK(c, C_Logout(ro_session));
3058 ro_logged_in = false;
3059
3060 /* Close RO session */
3061 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3062 ro_session = CK_INVALID_HANDLE;
3063
3064 Do_ADBG_EndSubCase(c, NULL);
3065
3066 /*
3067 * Sub test: Check access for a R/W SO session
3068 */
3069 Do_ADBG_BeginSubCase(c, "Create objects in R/W SO Session");
3070
3071 /* Login as security officer in RW session */
3072 rv = C_Login(rw_session, CKU_SO, test_token_so_pin,
3073 sizeof(test_token_so_pin));
3074 if (!ADBG_EXPECT_CK_OK(c, rv))
3075 goto out;
3076
3077 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3078 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3079 CK_FALSE, label);
3080 if (!ADBG_EXPECT_CK_OK(c, rv))
3081 goto logout;
3082
3083 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3084 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3085 CK_TRUE, label);
3086 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3087 goto logout;
3088
3089 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3090 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3091 CK_FALSE, label);
3092 if (!ADBG_EXPECT_CK_OK(c, rv))
3093 goto logout;
3094
3095 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3096 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3097 CK_TRUE, label);
3098 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3099 goto logout;
3100
3101logout:
3102 ADBG_EXPECT_CK_OK(c, C_Logout(rw_session));
3103out:
3104 if (ro_logged_in)
3105 ADBG_EXPECT_CK_OK(c, C_Logout(ro_session));
3106
3107 if (ro_session != CK_INVALID_HANDLE)
3108 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3109
3110 ADBG_EXPECT_CK_OK(c, C_CloseSession(rw_session));
3111
3112 Do_ADBG_EndSubCase(c, NULL);
3113
3114 destroy_persistent_objects(c, slot);
3115close_lib:
3116 ADBG_EXPECT_CK_OK(c, close_lib());
3117
3118}
3119ADBG_CASE_DEFINE(pkcs11, 1013, xtest_pkcs11_test_1013,
3120 "PKCS11: Object creation upon session type");
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3121
3122static void xtest_pkcs11_test_1014(ADBG_Case_t *c)
3123{
3124 CK_RV rv = CKR_GENERAL_ERROR;
3125 CK_SLOT_ID slot = 0;
3126 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3127 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3128 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
3129 const char *id = "1";
3130 const char *label = "Dummy Objects";
3131 const char *new_label = "New Object lable";
3132 size_t n = 0;
3133 char *g_label[100] = { };
3134 char *g_id[100] = { };
3135 CK_MECHANISM_TYPE secret_allowed_mecha[] = { CKM_SHA_1_HMAC,
3136 CKM_SHA224_HMAC,
3137 CKM_SHA256_HMAC };
3138 CK_ATTRIBUTE secret_key_template[] = {
3139 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3140 sizeof(CK_OBJECT_CLASS) },
3141 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3142 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3143 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3144 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3145 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3146 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3147 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
3148 sizeof(CK_KEY_TYPE) },
3149 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]3150 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3151 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3152 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3153 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3154 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3155 { CKA_ALLOWED_MECHANISMS, secret_allowed_mecha,
3156 sizeof(secret_allowed_mecha) },
3157 };
3158 CK_BBOOL g_derive = CK_FALSE;
3159 CK_BBOOL g_sign = CK_FALSE;
3160 CK_BBOOL g_verify = CK_FALSE;
3161 CK_BBOOL g_encrypt = CK_FALSE;
3162 CK_BBOOL g_decrypt = CK_FALSE;
3163 CK_BBOOL g_wrap = CK_FALSE;
3164 CK_BBOOL g_unwrap = CK_FALSE;
3165 CK_ATTRIBUTE get_template[] = {
3166 { CKA_LABEL, (CK_UTF8CHAR_PTR)g_label, sizeof(g_label) },
3167 { CKA_ID, (CK_BYTE_PTR)g_id, sizeof(g_id) },
3168 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
3169 { CKA_SIGN, &g_sign, sizeof(CK_BBOOL) },
3170 { CKA_VERIFY, &g_verify, sizeof(CK_BBOOL) },
3171 { CKA_ENCRYPT, &g_encrypt, sizeof(CK_BBOOL) },
3172 { CKA_DECRYPT, &g_decrypt, sizeof(CK_BBOOL) },
3173 { CKA_WRAP, &g_wrap, sizeof(CK_BBOOL) },
3174 { CKA_UNWRAP, &g_unwrap, sizeof(CK_BBOOL) },
3175 };
3176 CK_ATTRIBUTE set_template[] = {
3177 { CKA_LABEL, (CK_UTF8CHAR_PTR)new_label, strlen(new_label) },
3178 { CKA_ID, (CK_BYTE_PTR)id, strlen(id) },
3179 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3180 { CKA_WRAP, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3181 { CKA_UNWRAP, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3182 { CKA_SIGN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3183 { CKA_VERIFY, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3184 { CKA_ENCRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3185 { CKA_DECRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3186 /* CKA_SENSITIVE -> CK_FALSE to CK_TRUE is allowed */
3187 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3188 /* CKA_EXTRACTABLE -> CK_TRUE to CK_FALSE is allowed */
3189 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3190 /* CKA_COPYABLE -> CK_TRUE to CK_FALSE is allowed */
3191 { CKA_COPYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3192 };
3193 CK_ATTRIBUTE set_inv_template1[] = {
3194 /* Attributes Not Modifiable */
3195 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA},
3196 sizeof(CK_OBJECT_CLASS) },
3197 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3198 { CKA_ALWAYS_SENSITIVE, &(CK_BBOOL){CK_FALSE},
3199 sizeof(CK_BBOOL) },
3200 { CKA_NEVER_EXTRACTABLE, &(CK_BBOOL){CK_FALSE},
3201 sizeof(CK_BBOOL) },
3202 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3203 { CKA_PRIVATE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3204 { CKA_MODIFIABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3205 { CKA_DESTROYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3206 /* Change not allowed from CK_TRUE -> CK_FALSE */
3207 { CKA_SENSITIVE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3208 /* Change not allowed from CK_FALSE -> CK_TRUE */
3209 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3210 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3211 };
3212 CK_ATTRIBUTE set_inv_template2[] = {
3213 { CKA_APPLICATION, (CK_UTF8CHAR_PTR)label, sizeof(label) },
3214 };
3215 CK_ATTRIBUTE set_trusted_template[] = {
3216 { CKA_TRUSTED, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3217 };
3218
3219 rv = init_lib_and_find_token_slot(&slot);
3220 if (!ADBG_EXPECT_CK_OK(c, rv))
3221 return;
3222
3223 rv = init_test_token(slot);
3224 if (!ADBG_EXPECT_CK_OK(c, rv))
3225 goto close_lib;
3226
3227 rv = init_user_test_token(slot);
3228 if (!ADBG_EXPECT_CK_OK(c, rv))
3229 goto close_lib;
3230
3231 /* Open a RW session */
3232 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3233 if (!ADBG_EXPECT_CK_OK(c, rv))
3234 goto close_lib;
3235
3236 /* Create a secret key object */
3237 rv = C_CreateObject(session, secret_key_template,
3238 ARRAY_SIZE(secret_key_template), &obj_hdl);
3239 if (!ADBG_EXPECT_CK_OK(c, rv))
3240 goto close_session;
3241
3242 Do_ADBG_BeginSubCase(c, "Set attributes on secret key object");
3243
3244 rv = C_GetAttributeValue(session, obj_hdl, get_template,
3245 ARRAY_SIZE(get_template));
3246 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3247 !ADBG_EXPECT_BUFFER(c, label, strlen(label), g_label,
3248 get_template[0].ulValueLen) ||
3249 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
3250 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_FALSE) ||
3251 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_FALSE) ||
3252 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_TRUE) ||
3253 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_TRUE) ||
3254 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_TRUE) ||
3255 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_TRUE) ||
3256 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_template[1].ulValueLen, ==, 0))
3257 goto out;
3258
3259 rv = C_SetAttributeValue(session, obj_hdl, set_template,
3260 ARRAY_SIZE(set_template));
3261 if (!ADBG_EXPECT_CK_OK(c, rv))
3262 goto out;
3263
3264 get_template[0].ulValueLen = sizeof(g_label);
3265 get_template[1].ulValueLen = sizeof(g_id);
3266 rv = C_GetAttributeValue(session, obj_hdl, get_template,
3267 ARRAY_SIZE(get_template));
3268 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3269 !ADBG_EXPECT_BUFFER(c, new_label, strlen(new_label), g_label,
3270 get_template[0].ulValueLen) ||
3271 !ADBG_EXPECT_BUFFER(c, id, strlen(id), g_id,
3272 get_template[1].ulValueLen) ||
3273 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_TRUE) ||
3274 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_TRUE) ||
3275 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_TRUE) ||
3276 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_FALSE) ||
3277 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_FALSE) ||
3278 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_FALSE) ||
3279 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_FALSE))
3280 goto out;
3281
3282 Do_ADBG_EndSubCase(c, NULL);
3283
3284 Do_ADBG_BeginSubCase(c, "Test Invalid template with R/O Attributes");
3285
3286 for (n = 0; n < ARRAY_SIZE(set_inv_template1); n++) {
3287 rv = C_SetAttributeValue(session, obj_hdl,
3288 &set_inv_template1[n], 1);
3289 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_READ_ONLY, rv))
3290 goto out;
3291 }
3292
3293 Do_ADBG_EndSubCase(c, NULL);
3294
3295 Do_ADBG_BeginSubCase(c, "Test Invalid template with Invalid Attribute");
3296
3297 rv = C_SetAttributeValue(session, obj_hdl, set_inv_template2,
3298 ARRAY_SIZE(set_inv_template2));
3299 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_TYPE_INVALID, rv))
3300 goto out;
3301
3302 Do_ADBG_EndSubCase(c, NULL);
3303
3304 Do_ADBG_BeginSubCase(c, "Set CKA_TRUSTED with and w/o SO Login");
3305
3306 rv = C_SetAttributeValue(session, obj_hdl, set_trusted_template,
3307 ARRAY_SIZE(set_trusted_template));
3308 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_READ_ONLY, rv))
3309 goto out;
3310
3311 /* Login as SO in RW session */
3312 rv = C_Login(session, CKU_SO, test_token_so_pin,
3313 sizeof(test_token_so_pin));
3314 if (!ADBG_EXPECT_CK_OK(c, rv))
3315 goto out;
3316
3317 rv = C_SetAttributeValue(session, obj_hdl, set_trusted_template,
3318 ARRAY_SIZE(set_trusted_template));
3319 ADBG_EXPECT_CK_OK(c, rv);
3320
3321 ADBG_EXPECT_CK_OK(c, C_Logout(session));
3322out:
3323 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, obj_hdl));
3324
3325 Do_ADBG_EndSubCase(c, NULL);
3326
3327close_session:
3328 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
3329
3330close_lib:
3331 ADBG_EXPECT_CK_OK(c, close_lib());
3332}
3333ADBG_CASE_DEFINE(pkcs11, 1014, xtest_pkcs11_test_1014,
3334 "PKCS11: Test C_SetAttributeValue()");
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3335
3336static void xtest_pkcs11_test_1015(ADBG_Case_t *c)
3337{
3338 CK_RV rv = CKR_GENERAL_ERROR;
3339 CK_SLOT_ID slot = 0;
3340 CK_SESSION_HANDLE rw_session = CK_INVALID_HANDLE;
3341 CK_SESSION_HANDLE ro_session = CK_INVALID_HANDLE;
3342 CK_FLAGS rw_session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3343 CK_FLAGS ro_session_flags = CKF_SERIAL_SESSION;
3344 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
3345 CK_OBJECT_HANDLE obj_hdl_ro = CK_INVALID_HANDLE;
3346 CK_OBJECT_HANDLE obj_hdl_cp = CK_INVALID_HANDLE;
3347 const char *label = "Dummy Objects";
3348 CK_ATTRIBUTE secret_key_template[] = {
3349 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3350 sizeof(CK_OBJECT_CLASS) },
3351 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
3352 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3353 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3354 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3355 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3356 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3357 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3358 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3359 };
3360 CK_BBOOL g_token = CK_FALSE;
3361 CK_BBOOL g_private = CK_FALSE;
3362 CK_BBOOL g_modify = CK_FALSE;
3363 CK_BBOOL g_copy = CK_FALSE;
3364 CK_BBOOL g_destroy = CK_FALSE;
3365 CK_BBOOL g_extract = CK_FALSE;
3366 CK_BBOOL g_sensitive = CK_FALSE;
3367 CK_BBOOL g_nextract = CK_FALSE;
3368 CK_BBOOL g_asensitive = CK_FALSE;
3369 CK_BBOOL g_local = CK_FALSE;
3370 CK_ATTRIBUTE get_template[] = {
3371 { CKA_TOKEN, &g_token, sizeof(CK_BBOOL) },
3372 { CKA_PRIVATE, &g_private, sizeof(CK_BBOOL) },
3373 { CKA_MODIFIABLE, &g_modify, sizeof(CK_BBOOL) },
3374 { CKA_COPYABLE, &g_copy, sizeof(CK_BBOOL) },
3375 { CKA_DESTROYABLE, &g_destroy, sizeof(CK_BBOOL) },
3376 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
3377 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
3378 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
3379 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
3380 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
3381 };
3382 CK_ATTRIBUTE copy_template[] = {
3383 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3384 { CKA_MODIFIABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3385 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3386 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3387 };
3388 CK_ATTRIBUTE copy_template_inv[] = {
3389 { CKA_APPLICATION, (CK_UTF8CHAR_PTR)label, sizeof(label) },
3390 };
3391 CK_ATTRIBUTE copy_template_priv[] = {
3392 { CKA_PRIVATE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3393 };
3394 CK_ATTRIBUTE set_template[] = {
3395 { CKA_COPYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3396 };
3397
3398 rv = init_lib_and_find_token_slot(&slot);
3399 if (!ADBG_EXPECT_CK_OK(c, rv))
3400 return;
3401
3402 rv = init_test_token(slot);
3403 if (!ADBG_EXPECT_CK_OK(c, rv))
3404 goto close_lib;
3405
3406 rv = init_user_test_token(slot);
3407 if (!ADBG_EXPECT_CK_OK(c, rv))
3408 goto close_lib;
3409
3410 /* Open a RW session */
3411 rv = C_OpenSession(slot, rw_session_flags, NULL, 0, &rw_session);
3412 if (!ADBG_EXPECT_CK_OK(c, rv))
3413 goto close_lib;
3414
3415 /* Open a RO session */
3416 rv = C_OpenSession(slot, ro_session_flags, NULL, 0, &ro_session);
3417 if (!ADBG_EXPECT_CK_OK(c, rv))
3418 goto close_session;
3419
3420 /* Generate a secret key object in rw session */
3421 rv = C_GenerateKey(rw_session, &cktest_aes_keygen_mechanism,
3422 secret_key_template,
3423 ARRAY_SIZE(secret_key_template), &obj_hdl);
3424 if (!ADBG_EXPECT_CK_OK(c, rv))
3425 goto close_session;
3426
3427 /* Check its attribute values */
3428 rv = C_GetAttributeValue(rw_session, obj_hdl, get_template,
3429 ARRAY_SIZE(get_template));
3430 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3431 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3432 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3433 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3434 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3435 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3436 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
3437 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3438 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3439 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3440 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3441 goto close_session;
3442
3443 /* Create a secret key object in ro session*/
3444 rv = C_CreateObject(ro_session, secret_key_template,
3445 ARRAY_SIZE(secret_key_template), &obj_hdl_ro);
3446 if (!ADBG_EXPECT_CK_OK(c, rv))
3447 goto close_session;
3448
3449 /*
3450 * Duplicate the object generated in RW session using C_GenerateKey() to
3451 * another object. Pass Template as NULL and test the attributes of
3452 * new created object.
3453 */
3454 Do_ADBG_BeginSubCase(c, "Copy Local Obj with NULL Template");
3455 rv = C_CopyObject(rw_session, obj_hdl, NULL, 0, &obj_hdl_cp);
3456 if (!ADBG_EXPECT_CK_OK(c, rv))
3457 goto out;
3458
3459 /*
3460 * Check its attribute values, should match the original object.
3461 * CKA_LOCAL shall be TRUE even in copied object as original object
3462 * was generated using C_GenerateKey()
3463 */
3464 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_template,
3465 ARRAY_SIZE(get_template));
3466 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3467 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3468 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3469 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3470 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3471 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3472 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
3473 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3474 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3475 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3476 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3477 goto out;
3478
3479 rv = C_DestroyObject(rw_session, obj_hdl_cp);
3480 if (!ADBG_EXPECT_CK_OK(c, rv))
3481 goto out;
3482
3483 obj_hdl_cp = CK_INVALID_HANDLE;
3484
3485 Do_ADBG_EndSubCase(c, NULL);
3486
3487 /*
3488 * Duplicate the object generated in RO session using C_CreateObject()
3489 * to another object. Pass Template as NULL and test the attributes of
3490 * new created object.
3491 */
3492 Do_ADBG_BeginSubCase(c, "Copy a non-local object with NULL Template");
3493
3494 /* Copy ro session object */
3495 rv = C_CopyObject(ro_session, obj_hdl_ro, NULL, 0, &obj_hdl_cp);
3496 if (!ADBG_EXPECT_CK_OK(c, rv))
3497 goto out;
3498
3499 /*
3500 * Check its attribute values, should match the original object.
3501 * CKA_LOCAL shall be FALSE even in copied object as original object
3502 * was generated using C_CreateObject()
3503 */
3504 rv = C_GetAttributeValue(ro_session, obj_hdl_cp, get_template,
3505 ARRAY_SIZE(get_template));
3506 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3507 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3508 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3509 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3510 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3511 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3512 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
3513 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3514 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3515 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3516 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3517 goto out;
3518
3519 rv = C_DestroyObject(ro_session, obj_hdl_cp);
3520 if (!ADBG_EXPECT_CK_OK(c, rv))
3521 goto out;
3522
3523 obj_hdl_cp = CK_INVALID_HANDLE;
3524
3525 Do_ADBG_EndSubCase(c, NULL);
3526
3527 /*
3528 * Test copying object with a valid template and check if attributes
3529 * get modified as indicated in the template. Checks modification of
3530 * attributes like CKA_TOKEN, CKA_MODIFIABLE which were not modifiable
3531 * via C_SetAttributeValue(). Also modifies the CKA_SENSITIVE,
3532 * CKA_EXTRACTABLE and checks corresponding values of RO attributes
3533 * CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE.
3534 */
3535 Do_ADBG_BeginSubCase(c, "Copy Object with Valid Template");
3536
3537 /*
3538 * Copy Session Object as a Token object
3539 * Properties CKA_MODIFIABLE turned to FALSE
3540 * CKA_EXTRACTABLE changed from TRUE to FALSE
3541 * CKA_NEVER_EXTRACTABLE should be FALSE.
3542 * CKA_SENSITIVE set to TRUE
3543 * However CKA_ALWAYS_SENSITIVE should be FALSE
3544 */
3545 rv = C_CopyObject(rw_session, obj_hdl, copy_template,
3546 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3547 if (!ADBG_EXPECT_CK_OK(c, rv))
3548 goto out;
3549
3550 /* Check the changed attribute values */
3551 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_template,
3552 ARRAY_SIZE(get_template));
3553 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3554 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_TRUE) ||
3555 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_FALSE) ||
3556 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
3557 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3558 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
3559 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3560 goto out;
3561
3562 /*
3563 * The copied object has CKA_MODIFIABLE set to FALSE. Check if
3564 * call to C_SetAttributeValue() returns CKR_ACTION_PROHIBITED
3565 */
3566 rv = C_SetAttributeValue(rw_session, obj_hdl_cp, set_template,
3567 ARRAY_SIZE(set_template));
3568 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ACTION_PROHIBITED, rv))
3569 goto out;
3570
3571 rv = C_DestroyObject(rw_session, obj_hdl_cp);
3572 if (!ADBG_EXPECT_CK_OK(c, rv))
3573 goto out;
3574
3575 obj_hdl_cp = CK_INVALID_HANDLE;
3576
3577 Do_ADBG_EndSubCase(c, NULL);
3578
3579 /*
3580 * Test changing the CKA_PRIVATE to TRUE when copying object.
3581 * Fails when user is not logged in. Passes after user logs in
3582 */
3583 Do_ADBG_BeginSubCase(c, "Copy Object as a Private Object");
3584
3585 /* The first attempt will fail as user is not logged in */
3586 rv = C_CopyObject(rw_session, obj_hdl, copy_template_priv,
3587 ARRAY_SIZE(copy_template_priv), &obj_hdl_cp);
3588 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3589 goto out;
3590
3591 /* Login to Test Token and repeat*/
3592 rv = C_Login(rw_session, CKU_USER, test_token_user_pin,
3593 sizeof(test_token_user_pin));
3594 if (!ADBG_EXPECT_CK_OK(c, rv))
3595 goto out;
3596
3597 /* Try copying a public object to a private object - should pass */
3598 rv = C_CopyObject(rw_session, obj_hdl, copy_template_priv,
3599 ARRAY_SIZE(copy_template_priv), &obj_hdl_cp);
3600 if (!ADBG_EXPECT_CK_OK(c, rv)) {
3601 ADBG_EXPECT_CK_OK(c, C_Logout(rw_session));
3602 goto out;
3603 }
3604
3605 if (!ADBG_EXPECT_CK_OK(c, C_Logout(rw_session)))
3606 goto out;
3607
3608 Do_ADBG_EndSubCase(c, NULL);
3609
3610 Do_ADBG_BeginSubCase(c, "Copy Object with Invalid Template");
3611
3612 rv = C_CopyObject(rw_session, obj_hdl, copy_template_inv,
3613 ARRAY_SIZE(copy_template_inv), &obj_hdl_cp);
3614 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_TYPE_INVALID, rv))
3615 goto out;
3616
3617 Do_ADBG_EndSubCase(c, NULL);
3618
3619 Do_ADBG_BeginSubCase(c, "Copy Object with COPYABLE false");
3620
3621 rv = C_SetAttributeValue(rw_session, obj_hdl, set_template,
3622 ARRAY_SIZE(set_template));
3623 if (!ADBG_EXPECT_CK_OK(c, rv))
3624 goto out;
3625
3626 rv = C_CopyObject(rw_session, obj_hdl, copy_template,
3627 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3628 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ACTION_PROHIBITED, rv))
3629 goto out;
3630
3631 Do_ADBG_EndSubCase(c, NULL);
3632
3633 Do_ADBG_BeginSubCase(c, "Copy session object to token in RO session");
3634
3635 rv = C_CopyObject(ro_session, obj_hdl_ro, copy_template,
3636 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3637 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3638 goto out;
3639
3640out:
3641 Do_ADBG_EndSubCase(c, NULL);
3642
3643 /* Destroy any token objects which may have been created */
3644 destroy_persistent_objects(c, slot);
3645
3646close_session:
3647 /* Closing session will also destroy all session objects */
3648 if (ro_session != CK_INVALID_HANDLE)
3649 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3650
3651 ADBG_EXPECT_CK_OK(c, C_CloseSession(rw_session));
3652
3653close_lib:
3654 ADBG_EXPECT_CK_OK(c, close_lib());
3655}
3656ADBG_CASE_DEFINE(pkcs11, 1015, xtest_pkcs11_test_1015,
3657 "PKCS11: Test C_CopyObject()");
Vesa Jääskeläinenf8687fe2021-02-06 20:58:22 +0200[diff] [blame]3658
3659static void xtest_pkcs11_test_1016(ADBG_Case_t *c)
3660{
3661 CK_RV rv = CKR_GENERAL_ERROR;
3662 CK_SLOT_ID slot = 0;
3663 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3664 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3665 uint8_t buffer[64] = { 0 };
3666 size_t i = 0;
3667
3668 rv = init_lib_and_find_token_slot(&slot);
3669 if (!ADBG_EXPECT_CK_OK(c, rv))
3670 return;
3671
3672 rv = init_test_token(slot);
3673 if (!ADBG_EXPECT_CK_OK(c, rv))
3674 goto close_lib;
3675
3676 rv = init_user_test_token(slot);
3677 if (!ADBG_EXPECT_CK_OK(c, rv))
3678 goto close_lib;
3679
3680 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3681 if (!ADBG_EXPECT_CK_OK(c, rv))
3682 goto close_lib;
3683
3684 Do_ADBG_BeginSubCase(c, "Seed random bytes");
3685
3686 memset(buffer, 0xCC, sizeof(buffer));
3687
3688 rv = C_SeedRandom(session, buffer, sizeof(buffer));
3689 if (!ADBG_EXPECT_CK_OK(c, rv))
3690 goto out;
3691
3692 Do_ADBG_EndSubCase(c, NULL);
3693
3694 Do_ADBG_BeginSubCase(c, "Seed random bytes with zero length buffer");
3695
3696 rv = C_SeedRandom(session, buffer, 0);
3697 if (!ADBG_EXPECT_CK_OK(c, rv))
3698 goto out;
3699
3700 rv = C_SeedRandom(session, NULL, 0);
3701 if (!ADBG_EXPECT_CK_OK(c, rv))
3702 goto out;
3703
3704 Do_ADBG_EndSubCase(c, NULL);
3705
3706 Do_ADBG_BeginSubCase(c, "Generate random bytes");
3707
3708 memset(buffer, 0xCC, sizeof(buffer));
3709
3710 rv = C_GenerateRandom(session, buffer, 61);
3711 if (!ADBG_EXPECT_CK_OK(c, rv))
3712 goto out;
3713
3714 /* Verify that end of buffer is still 0xCC */
3715 for (i = 61; i < sizeof(buffer); i++)
3716 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, buffer[i], ==, 0xCC))
3717 break;
3718
3719 Do_ADBG_EndSubCase(c, NULL);
3720
3721 Do_ADBG_BeginSubCase(c, "Generate random bytes with zero length buffer");
3722
3723 memset(buffer, 0xCC, sizeof(buffer));
3724
3725 rv = C_GenerateRandom(session, buffer, 0);
3726 if (!ADBG_EXPECT_CK_OK(c, rv))
3727 goto out;
3728
3729 /* Verify that whole buffer is still 0xCC */
3730 for (i = 0; i < sizeof(buffer); i++)
3731 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, buffer[i], ==, 0xCC))
3732 break;
3733
3734 rv = C_GenerateRandom(session, NULL, 0);
3735 ADBG_EXPECT_CK_OK(c, rv);
3736
3737out:
3738 Do_ADBG_EndSubCase(c, NULL);
3739
3740 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
3741
3742close_lib:
3743 ADBG_EXPECT_CK_OK(c, close_lib());
3744}
3745ADBG_CASE_DEFINE(pkcs11, 1016, xtest_pkcs11_test_1016,
3746 "PKCS11: Random number generator tests");
Ruchika Gupta5f7717a2021-02-17 13:34:24 +0530[diff] [blame]3747
3748static CK_RV derive_sym_key(CK_SESSION_HANDLE session,
3749 CK_OBJECT_HANDLE parent_key,
3750 CK_MECHANISM_TYPE mechanism, size_t data_len,
3751 CK_OBJECT_HANDLE_PTR derv_key_hdl, size_t key_len,
3752 CK_OBJECT_CLASS key_class, CK_KEY_TYPE key_type,
3753 CK_BBOOL sensitive, CK_BBOOL extble)
3754{
3755 CK_RV rv = CKR_GENERAL_ERROR;
3756 uint8_t buffer[512] = { 0 };
3757 uint8_t iv[16] = { 0 };
3758 CK_MECHANISM mech_derive = { 0 };
3759 CK_KEY_DERIVATION_STRING_DATA key_derv_param = { 0 };
3760 CK_AES_CBC_ENCRYPT_DATA_PARAMS aes_cbc_param = { 0 };
3761 CK_ATTRIBUTE derived_key_template[] = {
3762 { CKA_CLASS, &key_class, sizeof(key_class) },
3763 { CKA_KEY_TYPE, &key_type, sizeof(key_type) },
3764 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3765 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3766 { CKA_SENSITIVE, &sensitive, sizeof(sensitive) },
3767 { CKA_EXTRACTABLE, &extble, sizeof(extble) },
3768 { CKA_VALUE_LEN, &key_len, sizeof(key_len) }
3769 };
3770
3771 if (data_len > sizeof(buffer))
3772 return rv;
3773
3774 switch (mechanism) {
3775 case CKM_AES_ECB_ENCRYPT_DATA:
3776 key_derv_param.pData = buffer;
3777 key_derv_param.ulLen = data_len;
3778 mech_derive.mechanism = mechanism;
3779 mech_derive.pParameter = &key_derv_param;
3780 mech_derive.ulParameterLen = sizeof(key_derv_param);
3781 break;
3782 case CKM_AES_CBC_ENCRYPT_DATA:
3783 memcpy(aes_cbc_param.iv, iv, 16);
3784 aes_cbc_param.pData = buffer;
3785 aes_cbc_param.length = data_len;
3786 mech_derive.mechanism = mechanism;
3787 mech_derive.pParameter = &aes_cbc_param;
3788 mech_derive.ulParameterLen = sizeof(aes_cbc_param);
3789 break;
3790 case CKM_AES_ECB:
3791 /* Not a derivation algorithm */
3792 mech_derive.mechanism = mechanism;
3793 mech_derive.pParameter = NULL;
3794 mech_derive.ulParameterLen = 0;
3795 break;
3796 default:
3797 return rv;
3798 }
3799
3800 /* Don't use VALUE_LEN parameter if key_len passed is 0 */
3801 if (key_len)
3802 rv = C_DeriveKey(session, &mech_derive, parent_key,
3803 derived_key_template,
3804 ARRAY_SIZE(derived_key_template),
3805 derv_key_hdl);
3806 else
3807 /* last attribute in template is the derived key size */
3808 rv = C_DeriveKey(session, &mech_derive, parent_key,
3809 derived_key_template,
3810 ARRAY_SIZE(derived_key_template) - 1,
3811 derv_key_hdl);
3812 return rv;
3813}
3814
3815static void xtest_pkcs11_test_1017(ADBG_Case_t *c)
3816{
3817 CK_RV rv = CKR_GENERAL_ERROR;
3818 CK_SLOT_ID slot = 0;
3819 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3820 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3821 CK_OBJECT_HANDLE derv_key_hdl = CK_INVALID_HANDLE;
3822 CK_OBJECT_HANDLE aes_key1 = CK_INVALID_HANDLE;
3823 CK_OBJECT_HANDLE aes_key2 = CK_INVALID_HANDLE;
3824 CK_OBJECT_HANDLE aes_key_enc = CK_INVALID_HANDLE;
3825 size_t data_len = 0;
3826 size_t key_len = 0;
3827 CK_BBOOL g_extract = CK_FALSE;
3828 CK_BBOOL g_sensitive = CK_FALSE;
3829 CK_BBOOL g_nextract = CK_FALSE;
3830 CK_BBOOL g_asensitive = CK_FALSE;
3831 CK_BBOOL g_local = CK_FALSE;
3832 CK_OBJECT_CLASS g_class = CKO_VENDOR_DEFINED;
3833 CK_KEY_TYPE g_key_type = CKK_VENDOR_DEFINED;
3834 uint8_t g_val[516] = { 0 };
3835 CK_ULONG secret_len = 0;
3836 CK_ATTRIBUTE get_template[] = {
3837 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
3838 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
3839 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
3840 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
3841 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
3842 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
3843 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
3844 { CKA_VALUE_LEN, &secret_len, sizeof(secret_len) },
3845 /*
3846 * CKA_VALUE should remain last attribute in template,
3847 * in this test case as we check the length returned
3848 * from last index of the get_template in this test.
3849 */
3850 { CKA_VALUE, g_val, sizeof(g_val) },
3851 };
3852 uint32_t idx = ARRAY_SIZE(get_template) - 1;
3853 CK_ATTRIBUTE parent_template1[] = {
3854 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3855 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3856 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3857 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3858 };
3859 CK_ATTRIBUTE parent_template2[] = {
3860 { CKA_SENSITIVE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3861 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3862 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3863 { CKA_ENCRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3864 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3865 };
3866 CK_ATTRIBUTE parent_template_wo_derive[] = {
3867 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3868 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3869 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3870 };
3871 CK_ATTRIBUTE parent_template_w_enc_der[] = {
3872 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3873 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3874 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3875 };
3876
3877 rv = init_lib_and_find_token_slot(&slot);
3878 if (!ADBG_EXPECT_CK_OK(c, rv))
3879 return;
3880
3881 rv = init_test_token(slot);
3882 if (!ADBG_EXPECT_CK_OK(c, rv))
3883 goto close_lib;
3884
3885 rv = init_user_test_token(slot);
3886 if (!ADBG_EXPECT_CK_OK(c, rv))
3887 goto close_lib;
3888
3889 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3890 if (!ADBG_EXPECT_CK_OK(c, rv))
3891 goto close_lib;
3892
3893 /*
3894 * Parent AES Key 1
3895 * SENSITIVE = TRUE, EXTRACTABLE = FALSE
3896 * ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
3897 */
3898 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
3899 parent_template1, ARRAY_SIZE(parent_template1),
3900 &aes_key1);
3901 if (!ADBG_EXPECT_CK_OK(c, rv))
3902 goto close_session;
3903
3904 /*
3905 * Parent AES Key 2
3906 * SENSITIVE = FALSE, EXTRACTABLE = TRUE
3907 * ALWAYS_SENSITIVE = FALSE, NEVER_EXTRACTABLE = FALSE
3908 */
3909 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
3910 parent_template2, ARRAY_SIZE(parent_template2),
3911 &aes_key2);
3912 if (!ADBG_EXPECT_CK_OK(c, rv))
3913 goto close_session;
3914
3915 Do_ADBG_BeginSubCase(c, "Derive Generic secret - AES-ECB Mechanism");
3916
3917 /*
3918 * Use AES key 1 as Parent key
3919 * 1. VALUE_LEN attribute not given in derivation template. Length
3920 * of key should be same as that of data length.
3921 * 2. Derivation template has SENSITIVE = TRUE, EXTRACTABLE = FALSE
3922 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
3923 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
3924 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
3925 * 3. LOCAL should be false
3926 */
3927 data_len = 512;
3928 key_len = 0;
3929 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
3930 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
3931 CKK_GENERIC_SECRET, CK_TRUE, CK_FALSE);
3932 if (!ADBG_EXPECT_CK_OK(c, rv))
3933 goto out;
3934
3935 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
3936 ARRAY_SIZE(get_template) - 1);
3937 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3938 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, data_len) ||
3939 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
3940 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==,
3941 CKK_GENERIC_SECRET) ||
3942 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
3943 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
3944 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
3945 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_TRUE) ||
3946 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE))
3947 goto out;
3948
3949 rv = C_DestroyObject(session, derv_key_hdl);
3950 if (!ADBG_EXPECT_CK_OK(c, rv))
3951 goto out;
3952
3953 Do_ADBG_EndSubCase(c, NULL);
3954
3955 Do_ADBG_BeginSubCase(c, "Derive AES key using AES-EBC");
3956
3957 /*
3958 * Use AES key 2 as Parent key
3959 * 1. VALUE_LEN < DATA_LEN, Derived key should have VALUE_LEN key size
3960 * 2. Derivation template has SENSITIVE = TRUE, EXTRACTABLE = FALSE
3961 * Parent key has ALWAYS_SENSITIVE = FALSE, NEVER_EXTRACTABLE = FALSE
3962 * So derived key, ALWAYS_SENSITIVE will be FALSE and
3963 * NEVER_EXTRACTABLE will be FALSE
3964 * 3. LOCAL should be false
3965 */
3966 data_len = 32;
3967 key_len = 16;
3968 rv = derive_sym_key(session, aes_key2, CKM_AES_ECB_ENCRYPT_DATA,
3969 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
3970 CKK_AES, CK_TRUE, CK_FALSE);
3971 if (!ADBG_EXPECT_CK_OK(c, rv))
3972 goto out;
3973
3974 /* This being a SENSITIVE object, we can't get the VALUE */
3975 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
3976 ARRAY_SIZE(get_template) - 1);
3977 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3978 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
3979 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
3980 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
3981 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
3982 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
3983 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
3984 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
3985 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
3986 goto out;
3987
3988 rv = C_DestroyObject(session, derv_key_hdl);
3989 if (!ADBG_EXPECT_CK_OK(c, rv))
3990 goto out;
3991
3992 Do_ADBG_EndSubCase(c, NULL);
3993
3994 Do_ADBG_BeginSubCase(c, "Derive AES key using AES-CBC");
3995
3996 /*
3997 * Use AES key 1 as Parent key
3998 * 1. VALUE_LEN = DATA_LEN, Derived key should have VALUE_LEN key size
3999 * 2. Derivation template has SENSITIVE = FALSE, EXTRACTABLE = FALSE
4000 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4001 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4002 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4003 * 3. LOCAL should be false
4004 */
4005 data_len = 32;
4006 key_len = 32;
4007 rv = derive_sym_key(session, aes_key1, CKM_AES_CBC_ENCRYPT_DATA,
4008 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4009 CKK_AES, CK_FALSE, CK_FALSE);
4010 if (!ADBG_EXPECT_CK_OK(c, rv))
4011 goto out;
4012
4013 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4014 ARRAY_SIZE(get_template) - 1);
4015 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4016 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4017 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4018 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
4019 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4020 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
4021 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
4022 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4023 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE))
4024 goto out;
4025
4026 rv = C_DestroyObject(session, derv_key_hdl);
4027 if (!ADBG_EXPECT_CK_OK(c, rv))
4028 goto out;
4029
4030 Do_ADBG_EndSubCase(c, NULL);
4031
4032 Do_ADBG_BeginSubCase(c, "Derive Generic secret key using AES-CBC");
4033 /*
4034 * Use AES key 2 as Parent key
4035 * 1. VALUE_LEN < DATA_LEN, Derived key should have VALUE_LEN key size
4036 * 2. Derivation template has SENSITIVE = FALSE, EXTRACTABLE = TRUE
4037 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4038 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4039 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4040 * 3. LOCAL should be false
4041 */
4042 data_len = 512;
4043 key_len = 256;
4044 rv = derive_sym_key(session, aes_key2, CKM_AES_CBC_ENCRYPT_DATA,
4045 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4046 CKK_GENERIC_SECRET, CK_FALSE, CK_TRUE);
4047 if (!ADBG_EXPECT_CK_OK(c, rv))
4048 goto out;
4049
4050 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4051 ARRAY_SIZE(get_template));
4052 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4053 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_template[idx].ulValueLen, ==,
4054 key_len) ||
4055 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4056 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4057 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==,
4058 CKK_GENERIC_SECRET) ||
4059 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4060 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
4061 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
4062 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4063 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
4064 goto out;
4065
4066 rv = C_DestroyObject(session, derv_key_hdl);
4067 if (!ADBG_EXPECT_CK_OK(c, rv))
4068 goto out;
4069
4070 Do_ADBG_EndSubCase(c, NULL);
4071
4072 Do_ADBG_BeginSubCase(c, "Invalid parameters during derivation");
4073
4074 /* Length of data used for derivation < key length */
4075 data_len = 16;
4076 key_len = 32;
4077 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4078 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4079 CKK_AES, CK_FALSE, CK_TRUE);
4080 if (!ADBG_EXPECT_CK_RESULT(c, CKR_DATA_LEN_RANGE, rv))
4081 goto out;
4082
4083 /* Data is not multiple of 16 */
4084 data_len = 18;
4085 key_len = 32;
4086 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4087 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4088 CKK_AES, CK_FALSE, CK_TRUE);
4089 if (!ADBG_EXPECT_CK_RESULT(c, CKR_DATA_LEN_RANGE, rv))
4090 goto out;
4091
4092 /* Wrong Mechanism */
4093 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB,
4094 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4095 CKK_AES, CK_FALSE, CK_TRUE);
4096 if (!ADBG_EXPECT_CK_RESULT(c, CKR_MECHANISM_INVALID, rv))
4097 goto out;
4098
4099 Do_ADBG_EndSubCase(c, NULL);
4100
4101 Do_ADBG_BeginSubCase(c, "Failure if operation already active");
4102
4103 /* Generate an AES key which can perform Encryption */
4104 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4105 parent_template_w_enc_der,
4106 ARRAY_SIZE(parent_template_w_enc_der),
4107 &aes_key_enc);
4108 if (!ADBG_EXPECT_CK_OK(c, rv))
4109 goto out;
4110
4111 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, aes_key_enc);
4112 if (!ADBG_EXPECT_CK_OK(c, rv))
4113 goto out;
4114
4115 data_len = 32;
4116 key_len = 32;
4117 rv = derive_sym_key(session, aes_key2, CKM_AES_ECB_ENCRYPT_DATA,
4118 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4119 CKK_AES, CK_FALSE, CK_TRUE);
4120 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_ACTIVE, rv))
4121 goto out;
4122
4123 rv = C_EncryptFinal(session, NULL, NULL);
4124 /* Only check that the operation is no more active */
4125 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
4126 goto out;
4127
4128 Do_ADBG_EndSubCase(c, NULL);
4129
4130 Do_ADBG_BeginSubCase(c, "Failure if parent key CKA_ENCRYPT is TRUE");
4131
4132 data_len = 32;
4133 key_len = 32;
4134 rv = derive_sym_key(session, aes_key_enc, CKM_AES_ECB_ENCRYPT_DATA,
4135 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4136 CKK_AES, CK_FALSE, CK_TRUE);
4137 /*
4138 * Not strictly expecting FUNCTION_FAILED but expecting a failure
4139 * as we have added a restriction that keys with attribute CKA_ENCRYPT
4140 * set can't be used for derivation.
4141 */
4142 if (!ADBG_EXPECT_CK_RESULT(c, CKR_FUNCTION_FAILED, rv))
4143 goto out;
4144
4145 Do_ADBG_EndSubCase(c, NULL);
4146
4147 Do_ADBG_BeginSubCase(c, "Failure if parent key CKA_DERIVE is FALSE");
4148
4149 rv = C_DestroyObject(session, aes_key1);
4150 if (!ADBG_EXPECT_CK_OK(c, rv))
4151 goto out;
4152
4153 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4154 parent_template_wo_derive,
4155 ARRAY_SIZE(parent_template_wo_derive),
4156 &aes_key1);
4157 if (!ADBG_EXPECT_CK_OK(c, rv))
4158 goto out;
4159
4160 data_len = 32;
4161 key_len = 32;
4162 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4163 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4164 CKK_AES, CK_FALSE, CK_TRUE);
4165 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_TYPE_INCONSISTENT, rv))
4166 goto out;
4167
4168out:
4169 Do_ADBG_EndSubCase(c, NULL);
4170
4171close_session:
4172 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
4173
4174close_lib:
4175 ADBG_EXPECT_CK_OK(c, close_lib());
4176}
4177ADBG_CASE_DEFINE(pkcs11, 1017, xtest_pkcs11_test_1017,
4178 "PKCS11: AES Key Derivation tests");
Vesa Jääskeläinenc95ee1e2021-03-06 12:20:12 +0200[diff] [blame^]4179
4180/* Digest test patterns */
4181static const char digest_test_pattern[] = "The quick brown fox jumps over the lazy dog";
4182static const char digest_test_pattern_empty[] = "";
4183
4184/* MD5 checksums for digest test patterns */
4185static const uint8_t digest_test_pattern_md5[] = {
4186 0x9e, 0x10, 0x7d, 0x9d, 0x37, 0x2b, 0xb6, 0x82, 0x6b, 0xd8, 0x1d, 0x35,
4187 0x42, 0xa4, 0x19, 0xd6
4188};
4189static const uint8_t digest_test_pattern_empty_md5[] = {
4190 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, 0xe9, 0x80, 0x09, 0x98,
4191 0xec, 0xf8, 0x42, 0x7e
4192};
4193
4194/* SHA-1 checksums for digest test patterns */
4195static const uint8_t digest_test_pattern_sha1[] = {
4196 0x2f, 0xd4, 0xe1, 0xc6, 0x7a, 0x2d, 0x28, 0xfc, 0xed, 0x84, 0x9e, 0xe1,
4197 0xbb, 0x76, 0xe7, 0x39, 0x1b, 0x93, 0xeb, 0x12
4198};
4199static const uint8_t digest_test_pattern_empty_sha1[] = {
4200 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55, 0xbf, 0xef,
4201 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09
4202};
4203
4204/* SHA-224 checksums for digest test patterns */
4205static const uint8_t digest_test_pattern_sha224[] = {
4206 0x73, 0x0e, 0x10, 0x9b, 0xd7, 0xa8, 0xa3, 0x2b, 0x1c, 0xb9, 0xd9, 0xa0,
4207 0x9a, 0xa2, 0x32, 0x5d, 0x24, 0x30, 0x58, 0x7d, 0xdb, 0xc0, 0xc3, 0x8b,
4208 0xad, 0x91, 0x15, 0x25
4209};
4210static const uint8_t digest_test_pattern_empty_sha224[] = {
4211 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47, 0x61, 0x02, 0xbb,
4212 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
4213 0xc5, 0xb3, 0xe4, 0x2f
4214};
4215
4216/* SHA-256 checksums for digest test patterns */
4217static const uint8_t digest_test_pattern_sha256[] = {
4218 0xd7, 0xa8, 0xfb, 0xb3, 0x07, 0xd7, 0x80, 0x94, 0x69, 0xca, 0x9a, 0xbc,
4219 0xb0, 0x08, 0x2e, 0x4f, 0x8d, 0x56, 0x51, 0xe4, 0x6d, 0x3c, 0xdb, 0x76,
4220 0x2d, 0x02, 0xd0, 0xbf, 0x37, 0xc9, 0xe5, 0x92
4221};
4222static const uint8_t digest_test_pattern_empty_sha256[] = {
4223 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
4224 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
4225 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
4226};
4227
4228/* SHA-384 checksums for digest test patterns */
4229static const uint8_t digest_test_pattern_sha384[] = {
4230 0xca, 0x73, 0x7f, 0x10, 0x14, 0xa4, 0x8f, 0x4c, 0x0b, 0x6d, 0xd4, 0x3c,
4231 0xb1, 0x77, 0xb0, 0xaf, 0xd9, 0xe5, 0x16, 0x93, 0x67, 0x54, 0x4c, 0x49,
4232 0x40, 0x11, 0xe3, 0x31, 0x7d, 0xbf, 0x9a, 0x50, 0x9c, 0xb1, 0xe5, 0xdc,
4233 0x1e, 0x85, 0xa9, 0x41, 0xbb, 0xee, 0x3d, 0x7f, 0x2a, 0xfb, 0xc9, 0xb1
4234};
4235static const uint8_t digest_test_pattern_empty_sha384[] = {
4236 0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e,
4237 0xb1, 0xb1, 0xe3, 0x6a, 0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43,
4238 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, 0x27, 0x4e, 0xde, 0xbf,
4239 0xe7, 0x6f, 0x65, 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b
4240};
4241
4242/* SHA-512 checksums for digest test patterns */
4243static const uint8_t digest_test_pattern_sha512[] = {
4244 0x07, 0xe5, 0x47, 0xd9, 0x58, 0x6f, 0x6a, 0x73, 0xf7, 0x3f, 0xba, 0xc0,
4245 0x43, 0x5e, 0xd7, 0x69, 0x51, 0x21, 0x8f, 0xb7, 0xd0, 0xc8, 0xd7, 0x88,
4246 0xa3, 0x09, 0xd7, 0x85, 0x43, 0x6b, 0xbb, 0x64, 0x2e, 0x93, 0xa2, 0x52,
4247 0xa9, 0x54, 0xf2, 0x39, 0x12, 0x54, 0x7d, 0x1e, 0x8a, 0x3b, 0x5e, 0xd6,
4248 0xe1, 0xbf, 0xd7, 0x09, 0x78, 0x21, 0x23, 0x3f, 0xa0, 0x53, 0x8f, 0x3d,
4249 0xb8, 0x54, 0xfe, 0xe6
4250};
4251static const uint8_t digest_test_pattern_empty_sha512[] = {
4252 0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, 0xf1, 0x54, 0x28, 0x50,
4253 0xd6, 0x6d, 0x80, 0x07, 0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
4254 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, 0x47, 0xd0, 0xd1, 0x3c,
4255 0x5d, 0x85, 0xf2, 0xb0, 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
4256 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, 0xa5, 0x38, 0x32, 0x7a,
4257 0xf9, 0x27, 0xda, 0x3e
4258};
4259
4260#define DIGEST_TEST(_test_name, _mecha, _data, _digest) \
4261 { \
4262 .test_name = _test_name, \
4263 .mecha = _mecha, \
4264 .data = _data, \
4265 .data_size = sizeof(_data) - 1, \
4266 .digest = _digest, \
4267 .digest_size = sizeof(_digest) \
4268 }
4269
4270/* Digest simple test suite */
4271static struct {
4272 const char *test_name;
4273 CK_MECHANISM_TYPE mecha;
4274 const void *data;
4275 CK_ULONG data_size;
4276 const uint8_t *digest;
4277 CK_ULONG digest_size;
4278} digest_test_patterns[] = {
4279 DIGEST_TEST("CKM_MD5/empty", CKM_MD5, digest_test_pattern_empty,
4280 digest_test_pattern_empty_md5),
4281 DIGEST_TEST("CKM_MD5/test pattern", CKM_MD5, digest_test_pattern,
4282 digest_test_pattern_md5),
4283 DIGEST_TEST("CKM_SHA_1/empty", CKM_SHA_1, digest_test_pattern_empty,
4284 digest_test_pattern_empty_sha1),
4285 DIGEST_TEST("CKM_SHA_1/test pattern", CKM_SHA_1, digest_test_pattern,
4286 digest_test_pattern_sha1),
4287 DIGEST_TEST("CKM_SHA224/empty", CKM_SHA224, digest_test_pattern_empty,
4288 digest_test_pattern_empty_sha224),
4289 DIGEST_TEST("CKM_SHA224/test pattern", CKM_SHA224, digest_test_pattern,
4290 digest_test_pattern_sha224),
4291 DIGEST_TEST("CKM_SHA256/empty", CKM_SHA256, digest_test_pattern_empty,
4292 digest_test_pattern_empty_sha256),
4293 DIGEST_TEST("CKM_SHA256/test pattern", CKM_SHA256, digest_test_pattern,
4294 digest_test_pattern_sha256),
4295 DIGEST_TEST("CKM_SHA384/empty", CKM_SHA384, digest_test_pattern_empty,
4296 digest_test_pattern_empty_sha384),
4297 DIGEST_TEST("CKM_SHA384/test pattern", CKM_SHA384, digest_test_pattern,
4298 digest_test_pattern_sha384),
4299 DIGEST_TEST("CKM_SHA512/empty", CKM_SHA512, digest_test_pattern_empty,
4300 digest_test_pattern_empty_sha512),
4301 DIGEST_TEST("CKM_SHA512/test pattern", CKM_SHA512, digest_test_pattern,
4302 digest_test_pattern_sha512),
4303};
4304
4305static CK_ATTRIBUTE digest_generate_aes_object[] = {
4306 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
4307 sizeof(CK_OBJECT_CLASS) },
4308 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_AES }, sizeof(CK_KEY_TYPE) },
4309 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4310 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4311 { CKA_SENSITIVE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4312 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
4313 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
4314};
4315
4316static CK_ATTRIBUTE digest_generate_gensecret_object[] = {
4317 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
4318 sizeof(CK_OBJECT_CLASS) },
4319 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_GENERIC_SECRET },
4320 sizeof(CK_KEY_TYPE) },
4321 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4322 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4323 { CKA_SENSITIVE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4324 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
4325 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
4326};
4327
4328static CK_ATTRIBUTE digest_data_object[] = {
4329 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_DATA },
4330 sizeof(CK_OBJECT_CLASS) },
4331 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4332 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4333};
4334
4335static void xtest_pkcs11_test_1018(ADBG_Case_t *c)
4336{
4337 CK_RV rv = CKR_GENERAL_ERROR;
4338 CK_SLOT_ID slot = 0;
4339 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
4340 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
4341 bool logged_in = false;
4342 uint8_t data[128] = { 0 };
4343 CK_ULONG data_size = 0;
4344 uint8_t digest[64] = { 0 };
4345 CK_ULONG digest_size = 0;
4346 const uint8_t *expect_digest = NULL;
4347 CK_ULONG expect_digest_size = 0;
4348 CK_MECHANISM mechanism = { CKM_MD5, NULL, 0 };
4349 uint8_t secret_data[128] = { 0 };
4350 CK_ULONG secret_data_size __maybe_unused = 0;
4351 CK_ATTRIBUTE digest_get_secret_value[] = {
4352 { CKA_VALUE, &secret_data, sizeof(secret_data) },
4353 };
4354 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
4355#ifdef OPENSSL_FOUND
4356 EVP_MD_CTX *mdctx = NULL;
4357 unsigned char hash[EVP_MAX_MD_SIZE] = { 0 };
4358 unsigned int md_len = 0;
4359 int ret = 0;
4360#endif
4361 size_t i = 0;
4362
4363 rv = init_lib_and_find_token_slot(&slot);
4364 if (!ADBG_EXPECT_CK_OK(c, rv))
4365 return;
4366
4367 rv = init_test_token(slot);
4368 if (!ADBG_EXPECT_CK_OK(c, rv))
4369 goto close_lib;
4370
4371 rv = init_user_test_token(slot);
4372 if (!ADBG_EXPECT_CK_OK(c, rv))
4373 goto close_lib;
4374
4375 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
4376 if (!ADBG_EXPECT_CK_OK(c, rv))
4377 goto close_lib;
4378
4379 /* Test out simple successful cases with init+update+final*/
4380 for (i = 0; i < ARRAY_SIZE(digest_test_patterns); i++) {
4381 Do_ADBG_BeginSubCase(c, "Simple digest tests - update - %s",
4382 digest_test_patterns[i].test_name);
4383
4384 mechanism.mechanism = digest_test_patterns[i].mecha;
4385 memset(data, 0xCC, sizeof(data));
4386 memset(digest, 0xCC, sizeof(digest));
4387 digest_size = sizeof(digest);
4388
4389 memcpy(data, digest_test_patterns[i].data,
4390 digest_test_patterns[i].data_size);
4391 data_size = digest_test_patterns[i].data_size;
4392
4393 expect_digest = digest_test_patterns[i].digest;
4394 expect_digest_size = digest_test_patterns[i].digest_size;
4395
4396 rv = C_DigestInit(session, &mechanism);
4397 if (!ADBG_EXPECT_CK_OK(c, rv))
4398 goto out;
4399
4400 rv = C_DigestUpdate(session, data, data_size);
4401 if (!ADBG_EXPECT_CK_OK(c, rv))
4402 goto out;
4403
4404 rv = C_DigestFinal(session, digest, &digest_size);
4405 if (!ADBG_EXPECT_CK_OK(c, rv))
4406 goto out;
4407
4408 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4409 digest, digest_size))
4410 goto out;
4411
4412 /* Verify that end of buffer is still 0xCC */
4413 for (i = expect_digest_size; i < sizeof(digest); i++)
4414 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest[i], ==,
4415 0xCC))
4416 goto out;
4417
4418 Do_ADBG_EndSubCase(c, NULL);
4419 }
4420
4421 /* Test out simple successful cases */
4422 for (i = 0; i < ARRAY_SIZE(digest_test_patterns); i++) {
4423 Do_ADBG_BeginSubCase(c, "Simple digest tests - oneshot - %s",
4424 digest_test_patterns[i].test_name);
4425
4426 mechanism.mechanism = digest_test_patterns[i].mecha;
4427 memset(data, 0xCC, sizeof(data));
4428 memset(digest, 0xCC, sizeof(digest));
4429 digest_size = sizeof(digest);
4430
4431 memcpy(data, digest_test_patterns[i].data,
4432 digest_test_patterns[i].data_size);
4433 data_size = digest_test_patterns[i].data_size;
4434
4435 expect_digest = digest_test_patterns[i].digest;
4436 expect_digest_size = digest_test_patterns[i].digest_size;
4437
4438 rv = C_DigestInit(session, &mechanism);
4439 if (!ADBG_EXPECT_CK_OK(c, rv))
4440 goto out;
4441
4442 rv = C_Digest(session, data, data_size, digest, &digest_size);
4443 if (!ADBG_EXPECT_CK_OK(c, rv))
4444 goto out;
4445
4446 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4447 digest, digest_size))
4448 goto out;
4449
4450 /* Verify that end of buffer is still 0xCC */
4451 for (i = expect_digest_size; i < sizeof(digest); i++)
4452 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest[i], ==,
4453 0xCC))
4454 goto out;
4455
4456 Do_ADBG_EndSubCase(c, NULL);
4457 }
4458
4459 /* Test out key updates */
4460
4461 Do_ADBG_BeginSubCase(c, "Simple digest tests - AES key update - SHA-256");
4462
4463 /* Login to Test Token */
4464 rv = C_Login(session, CKU_USER, test_token_user_pin,
4465 sizeof(test_token_user_pin));
4466 if (!ADBG_EXPECT_CK_OK(c, rv))
4467 goto out;
4468
4469 logged_in = true;
4470
4471 /* Generate AES key */
4472 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4473 digest_generate_aes_object,
4474 ARRAY_SIZE(digest_generate_aes_object),
4475 &key_handle);
4476 if (!ADBG_EXPECT_CK_OK(c, rv))
4477 goto out;
4478
4479 memset(secret_data, 0xCC, sizeof(data));
4480 digest_get_secret_value[0].ulValueLen = sizeof(secret_data);
4481
4482 /* Get value of generated secret for verification purposes */
4483 rv = C_GetAttributeValue(session, key_handle, digest_get_secret_value,
4484 ARRAY_SIZE(digest_get_secret_value));
4485 if (!ADBG_EXPECT_CK_OK(c, rv))
4486 goto out;
4487
4488 secret_data_size = digest_get_secret_value[0].ulValueLen;
4489
4490 /* Calculate digest with PKCS11 */
4491 mechanism.mechanism = CKM_SHA256;
4492
4493 memset(data, 0xCC, sizeof(data));
4494 memset(digest, 0xCC, sizeof(digest));
4495 digest_size = sizeof(digest);
4496
4497 memcpy(data, digest_test_patterns[0].data,
4498 digest_test_patterns[0].data_size);
4499 data_size = digest_test_patterns[0].data_size;
4500
4501 rv = C_DigestInit(session, &mechanism);
4502 if (!ADBG_EXPECT_CK_OK(c, rv))
4503 goto out;
4504
4505 rv = C_DigestUpdate(session, data, data_size);
4506 if (!ADBG_EXPECT_CK_OK(c, rv))
4507 goto out;
4508
4509 rv = C_DigestKey(session, key_handle);
4510 if (!ADBG_EXPECT_CK_OK(c, rv))
4511 goto out;
4512
4513 rv = C_DigestFinal(session, digest, &digest_size);
4514 if (!ADBG_EXPECT_CK_OK(c, rv))
4515 goto out;
4516
4517 /* Verify digest with openssl */
4518#ifdef OPENSSL_FOUND
4519 mdctx = EVP_MD_CTX_create();
4520 if (!ADBG_EXPECT_NOT_NULL(c, mdctx))
4521 goto out;
4522 ret = EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
4523 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4524 goto out;
4525 ret = EVP_DigestUpdate(mdctx, data, data_size);
4526 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4527 goto out;
4528 ret = EVP_DigestUpdate(mdctx, secret_data, secret_data_size);
4529 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4530 goto out;
4531 ret = EVP_DigestFinal_ex(mdctx, hash, &md_len);
4532 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4533 goto out;
4534 EVP_MD_CTX_destroy(mdctx);
4535 mdctx = NULL;
4536
4537 if (!ADBG_EXPECT_BUFFER(c, hash, md_len, digest, digest_size))
4538 goto out;
4539#else
4540 Do_ADBG_Log("OpenSSL not available, skipping C_DigestKey verification");
4541#endif
4542
4543 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4544 key_handle = CK_INVALID_HANDLE;
4545
4546 Do_ADBG_EndSubCase(c, NULL);
4547
4548 Do_ADBG_BeginSubCase(c, "Simple digest tests - generic secret key update - SHA-256");
4549
4550 /* Generate generic secret key */
4551 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
4552 digest_generate_gensecret_object,
4553 ARRAY_SIZE(digest_generate_gensecret_object),
4554 &key_handle);
4555 if (!ADBG_EXPECT_CK_OK(c, rv))
4556 goto out;
4557
4558 memset(secret_data, 0xCC, sizeof(data));
4559 digest_get_secret_value[0].ulValueLen = sizeof(secret_data);
4560
4561 /* Get value of generated secret for verification purposes */
4562 rv = C_GetAttributeValue(session, key_handle, digest_get_secret_value,
4563 ARRAY_SIZE(digest_get_secret_value));
4564 if (!ADBG_EXPECT_CK_OK(c, rv))
4565 goto out;
4566
4567 secret_data_size = digest_get_secret_value[0].ulValueLen;
4568
4569 /* Calculate digest with PKCS11 */
4570 mechanism.mechanism = CKM_SHA256;
4571
4572 memset(data, 0xCC, sizeof(data));
4573 memset(digest, 0xCC, sizeof(digest));
4574 digest_size = sizeof(digest);
4575
4576 memcpy(data, digest_test_patterns[0].data,
4577 digest_test_patterns[0].data_size);
4578 data_size = digest_test_patterns[0].data_size;
4579
4580 rv = C_DigestInit(session, &mechanism);
4581 if (!ADBG_EXPECT_CK_OK(c, rv))
4582 goto out;
4583
4584 rv = C_DigestUpdate(session, data, data_size);
4585 if (!ADBG_EXPECT_CK_OK(c, rv))
4586 goto out;
4587
4588 rv = C_DigestKey(session, key_handle);
4589 if (!ADBG_EXPECT_CK_OK(c, rv))
4590 goto out;
4591
4592 rv = C_DigestFinal(session, digest, &digest_size);
4593 if (!ADBG_EXPECT_CK_OK(c, rv))
4594 goto out;
4595
4596 /* Verify digest with openssl */
4597#ifdef OPENSSL_FOUND
4598 mdctx = EVP_MD_CTX_create();
4599 if (!ADBG_EXPECT_NOT_NULL(c, mdctx))
4600 goto out;
4601 ret = EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
4602 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4603 goto out;
4604 ret = EVP_DigestUpdate(mdctx, data, data_size);
4605 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4606 goto out;
4607 ret = EVP_DigestUpdate(mdctx, secret_data, secret_data_size);
4608 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4609 goto out;
4610 ret = EVP_DigestFinal_ex(mdctx, hash, &md_len);
4611 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4612 goto out;
4613 EVP_MD_CTX_destroy(mdctx);
4614 mdctx = NULL;
4615
4616 if (!ADBG_EXPECT_BUFFER(c, hash, md_len, digest, digest_size))
4617 goto out;
4618#else
4619 Do_ADBG_Log("OpenSSL not available, skipping C_DigestKey verification");
4620#endif
4621
4622 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4623 key_handle = CK_INVALID_HANDLE;
4624
4625 Do_ADBG_EndSubCase(c, NULL);
4626
4627 Do_ADBG_BeginSubCase(c, "Query digest size - C_DigestFinal");
4628
4629 mechanism.mechanism = digest_test_patterns[0].mecha;
4630
4631 memset(data, 0xCC, sizeof(data));
4632 memset(digest, 0xCC, sizeof(digest));
4633 digest_size = 0;
4634
4635 memcpy(data, digest_test_patterns[0].data,
4636 digest_test_patterns[0].data_size);
4637 data_size = digest_test_patterns[0].data_size;
4638
4639 expect_digest = digest_test_patterns[0].digest;
4640 expect_digest_size = digest_test_patterns[0].digest_size;
4641
4642 rv = C_DigestInit(session, &mechanism);
4643 if (!ADBG_EXPECT_CK_OK(c, rv))
4644 goto out;
4645
4646 rv = C_DigestUpdate(session, data, data_size);
4647 if (!ADBG_EXPECT_CK_OK(c, rv))
4648 goto out;
4649
4650 rv = C_DigestFinal(session, NULL, &digest_size);
4651 if (!ADBG_EXPECT_CK_OK(c, rv))
4652 goto out;
4653
4654 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==,
4655 expect_digest_size))
4656 goto out;
4657
4658 rv = C_DigestFinal(session, digest, &digest_size);
4659 if (!ADBG_EXPECT_CK_OK(c, rv))
4660 goto out;
4661
4662 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4663 digest, digest_size))
4664 goto out;
4665
4666 Do_ADBG_EndSubCase(c, NULL);
4667
4668 Do_ADBG_BeginSubCase(c, "Query digest size - C_Digest");
4669
4670 mechanism.mechanism = digest_test_patterns[0].mecha;
4671
4672 memset(data, 0xCC, sizeof(data));
4673 memset(digest, 0xCC, sizeof(digest));
4674 digest_size = 0;
4675
4676 memcpy(data, digest_test_patterns[0].data,
4677 digest_test_patterns[0].data_size);
4678 data_size = digest_test_patterns[0].data_size;
4679
4680 expect_digest = digest_test_patterns[0].digest;
4681 expect_digest_size = digest_test_patterns[0].digest_size;
4682
4683 rv = C_DigestInit(session, &mechanism);
4684 if (!ADBG_EXPECT_CK_OK(c, rv))
4685 goto out;
4686
4687 rv = C_Digest(session, data, data_size, NULL, &digest_size);
4688 if (!ADBG_EXPECT_CK_OK(c, rv))
4689 goto out;
4690
4691 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==,
4692 expect_digest_size))
4693 goto out;
4694
4695 rv = C_Digest(session, data, data_size, digest, &digest_size);
4696 if (!ADBG_EXPECT_CK_OK(c, rv))
4697 goto out;
4698
4699 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4700 digest, digest_size))
4701 goto out;
4702
4703 Do_ADBG_EndSubCase(c, NULL);
4704
4705 Do_ADBG_BeginSubCase(c, "Query digest size - buffer too small");
4706
4707 mechanism.mechanism = CKM_SHA256;
4708
4709 memset(data, 0xCC, sizeof(data));
4710 memset(digest, 0xCC, sizeof(digest));
4711 digest_size = 0;
4712
4713 memcpy(data, digest_test_patterns[0].data,
4714 digest_test_patterns[0].data_size);
4715 data_size = digest_test_patterns[0].data_size;
4716
4717 rv = C_DigestInit(session, &mechanism);
4718 if (!ADBG_EXPECT_CK_OK(c, rv))
4719 goto out;
4720
4721 rv = C_DigestUpdate(session, data, data_size);
4722 if (!ADBG_EXPECT_CK_OK(c, rv))
4723 goto out;
4724
4725 rv = C_DigestFinal(session, digest, &digest_size);
4726 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
4727 goto out;
4728
4729 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==, 32))
4730 goto out;
4731
4732 rv = C_DigestFinal(session, digest, &digest_size);
4733 if (!ADBG_EXPECT_CK_OK(c, rv))
4734 goto out;
4735
4736 Do_ADBG_EndSubCase(c, NULL);
4737
4738 /* Test bad arguments & operation terminations */
4739
4740 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestUpdate");
4741
4742 mechanism.mechanism = CKM_SHA256;
4743
4744 memset(data, 0xCC, sizeof(data));
4745 memset(digest, 0xCC, sizeof(digest));
4746 digest_size = sizeof(digest);
4747
4748 memcpy(data, digest_test_patterns[0].data,
4749 digest_test_patterns[0].data_size);
4750 data_size = digest_test_patterns[0].data_size;
4751
4752 rv = C_DigestInit(session, &mechanism);
4753 if (!ADBG_EXPECT_CK_OK(c, rv))
4754 goto out;
4755
4756 rv = C_DigestUpdate(session, NULL, 10);
4757 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4758 goto out;
4759
4760 rv = C_DigestUpdate(session, data, data_size);
4761 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4762 goto out;
4763
4764 Do_ADBG_EndSubCase(c, NULL);
4765
4766 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with NULL digest");
4767
4768 mechanism.mechanism = CKM_SHA256;
4769
4770 memset(data, 0xCC, sizeof(data));
4771 memset(digest, 0xCC, sizeof(digest));
4772 digest_size = sizeof(digest);
4773
4774 memcpy(data, digest_test_patterns[0].data,
4775 digest_test_patterns[0].data_size);
4776 data_size = digest_test_patterns[0].data_size;
4777
4778 rv = C_DigestInit(session, &mechanism);
4779 if (!ADBG_EXPECT_CK_OK(c, rv))
4780 goto out;
4781
4782 rv = C_DigestUpdate(session, data, data_size);
4783 if (!ADBG_EXPECT_CK_OK(c, rv))
4784 goto out;
4785
4786 rv = C_DigestFinal(session, NULL, NULL);
4787 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4788 goto out;
4789
4790 rv = C_DigestFinal(session, digest, &digest_size);
4791 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4792 goto out;
4793
4794 Do_ADBG_EndSubCase(c, NULL);
4795
4796 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with digest but NULL size");
4797
4798 mechanism.mechanism = CKM_SHA256;
4799
4800 memset(data, 0xCC, sizeof(data));
4801 memset(digest, 0xCC, sizeof(digest));
4802 digest_size = sizeof(digest);
4803
4804 memcpy(data, digest_test_patterns[0].data,
4805 digest_test_patterns[0].data_size);
4806 data_size = digest_test_patterns[0].data_size;
4807
4808 rv = C_DigestInit(session, &mechanism);
4809 if (!ADBG_EXPECT_CK_OK(c, rv))
4810 goto out;
4811
4812 rv = C_DigestUpdate(session, data, data_size);
4813 if (!ADBG_EXPECT_CK_OK(c, rv))
4814 goto out;
4815
4816 rv = C_DigestFinal(session, digest, NULL);
4817 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4818 goto out;
4819
4820 rv = C_DigestFinal(session, digest, &digest_size);
4821 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4822 goto out;
4823
4824 Do_ADBG_EndSubCase(c, NULL);
4825
4826 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_Digest with NULL data but non-zero size");
4827
4828 mechanism.mechanism = CKM_SHA256;
4829
4830 memset(data, 0xCC, sizeof(data));
4831 memset(digest, 0xCC, sizeof(digest));
4832 digest_size = sizeof(digest);
4833
4834 memcpy(data, digest_test_patterns[0].data,
4835 digest_test_patterns[0].data_size);
4836 data_size = digest_test_patterns[0].data_size;
4837
4838 rv = C_DigestInit(session, &mechanism);
4839 if (!ADBG_EXPECT_CK_OK(c, rv))
4840 goto out;
4841
4842 rv = C_Digest(session, NULL, 10, digest, &digest_size);
4843 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4844 goto out;
4845
4846 rv = C_Digest(session, data, data_size, digest, &digest_size);
4847 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4848 goto out;
4849
4850 Do_ADBG_EndSubCase(c, NULL);
4851
4852 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_Digest with NULL digest");
4853
4854 mechanism.mechanism = CKM_SHA256;
4855
4856 memset(data, 0xCC, sizeof(data));
4857 memset(digest, 0xCC, sizeof(digest));
4858 digest_size = sizeof(digest);
4859
4860 memcpy(data, digest_test_patterns[0].data,
4861 digest_test_patterns[0].data_size);
4862 data_size = digest_test_patterns[0].data_size;
4863
4864 rv = C_DigestInit(session, &mechanism);
4865 if (!ADBG_EXPECT_CK_OK(c, rv))
4866 goto out;
4867
4868 rv = C_Digest(session, data, data_size, NULL, NULL);
4869 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4870 goto out;
4871
4872 rv = C_Digest(session, data, data_size, digest, &digest_size);
4873 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4874 goto out;
4875
4876 Do_ADBG_EndSubCase(c, NULL);
4877
4878 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with digest but NULL size");
4879
4880 mechanism.mechanism = CKM_SHA256;
4881
4882 memset(data, 0xCC, sizeof(data));
4883 memset(digest, 0xCC, sizeof(digest));
4884 digest_size = sizeof(digest);
4885
4886 memcpy(data, digest_test_patterns[0].data,
4887 digest_test_patterns[0].data_size);
4888 data_size = digest_test_patterns[0].data_size;
4889
4890 rv = C_DigestInit(session, &mechanism);
4891 if (!ADBG_EXPECT_CK_OK(c, rv))
4892 goto out;
4893
4894 rv = C_Digest(session, data, data_size, digest, NULL);
4895 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4896 goto out;
4897
4898 rv = C_Digest(session, data, data_size, digest, &digest_size);
4899 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4900 goto out;
4901
4902 Do_ADBG_EndSubCase(c, NULL);
4903
4904 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestKey with invalid key handle");
4905
4906 rv = C_CreateObject(session, digest_data_object,
4907 ARRAY_SIZE(digest_data_object), &key_handle);
4908 if (!ADBG_EXPECT_CK_OK(c, rv))
4909 goto out;
4910
4911 mechanism.mechanism = CKM_SHA256;
4912
4913 memset(data, 0xCC, sizeof(data));
4914 memset(digest, 0xCC, sizeof(digest));
4915 digest_size = sizeof(digest);
4916
4917 memcpy(data, digest_test_patterns[0].data,
4918 digest_test_patterns[0].data_size);
4919 data_size = digest_test_patterns[0].data_size;
4920
4921 rv = C_DigestInit(session, &mechanism);
4922 if (!ADBG_EXPECT_CK_OK(c, rv))
4923 goto out;
4924
4925 rv = C_DigestKey(session, 9999);
4926 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_HANDLE_INVALID, rv))
4927 goto out;
4928
4929 rv = C_DigestKey(session, key_handle);
4930 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4931 goto out;
4932
4933 Do_ADBG_EndSubCase(c, NULL);
4934
4935 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestKey with non-secret key type");
4936
4937 mechanism.mechanism = CKM_SHA256;
4938
4939 memset(data, 0xCC, sizeof(data));
4940 memset(digest, 0xCC, sizeof(digest));
4941 digest_size = sizeof(digest);
4942
4943 memcpy(data, digest_test_patterns[0].data,
4944 digest_test_patterns[0].data_size);
4945 data_size = digest_test_patterns[0].data_size;
4946
4947 rv = C_DigestInit(session, &mechanism);
4948 if (!ADBG_EXPECT_CK_OK(c, rv))
4949 goto out;
4950
4951 rv = C_DigestKey(session, key_handle);
4952 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_INDIGESTIBLE, rv))
4953 goto out;
4954
4955 rv = C_DigestKey(session, key_handle);
4956 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4957 goto out;
4958
4959 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4960 key_handle = CK_INVALID_HANDLE;
4961
4962out:
4963#ifdef OPENSSL_FOUND
4964 if (!ADBG_EXPECT_POINTER(c, NULL, mdctx)) {
4965 Do_ADBG_Log("Unexpected failure in openssl functions: %d",
4966 ret);
4967 EVP_MD_CTX_destroy(mdctx);
4968 }
4969#endif
4970
4971 Do_ADBG_EndSubCase(c, NULL);
4972
4973 if (logged_in)
4974 ADBG_EXPECT_CK_OK(c, C_Logout(session));
4975
4976 if (key_handle != CK_INVALID_HANDLE) {
4977 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4978 key_handle = CK_INVALID_HANDLE;
4979 }
4980
4981 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
4982
4983close_lib:
4984 ADBG_EXPECT_CK_OK(c, close_lib());
4985}
4986ADBG_CASE_DEFINE(pkcs11, 1018, xtest_pkcs11_test_1018,
4987 "PKCS11: Digest tests");