TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / f2eb88affbb7f028561b4fd5cbd049d5d704f741 / . / host / xtest / pkcs11_1000.c
blob: 66a9ee398b27080df5d9c11dd21c3d108bb4b207 [file] [log] [blame]
Etienne Carriere9b7b70d2020-05-16 10:27:23 +0200[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]2/*
3 * Copyright (c) 2018, Linaro Limited
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]4 */
5
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]6#include <ck_debug.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]7#include <inttypes.h>
Vesa Jääskeläinenc95ee1e2021-03-06 12:20:12 +0200[diff] [blame]8#ifdef OPENSSL_FOUND
9#include <openssl/evp.h>
10#endif
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]11#include <pkcs11.h>
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]12#include <stdio.h>
13#include <stdlib.h>
14#include <string.h>
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]15#include <util.h>
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]16
17#include "xtest_test.h"
18#include "xtest_helpers.h"
19
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]20#include <regression_4000_data.h>
21
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]22/*
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]23 * Some PKCS#11 object resources used in the tests
24 */
25static const CK_BYTE cktest_aes128_key[16];
26
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]27static const CK_BYTE cktest_aes128_iv[16];
28
29static const CK_AES_CTR_PARAMS cktest_aes_ctr_params = {
30 .ulCounterBits = 1,
31};
32
33static CK_MECHANISM cktest_aes_ecb_mechanism = {
34 CKM_AES_ECB,
35 NULL, 0,
36};
37static CK_MECHANISM cktest_aes_cbc_mechanism = {
38 CKM_AES_CBC,
39 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
40};
41static CK_MECHANISM cktest_aes_ctr_mechanism = {
42 CKM_AES_CTR,
43 (CK_BYTE_PTR)&cktest_aes_ctr_params, sizeof(cktest_aes_ctr_params),
44};
45static CK_MECHANISM cktest_aes_cts_mechanism = {
46 CKM_AES_CTS,
47 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
48};
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]49static CK_MECHANISM cktest_hmac_md5_mechanism = {
50 CKM_MD5_HMAC, NULL, 0,
51};
52static CK_MECHANISM cktest_hmac_sha1_mechanism = {
53 CKM_SHA_1_HMAC, NULL, 0,
54};
55static CK_MECHANISM cktest_hmac_sha224_mechanism = {
56 CKM_SHA224_HMAC, NULL, 0,
57};
58static CK_MECHANISM cktest_hmac_sha256_mechanism = {
59 CKM_SHA256_HMAC, NULL, 0,
60};
61static CK_MECHANISM cktest_hmac_sha384_mechanism = {
62 CKM_SHA384_HMAC, NULL, 0,
63};
64static CK_MECHANISM cktest_hmac_sha512_mechanism = {
65 CKM_SHA512_HMAC, NULL, 0,
66};
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]67static CK_MECHANISM cktest_gensecret_keygen_mechanism = {
68 CKM_GENERIC_SECRET_KEY_GEN, NULL, 0,
69};
70static CK_MECHANISM cktest_aes_keygen_mechanism = {
71 CKM_AES_KEY_GEN, NULL, 0,
72};
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]73
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]74/*
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]75 * Util to find a slot on which to open a session
76 */
77static CK_RV close_lib(void)
78{
79 return C_Finalize(0);
80}
81
82static CK_RV init_lib_and_find_token_slot(CK_SLOT_ID *slot)
83{
84 CK_RV rv = CKR_GENERAL_ERROR;
85 CK_SLOT_ID_PTR slots = NULL;
86 CK_ULONG count = 0;
87
88 rv = C_Initialize(0);
89 if (rv)
90 return rv;
91
92 rv = C_GetSlotList(CK_TRUE, NULL, &count);
93 if (rv != CKR_OK)
94 goto bail;
95
96 if (count < 1) {
97 rv = CKR_GENERAL_ERROR;
98 goto bail;
99 }
100
101 slots = malloc(count * sizeof(CK_SLOT_ID));
102 if (!slots) {
103 rv = CKR_HOST_MEMORY;
104 goto bail;
105 }
106
107 rv = C_GetSlotList(CK_TRUE, slots, &count);
108 if (rv)
109 goto bail;
110
111 /* Use the last slot */
112 *slot = slots[count - 1];
113
114bail:
115 free(slots);
116 if (rv)
117 close_lib();
118
119 return rv;
120}
121
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]122static void xtest_pkcs11_test_1000(ADBG_Case_t *c)
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]123{
124 CK_RV rv;
125
126 rv = C_Initialize(NULL);
127 if (!ADBG_EXPECT_CK_OK(c, rv))
128 return;
129
130 rv = C_Finalize(NULL);
131 if (!ADBG_EXPECT_CK_OK(c, rv))
132 return;
133
134 rv = C_Initialize(NULL);
135 if (!ADBG_EXPECT_CK_OK(c, rv))
136 return;
137
138 rv = C_Initialize(NULL);
139 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_ALREADY_INITIALIZED, rv);
140
141 rv = C_Finalize(NULL);
142 ADBG_EXPECT_CK_OK(c, rv);
Etienne Carriere21f4e3c2020-02-05 15:40:24 +0100[diff] [blame]143
144 rv = C_Finalize(NULL);
145 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_NOT_INITIALIZED, rv);
Etienne Carriere109c1d72019-01-09 11:02:02 +0100[diff] [blame]146}
147
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]148ADBG_CASE_DEFINE(pkcs11, 1000, xtest_pkcs11_test_1000,
149 "Initialize and close Cryptoki library");
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]150
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]151static void xtest_pkcs11_test_1001(ADBG_Case_t *c)
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]152{
153 CK_RV rv = CKR_GENERAL_ERROR;
154 CK_SLOT_ID_PTR slot_ids = NULL;
155 CK_ULONG slot_count = 0;
156 CK_ULONG present_slot_count = 0;
157 CK_INFO lib_info = { };
158 CK_SLOT_INFO slot_info = { };
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]159 CK_TOKEN_INFO token_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]160 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
161 size_t i = 0;
162 CK_SLOT_ID max_slot_id = 0;
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]163 CK_MECHANISM_TYPE_PTR mecha_types = NULL;
164 CK_ULONG mecha_count = 0;
165 CK_MECHANISM_INFO mecha_info = { };
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]166
167 rv = C_Initialize(NULL);
168 if (!ADBG_EXPECT_CK_OK(c, rv))
169 return;
170
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]171 Do_ADBG_BeginSubCase(c, "Test C_GetFunctionList()");
172
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]173 rv = C_GetFunctionList(&ckfunc_list);
174 if (!ADBG_EXPECT_CK_OK(c, rv))
175 goto out;
176
177 if (!ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetInfo) ||
178 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotList) ||
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]179 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotInfo) ||
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]180 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetTokenInfo) ||
181 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismList) ||
182 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismInfo))
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]183 goto out;
184
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]185 Do_ADBG_EndSubCase(c, "Test C_GetFunctionList()");
186 Do_ADBG_BeginSubCase(c, "Test C_GetInfo()");
187
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]188 rv = C_GetInfo(&lib_info);
189 if (!ADBG_EXPECT_CK_OK(c, rv))
190 goto out;
191
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]192 Do_ADBG_EndSubCase(c, "Test C_GetInfo()");
193 Do_ADBG_BeginSubCase(c, "Test C_GetSlotList()");
194
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]195 rv = C_GetSlotList(0, NULL, &slot_count);
196 if (!ADBG_EXPECT_CK_OK(c, rv))
197 goto out;
198
199 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, !=, 0))
200 goto out;
201
Etienne Carrierede746332020-03-04 19:43:53 +0100[diff] [blame]202 if (slot_count > 1) {
203 /* Ensure case non-NULL-buffer and zero-count is tested */
204 CK_SLOT_ID id = 0;
205
206 slot_count = 0;
207 rv = C_GetSlotList(0, &id, &slot_count);
208 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
209 goto out;
210 }
211
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]212 rv = C_GetSlotList(1, NULL, &present_slot_count);
213 if (!ADBG_EXPECT_CK_OK(c, rv))
214 goto out;
215
216 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, ==,
217 present_slot_count))
218 goto out;
219
220 slot_ids = calloc(slot_count, sizeof(CK_SLOT_ID));
221 if (!ADBG_EXPECT_NOT_NULL(c, slot_ids))
222 goto out;
223
224 slot_count--;
225 rv = C_GetSlotList(1, slot_ids, &slot_count);
226 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
227 goto out;
228
229 rv = C_GetSlotList(1, slot_ids, &slot_count);
230 if (!ADBG_EXPECT_CK_OK(c, rv))
231 goto out;
232
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]233 Do_ADBG_EndSubCase(c, "Test C_GetSlotList()");
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]234 Do_ADBG_BeginSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]235
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]236 for (i = 0; i < slot_count; i++) {
237 CK_SLOT_ID slot = slot_ids[i];
238
239 rv = C_GetSlotInfo(slot, &slot_info);
240 if (!ADBG_EXPECT_CK_OK(c, rv))
241 goto out;
242
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]243 rv = C_GetTokenInfo(slot, &token_info);
244 if (!ADBG_EXPECT_CK_OK(c, rv))
245 goto out;
246
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]247 if (max_slot_id < slot)
248 max_slot_id = slot;
249 }
250
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]251 Do_ADBG_EndSubCase(c, "Test C_Get{Slot|Token}Info()");
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]252 Do_ADBG_BeginSubCase(c, "Test C_GetMechanism{List|Info}()");
253
254 for (i = 0; i < slot_count; i++) {
255 CK_SLOT_ID slot = slot_ids[i];
256 size_t j = 0;
257
258 mecha_count = 0;
259 rv = C_GetMechanismList(slot, NULL, &mecha_count);
260 if (!ADBG_EXPECT_CK_OK(c, rv))
261 goto out;
262
263 if (mecha_count == 0)
264 continue;
265
266 free(mecha_types);
267 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
268 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
269 goto out;
270
271 /* Test specific case: valid buffer reference with 0 count */
272 mecha_count = 0;
273 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
274 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
275 goto out;
276
277 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
278 if (!ADBG_EXPECT_CK_OK(c, rv))
279 goto out;
280
281 for (j = 0; j < mecha_count; j++) {
282 rv = C_GetMechanismInfo(slot, mecha_types[j],
283 &mecha_info);
284 if (!ADBG_EXPECT_CK_OK(c, rv))
285 goto out;
286 }
287 }
288
289 Do_ADBG_EndSubCase(c, "Test C_GetMechanism{List|Info}()");
Vesa Jääskeläinen60298cc2021-01-19 09:06:00 +0200[diff] [blame]290 Do_ADBG_BeginSubCase(c, "Test C_GetMechanismList() with larger result buffer");
291
292 for (i = 0; i < slot_count; i++) {
293 CK_SLOT_ID slot = slot_ids[i];
294 CK_ULONG real_mecha_count = 0;
295 CK_ULONG alloc_mecha_count = 0;
296 uint8_t *data_ptr = NULL;
297 size_t j = 0;
298
299 rv = C_GetMechanismList(slot, NULL, &real_mecha_count);
300 if (!ADBG_EXPECT_CK_OK(c, rv))
301 goto out;
302
303 if (real_mecha_count == 0)
304 continue;
305
306 /* Allocate more memory for mechanisms than required */
307 alloc_mecha_count = real_mecha_count + 16;
308 mecha_count = alloc_mecha_count;
309
310 free(mecha_types);
311 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
312 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
313 goto out;
314 memset(mecha_types, 0xCC,
315 alloc_mecha_count * sizeof(*mecha_types));
316
317 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
318 if (!ADBG_EXPECT_CK_OK(c, rv))
319 goto out;
320
321 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, mecha_count, ==,
322 real_mecha_count))
323 goto out;
324
325 data_ptr = (uint8_t *)mecha_types;
326 for (j = real_mecha_count * sizeof(*mecha_types);
327 j < alloc_mecha_count * sizeof(*mecha_types); j++)
328 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, data_ptr[j], ==,
329 0xCC))
330 break;
331 }
332
333 Do_ADBG_EndSubCase(c, "Test C_GetMechanismList() with larger result buffer");
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]334 Do_ADBG_BeginSubCase(c, "Test C_Get*Info() with invalid reference");
335
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]336 rv = C_GetSlotInfo(max_slot_id + 1, &slot_info);
337 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
338 goto out;
339
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]340 rv = C_GetTokenInfo(max_slot_id + 1, &token_info);
341 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
342 goto out;
343
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]344 mecha_count = 1;
345 if (!mecha_types)
346 mecha_types = malloc(sizeof(*mecha_types));
347 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
348 goto out;
349
350 rv = C_GetMechanismList(max_slot_id + 1, mecha_types, &mecha_count);
351 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
352 goto out;
353
354 rv = C_GetMechanismInfo(max_slot_id + 1, CKM_AES_KEY_GEN, &mecha_info);
355 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
356 goto out;
357
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]358 rv = C_GetSlotInfo(ULONG_MAX, &slot_info);
359 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
360 goto out;
361
Etienne Carriere6818d5f2020-03-04 15:34:50 +0100[diff] [blame]362 rv = C_GetTokenInfo(ULONG_MAX, &token_info);
363 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
364 goto out;
365
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]366 mecha_count = 1;
367 rv = C_GetMechanismList(ULONG_MAX, mecha_types, &mecha_count);
368 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
369 goto out;
370
371 rv = C_GetMechanismInfo(ULONG_MAX, CKM_AES_KEY_GEN, &mecha_info);
372 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
373 goto out;
374
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]375out:
Etienne Carrieree90a4e42020-03-02 12:04:08 +0100[diff] [blame]376 Do_ADBG_EndSubCase(c, NULL);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]377 free(slot_ids);
Etienne Carriered3121292020-03-04 17:38:24 +0100[diff] [blame]378 free(mecha_types);
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]379
380 rv = C_Finalize(NULL);
381 ADBG_EXPECT_CK_OK(c, rv);
382}
383
Etienne Carriere61f89d82020-03-11 11:24:29 +0100[diff] [blame]384ADBG_CASE_DEFINE(pkcs11, 1001, xtest_pkcs11_test_1001,
Etienne Carrierefa7e34f2020-02-04 15:34:16 +0100[diff] [blame]385 "PKCS11: List PKCS#11 slots and get information from");
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]386
387static void xtest_pkcs11_test_1002(ADBG_Case_t *c)
388{
389 CK_RV rv = CKR_GENERAL_ERROR;
390 CK_SLOT_ID slot = 0;
391 CK_SESSION_HANDLE session[3] = { 0 };
392 CK_FLAGS session_flags = 0;
393 CK_SESSION_INFO session_info = { };
394 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
395
396 rv = init_lib_and_find_token_slot(&slot);
397 if (!ADBG_EXPECT_CK_OK(c, rv))
398 return;
399
400 rv = C_GetFunctionList(&ckfunc_list);
401 if (!ADBG_EXPECT_CK_OK(c, rv) ||
402 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_OpenSession) ||
403 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseSession) ||
404 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseAllSessions) ||
405 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSessionInfo))
406 goto bail;
407
408 Do_ADBG_BeginSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
409
410 session_flags = CKF_RW_SESSION;
411
412 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
Vesa Jääskeläinenc1378d92020-12-31 12:53:10 +0200[diff] [blame]413 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_PARALLEL_NOT_SUPPORTED, rv))
Etienne Carriere3b5558a2020-03-12 09:55:26 +0100[diff] [blame]414 goto bail;
415
416 session_flags = CKF_SERIAL_SESSION;
417
418 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
419 if (!ADBG_EXPECT_CK_OK(c, rv))
420 goto bail;
421
422 rv = C_GetSessionInfo(session[0], &session_info);
423 if (!ADBG_EXPECT_CK_OK(c, rv) ||
424 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
425 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
426 session_flags) ||
427 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
428 CKS_RO_PUBLIC_SESSION) ||
429 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
430 goto bail;
431
432 session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
433
434 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[1]);
435 if (!ADBG_EXPECT_CK_OK(c, rv))
436 goto bail;
437
438 rv = C_GetSessionInfo(session[1], &session_info);
439 if (!ADBG_EXPECT_CK_OK(c, rv) ||
440 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
441 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
442 session_flags) ||
443 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
444 CKS_RW_PUBLIC_SESSION) ||
445 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
446 goto bail;
447
448 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[2]);
449 if (!ADBG_EXPECT_CK_OK(c, rv))
450 goto bail;
451
452 rv = C_GetSessionInfo(session[2], &session_info);
453 if (!ADBG_EXPECT_CK_OK(c, rv) ||
454 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
455 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
456 session_flags) ||
457 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
458 CKS_RW_PUBLIC_SESSION) ||
459 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
460 goto bail;
461
462 Do_ADBG_EndSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
463 Do_ADBG_BeginSubCase(c, "Test C_CloseSession()");
464
465 /* Close 2 of them */
466 rv = C_CloseSession(session[0]);
467 if (!ADBG_EXPECT_CK_OK(c, rv))
468 goto bail;
469
470 rv = C_GetSessionInfo(session[0], &session_info);
471 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
472 goto bail;
473
474 rv = C_GetSessionInfo(session[1], &session_info);
475 if (!ADBG_EXPECT_CK_OK(c, rv))
476 goto bail;
477
478 rv = C_GetSessionInfo(session[2], &session_info);
479 if (!ADBG_EXPECT_CK_OK(c, rv))
480 goto bail;
481
482 /* Close all remaining sessions, later calls should failed on session */
483 rv = C_CloseAllSessions(slot);
484 if (!ADBG_EXPECT_CK_OK(c, rv))
485 goto bail;
486
487 rv = C_CloseSession(session[1]);
488 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
489 goto bail;
490
491 rv = C_CloseSession(session[2]);
492 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
493 goto bail;
494
495 rv = C_GetSessionInfo(session[1], &session_info);
496 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
497 goto bail;
498
499 rv = C_GetSessionInfo(session[2], &session_info);
500 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
501 goto bail;
502
503 /* Open a session, should be closed from library closure */
504 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
505 if (!ADBG_EXPECT_CK_OK(c, rv))
506 goto bail;
507
508bail:
509 Do_ADBG_EndSubCase(c, NULL);
510 rv = close_lib();
511 ADBG_EXPECT_CK_OK(c, rv);
512}
513
514ADBG_CASE_DEFINE(pkcs11, 1002, xtest_pkcs11_test_1002,
515 "PKCS11: Open and close PKCS#11 sessions");
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]516
517/*
518 * Helpers for tests where we must log into the token.
519 * These define the genuine PINs and label to be used with the test token.
520 */
521static CK_UTF8CHAR test_token_so_pin[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 , 9, 10, };
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]522static CK_UTF8CHAR test_token_user_pin[] = {
523 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
524};
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]525static CK_UTF8CHAR test_token_label[] = "PKCS11 TA test token";
526
527static CK_RV init_test_token(CK_SLOT_ID slot)
528{
529 return C_InitToken(slot, test_token_so_pin, sizeof(test_token_so_pin),
530 test_token_label);
531}
532
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]533/* Login as user, eventually reset user PIN if needed */
534static CK_RV init_user_test_token(CK_SLOT_ID slot)
535{
536 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
537 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
538 CK_RV rv = CKR_GENERAL_ERROR;
539
540 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
541 if (rv)
542 return rv;
543
544 rv = C_Login(session, CKU_USER, test_token_user_pin,
545 sizeof(test_token_user_pin));
546 if (rv == CKR_OK) {
547 C_Logout(session);
548 C_CloseSession(session);
549 return rv;
550 }
551
552 rv = C_Login(session, CKU_SO, test_token_so_pin,
553 sizeof(test_token_so_pin));
554 if (rv) {
555 C_CloseSession(session);
556
557 rv = init_test_token(slot);
558 if (rv)
559 return rv;
560
561 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
562 if (rv)
563 return rv;
564
565 rv = C_Login(session, CKU_SO, test_token_so_pin,
566 sizeof(test_token_so_pin));
567 if (rv) {
568 C_CloseSession(session);
569 return rv;
570 }
571 }
572
573 rv = C_InitPIN(session, test_token_user_pin,
574 sizeof(test_token_user_pin));
575
576 C_Logout(session);
577 C_CloseSession(session);
578
579 return rv;
580}
581
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]582static CK_RV test_already_initialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
583{
584 CK_RV rv = CKR_GENERAL_ERROR;
585 CK_TOKEN_INFO token_info = { };
586 /* Same content as test_token_so_pin[] but 1 more byte */
587 CK_UTF8CHAR pin1[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, };
588 /* Same content as test_token_so_pin[] but 1 different byte */
589 CK_UTF8CHAR pin2[] = { 0, 1, 2, 3, 4, 5, 6, 6, 8, 9, 10, };
590 CK_FLAGS flags = 0;
591
592 Do_ADBG_BeginSubCase(c, "C_InitToken() on initialized token");
593
594 rv = C_GetTokenInfo(slot, &token_info);
595 if (!ADBG_EXPECT_CK_OK(c, rv))
596 goto out;
597
598 rv = C_InitToken(slot, test_token_so_pin,
599 sizeof(test_token_so_pin) - 1, test_token_label);
600 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
601 goto out;
602
603 rv = C_InitToken(slot, pin1, sizeof(pin1), test_token_label);
604 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
605 goto out;
606
607 rv = C_InitToken(slot, pin2, sizeof(pin2), test_token_label);
608 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
609 goto out;
610
611 rv = C_GetTokenInfo(slot, &token_info);
612 if (!ADBG_EXPECT_CK_OK(c, rv))
613 goto out;
614
615 flags = token_info.flags;
616
617 /* Token should have set CKF_SO_PIN_COUNT_LOW to 1 */
618 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_SO_PIN_COUNT_LOW))) {
619 rv = CKR_GENERAL_ERROR;
620 goto out;
621 }
622
623 rv = init_test_token(slot);
624 if (!ADBG_EXPECT_CK_OK(c, rv))
625 goto out;
626
627 rv = C_GetTokenInfo(slot, &token_info);
628 if (!ADBG_EXPECT_CK_OK(c, rv))
629 goto out;
630
631 flags = token_info.flags;
632
633 /*
634 * Token should have reset CKF_SO_PIN_COUNT_LOW to 0.
635 * Other flags should show a sane initialized state.
636 */
637 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_SO_PIN_COUNT_LOW)) ||
638 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
639 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
640 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
641 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]642 goto out;
643 }
644
645 rv = init_user_test_token(slot);
646 if (!ADBG_EXPECT_CK_OK(c, rv))
647 goto out;
648
649 rv = C_GetTokenInfo(slot, &token_info);
650 if (!ADBG_EXPECT_CK_OK(c, rv))
651 goto out;
652
653 flags = token_info.flags;
654
655 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
656 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
657 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
658 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
659 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
660 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE))) {
661 rv = CKR_GENERAL_ERROR;
662 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]663 }
664
665out:
666 Do_ADBG_EndSubCase(c, "C_InitToken() on initialized token");
667
668 return rv;
669}
670
671static CK_RV test_uninitialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
672{
673 CK_RV rv = CKR_GENERAL_ERROR;
674 CK_TOKEN_INFO token_info = { };
675 CK_FLAGS flags = 0;
676
677 Do_ADBG_BeginSubCase(c, "C_InitToken() on uninitialized token");
678
679 rv = init_test_token(slot);
680 if (!ADBG_EXPECT_CK_OK(c, rv))
681 goto out;
682
683 rv = C_GetTokenInfo(slot, &token_info);
684 if (!ADBG_EXPECT_CK_OK(c, rv))
685 goto out;
686
687 flags = token_info.flags;
688
689 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
690 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
691 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
692 rv = CKR_GENERAL_ERROR;
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]693 goto out;
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]694 }
695
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]696 rv = init_user_test_token(slot);
697 if (!ADBG_EXPECT_CK_OK(c, rv))
698 goto out;
699
700 rv = C_GetTokenInfo(slot, &token_info);
701 if (!ADBG_EXPECT_CK_OK(c, rv))
702 goto out;
703
704 flags = token_info.flags;
705
706 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
707 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
708 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
709 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
710 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
711 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
712 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)))
713 rv = CKR_GENERAL_ERROR;
714
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]715out:
716 Do_ADBG_EndSubCase(c, "C_InitToken() on uninitialized token");
717
718 return rv;
719}
720
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]721static CK_RV test_login_logout(ADBG_Case_t *c, CK_SLOT_ID slot)
722{
723 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
724 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
725 CK_RV rv = CKR_GENERAL_ERROR;
726
727 Do_ADBG_BeginSubCase(c, "Test C_Login()/C_Logout()");
728
729 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
730 if (!ADBG_EXPECT_CK_OK(c, rv))
731 goto out;
732
733 /* Logout: should fail as we did not log in yet */
734 rv = C_Logout(session);
735 ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv);
736
737 /* Login/re-log/logout user */
738 rv = C_Login(session, CKU_USER, test_token_user_pin,
739 sizeof(test_token_user_pin));
740 if (!ADBG_EXPECT_CK_OK(c, rv))
741 goto out;
742
743 rv = C_Login(session, CKU_USER, test_token_user_pin,
744 sizeof(test_token_user_pin));
745 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
746
747 rv = C_Logout(session);
748 if (!ADBG_EXPECT_CK_OK(c, rv))
749 goto out;
750
751 /* Login/re-log/logout security officer */
752 rv = C_Login(session, CKU_SO, test_token_so_pin,
753 sizeof(test_token_so_pin));
754 if (!ADBG_EXPECT_CK_OK(c, rv))
755 goto out;
756
757 rv = C_Login(session, CKU_SO, test_token_so_pin,
758 sizeof(test_token_so_pin));
759 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
760
761 rv = C_Logout(session);
762 if (!ADBG_EXPECT_CK_OK(c, rv))
763 goto out;
764
765 /* Login user then SO and reverse */
766 rv = C_Login(session, CKU_SO, test_token_so_pin,
767 sizeof(test_token_so_pin));
768 ADBG_EXPECT_CK_OK(c, rv);
769
770 rv = C_Login(session, CKU_USER, test_token_user_pin,
771 sizeof(test_token_user_pin));
772 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
773
774 rv = C_Logout(session);
775 if (!ADBG_EXPECT_CK_OK(c, rv))
776 goto out;
777
778 rv = C_Login(session, CKU_USER, test_token_user_pin,
779 sizeof(test_token_user_pin));
780 ADBG_EXPECT_CK_OK(c, rv);
781
782 rv = C_Login(session, CKU_SO, test_token_so_pin,
783 sizeof(test_token_so_pin));
784 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
785
786 rv = C_Logout(session);
787 ADBG_EXPECT_CK_OK(c, rv);
788
789 /* Login context specifc, in an invalid case (need an operation) */
790 rv = C_Login(session, CKU_CONTEXT_SPECIFIC, test_token_user_pin,
791 sizeof(test_token_user_pin));
792 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
793
794 rv = C_CloseSession(session);
795 ADBG_EXPECT_CK_OK(c, rv);
796
797out:
798 Do_ADBG_EndSubCase(c, "Test C_Login()/C_Logout()");
799 return rv;
800}
801
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]802static CK_RV test_set_pin(ADBG_Case_t *c, CK_SLOT_ID slot,
803 CK_USER_TYPE user_type)
804{
805 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
806 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
807 CK_UTF8CHAR some_pin[] = { 7, 6, 5, 4, 3, 2, 1, 2, 3, 4, 5, 6, 7 };
808 CK_UTF8CHAR_PTR old_pin = NULL;
809 CK_USER_TYPE ut = user_type;
810 size_t old_pin_sz = 0;
811 CK_RV rv2 = CKR_OK;
812 CK_RV rv = CKR_OK;
813
814 Do_ADBG_BeginSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
815
816 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
817 if (!ADBG_EXPECT_CK_OK(c, rv))
818 goto out;
819
820 if (user_type == CKU_SO) {
821 old_pin = (CK_UTF8CHAR_PTR)test_token_so_pin;
822 old_pin_sz = sizeof(test_token_so_pin);
823 } else {
824 old_pin = (CK_UTF8CHAR_PTR)test_token_user_pin;
825 old_pin_sz = sizeof(test_token_user_pin);
826 ut = CKU_USER;
827 }
828
829 if (ut == user_type) {
830 rv = C_Login(session, ut, old_pin, old_pin_sz);
831 if (!ADBG_EXPECT_CK_OK(c, rv))
832 goto out_session;
833 }
834
835 rv = C_SetPIN(session, old_pin, old_pin_sz, some_pin, sizeof(some_pin));
836 if (!ADBG_EXPECT_CK_OK(c, rv)) {
837 if (ut == user_type)
838 goto out_logout;
839 else
840 goto out_session;
841 }
842
843 if (ut == user_type) {
844 rv = C_Logout(session);
845 if (!ADBG_EXPECT_CK_OK(c, rv))
846 goto out_session;
847 }
848
849 rv = C_Login(session, ut, some_pin, sizeof(some_pin));
850 if (!ADBG_EXPECT_CK_OK(c, rv))
851 goto out_session;
852
853 rv = C_SetPIN(session, some_pin, sizeof(some_pin), old_pin, old_pin_sz);
854 ADBG_EXPECT_CK_OK(c, rv);
855
856out_logout:
857 rv2 = C_Logout(session);
858 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
859 rv = rv2;
860out_session:
861 rv2 = C_CloseSession(session);
862 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
863 rv = rv2;
864out:
865 Do_ADBG_EndSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
866
867 return rv;
868}
869
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]870static void xtest_pkcs11_test_1003(ADBG_Case_t *c)
871{
872 CK_RV rv = CKR_GENERAL_ERROR;
873 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
874 CK_SLOT_ID slot = 0;
875 CK_TOKEN_INFO token_info = { };
876
877 rv = C_GetFunctionList(&ckfunc_list);
878 if (!ADBG_EXPECT_CK_OK(c, rv) ||
Jens Wiklander282a8a52020-04-14 17:01:36 +0200[diff] [blame]879 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitToken) ||
880 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitPIN) ||
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]881 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_SetPIN) ||
882 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Login) ||
883 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Logout))
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]884 goto out;
885
886 rv = init_lib_and_find_token_slot(&slot);
887 if (!ADBG_EXPECT_CK_OK(c, rv))
888 return;
889
890 rv = C_GetTokenInfo(slot, &token_info);
891 if (!ADBG_EXPECT_CK_OK(c, rv))
892 goto out;
893
894 /* Abort test if token is about to lock */
895 if (!ADBG_EXPECT_TRUE(c, !(token_info.flags & CKF_SO_PIN_FINAL_TRY)))
896 goto out;
897
898 if (!(token_info.flags & CKF_TOKEN_INITIALIZED)) {
899 rv = test_uninitialized_token(c, slot);
900 if (rv != CKR_OK)
901 goto out;
902 }
903
904 rv = test_already_initialized_token(c, slot);
905 if (rv != CKR_OK)
906 goto out;
907
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]908 rv = test_login_logout(c, slot);
909 if (rv != CKR_OK)
910 goto out;
911
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]912 rv = test_set_pin(c, slot, CKU_USER);
913 if (rv != CKR_OK)
914 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]915
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]916 rv = test_set_pin(c, slot, CKU_SO);
917 if (rv != CKR_OK)
918 goto out;
Jens Wiklanderaa741512020-04-14 17:01:46 +0200[diff] [blame]919
Jens Wiklander6ce1e692020-04-14 17:02:09 +0200[diff] [blame]920 /*
921 * CKU_CONTEXT_SPECIFIC is anything not CKU_USER or CKU_SO in order
922 * to skip the initial login.
923 */
924 test_set_pin(c, slot, CKU_CONTEXT_SPECIFIC);
Jens Wiklander14f8e8d2020-04-14 17:01:24 +0200[diff] [blame]925out:
926 rv = close_lib();
927 ADBG_EXPECT_CK_OK(c, rv);
928}
929
930ADBG_CASE_DEFINE(pkcs11, 1003, xtest_pkcs11_test_1003,
931 "PKCS11: Login to PKCS#11 token");
Jens Wiklander5eac1932020-05-05 19:07:11 +0200[diff] [blame]932
933static CK_ATTRIBUTE cktest_token_object[] = {
934 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
935 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
936 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
937 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
938 sizeof(CK_OBJECT_CLASS) },
939 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
940 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
941};
942
943static CK_ATTRIBUTE cktest_session_object[] = {
944 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
945 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
946 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
947 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
948 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
949 sizeof(CK_OBJECT_CLASS) },
950 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
951};
952
953/* Create session object and token object from a session */
954static void test_create_destroy_single_object(ADBG_Case_t *c, bool persistent)
955{
956 CK_RV rv = CKR_GENERAL_ERROR;
957 CK_SLOT_ID slot = 0;
958 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
959 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
960 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
961
962 rv = init_lib_and_find_token_slot(&slot);
963 if (!ADBG_EXPECT_CK_OK(c, rv))
964 return;
965
966 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
967 if (!ADBG_EXPECT_CK_OK(c, rv))
968 goto out;
969
970 if (persistent) {
971 rv = C_CreateObject(session, cktest_token_object,
972 ARRAY_SIZE(cktest_token_object),
973 &obj_hdl);
974 } else {
975 rv = C_CreateObject(session, cktest_session_object,
976 ARRAY_SIZE(cktest_session_object),
977 &obj_hdl);
978 }
979
980 if (!ADBG_EXPECT_CK_OK(c, rv))
981 goto out;
982
983 rv = C_DestroyObject(session, obj_hdl);
984 ADBG_EXPECT_CK_OK(c, rv);
985out:
986 rv = C_CloseSession(session);
987 ADBG_EXPECT_CK_OK(c, rv);
988
989 rv = close_lib();
990 ADBG_EXPECT_CK_OK(c, rv);
991}
992
993static void test_create_destroy_session_objects(ADBG_Case_t *c)
994{
995 CK_RV rv = CKR_GENERAL_ERROR;
996 CK_SLOT_ID slot = 0;
997 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
998 CK_OBJECT_HANDLE obj_hdl[512] = { 0 };
999 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
1000 size_t n = 0;
1001
1002 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
1003 obj_hdl[n] = CK_INVALID_HANDLE;
1004
1005 rv = init_lib_and_find_token_slot(&slot);
1006 if (!ADBG_EXPECT_CK_OK(c, rv))
1007 return;
1008
1009 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1010 if (!ADBG_EXPECT_CK_OK(c, rv))
1011 goto out;
1012
1013 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++) {
1014 rv = C_CreateObject(session, cktest_session_object,
1015 ARRAY_SIZE(cktest_session_object),
1016 obj_hdl + n);
1017
1018 if (rv == CKR_DEVICE_MEMORY || !ADBG_EXPECT_CK_OK(c, rv))
1019 break;
1020 }
1021
1022 Do_ADBG_Log(" created object count: %zu", n);
1023
1024 rv = C_CloseSession(session);
1025 ADBG_EXPECT_CK_OK(c, rv);
1026
1027 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1028 if (!ADBG_EXPECT_CK_OK(c, rv))
1029 goto out;
1030
1031 rv = C_CreateObject(session, cktest_session_object,
1032 ARRAY_SIZE(cktest_session_object),
1033 obj_hdl);
1034
1035 ADBG_EXPECT_CK_OK(c, rv);
1036
1037out:
1038 rv = C_CloseSession(session);
1039 ADBG_EXPECT_CK_OK(c, rv);
1040
1041 rv = close_lib();
1042 ADBG_EXPECT_CK_OK(c, rv);
1043}
1044
1045/* Create session object and token object from a session */
1046static void test_create_objects_in_session(ADBG_Case_t *c, bool readwrite)
1047{
1048 CK_RV rv = CKR_GENERAL_ERROR;
1049 CK_SLOT_ID slot = 0;
1050 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1051 CK_OBJECT_HANDLE token_obj_hld = CK_INVALID_HANDLE;
1052 CK_OBJECT_HANDLE session_obj_hld = CK_INVALID_HANDLE;
1053 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1054
1055 rv = init_lib_and_find_token_slot(&slot);
1056 if (!ADBG_EXPECT_CK_OK(c, rv))
1057 return;
1058
1059 if (readwrite)
1060 session_flags |= CKF_RW_SESSION;
1061
1062 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1063 if (!ADBG_EXPECT_CK_OK(c, rv))
1064 goto out;
1065
1066 rv = C_CreateObject(session, cktest_token_object,
1067 ARRAY_SIZE(cktest_token_object),
1068 &token_obj_hld);
1069
1070 if (readwrite) {
1071 if (!ADBG_EXPECT_CK_OK(c, rv))
1072 goto out;
1073 } else {
1074 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
1075 goto out;
1076 }
1077
1078 rv = C_CreateObject(session, cktest_session_object,
1079 ARRAY_SIZE(cktest_session_object),
1080 &session_obj_hld);
1081
1082 if (!ADBG_EXPECT_CK_OK(c, rv))
1083 goto out_tobj;
1084
1085 rv = C_DestroyObject(session, session_obj_hld);
1086 ADBG_EXPECT_CK_OK(c, rv);
1087
1088out_tobj:
1089 if (readwrite) {
1090 rv = C_DestroyObject(session, token_obj_hld);
1091 ADBG_EXPECT_CK_OK(c, rv);
1092 }
1093out:
1094 rv = C_CloseSession(session);
1095 ADBG_EXPECT_CK_OK(c, rv);
1096
1097 rv = close_lib();
1098 ADBG_EXPECT_CK_OK(c, rv);
1099}
1100
1101static void xtest_pkcs11_test_1004(ADBG_Case_t *c)
1102{
1103 Do_ADBG_BeginSubCase(c, "Create and destroy a volatile object");
1104 test_create_destroy_single_object(c, false /*!persistent*/);
1105 Do_ADBG_EndSubCase(c, "Create and destroy a volatile object");
1106
1107 Do_ADBG_BeginSubCase(c, "Create and destroy a persistent object");
1108 test_create_destroy_single_object(c, true /*persistent*/);
1109 Do_ADBG_EndSubCase(c, "Create and destroy a persistent object");
1110
1111 Do_ADBG_BeginSubCase(c, "Create and destroy many session objects");
1112 test_create_destroy_session_objects(c);
1113 Do_ADBG_EndSubCase(c, "Create and destroy many session objects");
1114
1115 Do_ADBG_BeginSubCase(c, "Create objects in a read-only session");
1116 test_create_objects_in_session(c, false /*!readwrite*/);
1117 Do_ADBG_EndSubCase(c, "Create objects in a read-only session");
1118
1119 Do_ADBG_BeginSubCase(c, "Create objects in a read/write session");
1120 test_create_objects_in_session(c, true /*readwrite*/);
1121 Do_ADBG_EndSubCase(c, "Create objects in a read/write session");
1122}
1123
1124ADBG_CASE_DEFINE(pkcs11, 1004, xtest_pkcs11_test_1004,
1125 "PKCS11: create/destroy PKCS#11 simple objects");
Jens Wiklander2d6dc932020-08-10 09:22:49 +0200[diff] [blame]1126
1127
1128static const CK_MECHANISM_TYPE allowed_only_aes_ecb[] = {
1129 CKM_AES_ECB,
1130};
1131static const CK_MECHANISM_TYPE allowed_not_aes_ecb[] = {
1132 CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1133 CKM_AES_GCM, CKM_AES_CCM,
1134};
1135static const CK_MECHANISM_TYPE allowed_only_aes_cbcnopad[] = {
1136 CKM_AES_CBC,
1137};
1138static const CK_MECHANISM_TYPE allowed_not_aes_cbcnopad[] = {
1139 CKM_AES_ECB, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1140 CKM_AES_GCM, CKM_AES_CCM,
1141};
1142static const CK_MECHANISM_TYPE allowed_only_aes_ctr[] = {
1143 CKM_AES_CTR,
1144};
1145static const CK_MECHANISM_TYPE allowed_not_aes_ctr[] = {
1146 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTS,
1147 CKM_AES_GCM, CKM_AES_CCM,
1148};
1149static const CK_MECHANISM_TYPE allowed_only_aes_cts[] = {
1150 CKM_AES_CTS,
1151};
1152static const CK_MECHANISM_TYPE allowed_not_aes_cts[] = {
1153 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR,
1154 CKM_AES_GCM, CKM_AES_CCM,
1155};
1156
1157#define CKTEST_AES_KEY \
1158 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1159 sizeof(CK_OBJECT_CLASS) }, \
1160 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, \
1161 sizeof(CK_KEY_TYPE) }, \
1162 { CKA_VALUE, (void *)cktest_aes128_key, \
1163 sizeof(cktest_aes128_key) }
1164
1165#define CKTEST_AES_ALLOWED_KEY(_allowed) \
1166 { CKA_ALLOWED_MECHANISMS, (void *)_allowed, sizeof(_allowed), }
1167
1168#define CK_KEY_ALLOWED_AES_TEST(_label, _allowed) \
1169 static CK_ATTRIBUTE _label[] = { \
1170 CKTEST_AES_KEY, \
1171 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1172 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1173 CKTEST_AES_ALLOWED_KEY(_allowed), \
1174 }
1175
1176#define CK_KEY_ALLOWED_AES_ENC_TEST(_label, _allowed) \
1177 static CK_ATTRIBUTE _label[] = { \
1178 CKTEST_AES_KEY, \
1179 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1180 CKTEST_AES_ALLOWED_KEY(_allowed), \
1181 }
1182#define CK_KEY_ALLOWED_AES_DEC_TEST(_label, _allowed) \
1183 static CK_ATTRIBUTE _label[] = { \
1184 CKTEST_AES_KEY, \
1185 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1186 CKTEST_AES_ALLOWED_KEY(_allowed), \
1187 }
1188
1189CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ecb, allowed_only_aes_ecb);
1190CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ecb, allowed_not_aes_ecb);
1191CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cbcnopad, allowed_only_aes_cbcnopad);
1192CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cbcnopad, allowed_not_aes_cbcnopad);
1193CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cts, allowed_only_aes_cts);
1194CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cts, allowed_not_aes_cts);
1195CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ctr, allowed_only_aes_ctr);
1196CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ctr, allowed_not_aes_ctr);
1197
1198struct cktest_allowed_test {
1199 CK_ATTRIBUTE_PTR attr_key;
1200 CK_ULONG attr_count;
1201 CK_MECHANISM_PTR mechanism;
1202};
1203
1204#define CKTEST_KEY_MECHA(key, mecha) { \
1205 .attr_key = key, \
1206 .attr_count = ARRAY_SIZE(key), \
1207 .mechanism = mecha, \
1208 }
1209
1210static const struct cktest_allowed_test cktest_allowed_valid[] = {
1211 CKTEST_KEY_MECHA(cktest_aes_only_ecb, &cktest_aes_ecb_mechanism),
1212 CKTEST_KEY_MECHA(cktest_aes_only_cbcnopad, &cktest_aes_cbc_mechanism),
1213 CKTEST_KEY_MECHA(cktest_aes_only_cts, &cktest_aes_cts_mechanism),
1214 CKTEST_KEY_MECHA(cktest_aes_only_ctr, &cktest_aes_ctr_mechanism),
1215};
1216
1217static const struct cktest_allowed_test cktest_allowed_invalid[] = {
1218 CKTEST_KEY_MECHA(cktest_aes_not_ecb, &cktest_aes_ecb_mechanism),
1219 CKTEST_KEY_MECHA(cktest_aes_not_cbcnopad, &cktest_aes_cbc_mechanism),
1220 CKTEST_KEY_MECHA(cktest_aes_not_cts, &cktest_aes_cts_mechanism),
1221 CKTEST_KEY_MECHA(cktest_aes_not_ctr, &cktest_aes_ctr_mechanism),
1222};
1223
1224/* Create session object and token object from a session */
1225static CK_RV cipher_init_final(ADBG_Case_t *c, CK_SESSION_HANDLE session,
1226 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1227 CK_MECHANISM_PTR mechanism, uint32_t mode,
1228 CK_RV expected_rc)
1229{
1230 CK_RV rv2 = CKR_GENERAL_ERROR;
1231 CK_RV rv = CKR_GENERAL_ERROR;
1232 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1233
1234 switch (mode) {
1235 case TEE_MODE_ENCRYPT:
1236 case TEE_MODE_DECRYPT:
1237 break;
1238 default:
1239 ADBG_EXPECT_TRUE(c, false);
1240 }
1241
1242 rv = C_CreateObject(session, attr_key, attr_count, &object);
1243 if (!ADBG_EXPECT_CK_OK(c, rv))
1244 return rv;
1245
1246 if (mode == TEE_MODE_ENCRYPT)
1247 rv = C_EncryptInit(session, mechanism, object);
1248 if (mode == TEE_MODE_DECRYPT)
1249 rv = C_DecryptInit(session, mechanism, object);
1250
1251 if (!ADBG_EXPECT_CK_RESULT(c, expected_rc, rv)) {
1252 rv = CKR_GENERAL_ERROR;
1253 goto out;
1254 }
1255
1256 if (rv) {
1257 /*
1258 * If we're here it was the expected error code above and
1259 * we're supposed to return OK below.
1260 */
1261 rv = CKR_OK;
1262 } else {
1263 if (mode == TEE_MODE_ENCRYPT)
1264 rv = C_EncryptFinal(session, NULL, NULL);
1265 if (mode == TEE_MODE_DECRYPT)
1266 rv = C_DecryptFinal(session, NULL, NULL);
1267
1268 /* Only check that the operation is no more active */
1269 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
1270 rv = CKR_GENERAL_ERROR;
1271 }
1272
1273out:
1274 rv2 = C_DestroyObject(session, object);
1275 ADBG_EXPECT_CK_OK(c, rv2);
1276
1277 if (rv)
1278 return rv;
1279 else
1280 return rv2;
1281}
1282
1283CK_KEY_ALLOWED_AES_ENC_TEST(cktest_aes_enc_only_cts, allowed_only_aes_cts);
1284
1285CK_KEY_ALLOWED_AES_DEC_TEST(cktest_aes_dec_only_ctr, allowed_only_aes_ctr);
1286
1287static void xtest_pkcs11_test_1005(ADBG_Case_t *c)
1288{
1289 CK_RV rv = CKR_GENERAL_ERROR;
1290 CK_SLOT_ID slot = 0;
1291 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1292 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1293 size_t n = 0;
1294
1295 rv = init_lib_and_find_token_slot(&slot);
1296 if (!ADBG_EXPECT_CK_OK(c, rv))
1297 return;
1298
1299 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1300 if (!ADBG_EXPECT_CK_OK(c, rv))
1301 goto out;
1302
1303 for (n = 0; n < ARRAY_SIZE(cktest_allowed_valid); n++) {
1304
1305 Do_ADBG_BeginSubCase(c, "valid usage #%zu", n);
1306
1307 rv = cipher_init_final(c, session,
1308 cktest_allowed_valid[n].attr_key,
1309 cktest_allowed_valid[n].attr_count,
1310 cktest_allowed_valid[n].mechanism,
1311 TEE_MODE_ENCRYPT,
1312 CKR_OK);
1313
1314 ADBG_EXPECT_CK_OK(c, rv);
1315
1316 Do_ADBG_EndSubCase(c, NULL);
1317 if (rv)
1318 goto out;
1319
1320 }
1321
1322 for (n = 0; n < ARRAY_SIZE(cktest_allowed_invalid); n++) {
1323 Do_ADBG_BeginSubCase(c, "invalid usage #%zu", n);
1324
1325 rv = cipher_init_final(c, session,
1326 cktest_allowed_invalid[n].attr_key,
1327 cktest_allowed_invalid[n].attr_count,
1328 cktest_allowed_invalid[n].mechanism,
1329 TEE_MODE_ENCRYPT,
1330 CKR_KEY_FUNCTION_NOT_PERMITTED);
1331
1332 ADBG_EXPECT_CK_OK(c, rv);
1333
1334 Do_ADBG_EndSubCase(c, NULL);
1335 if (rv)
1336 goto out;
1337
1338 }
1339
1340out:
1341 rv = C_CloseSession(session);
1342 ADBG_EXPECT_CK_OK(c, rv);
1343
1344 rv = close_lib();
1345 ADBG_EXPECT_CK_OK(c, rv);
1346}
1347
1348
1349ADBG_CASE_DEFINE(pkcs11, 1005, xtest_pkcs11_test_1005,
1350 "PKCS11: Check ciphering with valid and invalid keys #1");
1351
1352static void xtest_pkcs11_test_1006(ADBG_Case_t *c)
1353{
1354 CK_RV rv = CKR_GENERAL_ERROR;
1355 CK_SLOT_ID slot = 0;
1356 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1357 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1358
1359 rv = init_lib_and_find_token_slot(&slot);
1360 if (!ADBG_EXPECT_CK_OK(c, rv))
1361 return;
1362
1363 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1364 if (!ADBG_EXPECT_CK_OK(c, rv))
1365 goto out;
1366
1367 /* Encrypt only AES CTS key */
1368 rv = cipher_init_final(c, session,
1369 cktest_aes_enc_only_cts,
1370 ARRAY_SIZE(cktest_aes_enc_only_cts),
1371 &cktest_aes_cts_mechanism,
1372 TEE_MODE_ENCRYPT,
1373 CKR_OK);
1374 if (!ADBG_EXPECT_CK_OK(c, rv))
1375 goto out;
1376
1377 rv = cipher_init_final(c, session,
1378 cktest_aes_enc_only_cts,
1379 ARRAY_SIZE(cktest_aes_enc_only_cts),
1380 &cktest_aes_cts_mechanism,
1381 TEE_MODE_DECRYPT,
1382 CKR_KEY_FUNCTION_NOT_PERMITTED);
1383 if (!ADBG_EXPECT_CK_OK(c, rv))
1384 goto out;
1385
1386 /* Decrypt only AES CTR key */
1387 rv = cipher_init_final(c, session,
1388 cktest_aes_dec_only_ctr,
1389 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1390 &cktest_aes_ctr_mechanism,
1391 TEE_MODE_ENCRYPT,
1392 CKR_KEY_FUNCTION_NOT_PERMITTED);
1393 if (!ADBG_EXPECT_CK_OK(c, rv))
1394 goto out;
1395
1396 rv = cipher_init_final(c, session,
1397 cktest_aes_dec_only_ctr,
1398 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1399 &cktest_aes_ctr_mechanism,
1400 TEE_MODE_ENCRYPT,
1401 CKR_KEY_FUNCTION_NOT_PERMITTED);
1402 if (!ADBG_EXPECT_CK_OK(c, rv))
1403 goto out;
1404
1405out:
1406 rv = C_CloseSession(session);
1407 ADBG_EXPECT_CK_OK(c, rv);
1408
1409 rv = close_lib();
1410 ADBG_EXPECT_CK_OK(c, rv);
1411}
1412ADBG_CASE_DEFINE(pkcs11, 1006, xtest_pkcs11_test_1006,
1413 "PKCS11: Check ciphering with valid and invalid keys #2");
1414
1415static CK_RV open_cipher_session(ADBG_Case_t *c,
1416 CK_SLOT_ID slot, CK_SESSION_HANDLE_PTR session,
1417 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1418 CK_MECHANISM_PTR mechanism, uint32_t mode)
1419{
1420 CK_RV rv = CKR_GENERAL_ERROR;
1421 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1422 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1423
1424 switch (mode) {
1425 case TEE_MODE_ENCRYPT:
1426 case TEE_MODE_DECRYPT:
1427 break;
1428 default:
1429 ADBG_EXPECT_TRUE(c, false);
1430 return CKR_GENERAL_ERROR;
1431 }
1432
1433 rv = C_OpenSession(slot, session_flags, NULL, 0, session);
1434 if (rv == CKR_DEVICE_MEMORY)
1435 return rv;
1436 if (!ADBG_EXPECT_CK_OK(c, rv))
1437 return rv;
1438
1439 rv = C_CreateObject(*session, attr_key, attr_count, &object);
1440 if (rv == CKR_DEVICE_MEMORY)
1441 return rv;
1442 if (!ADBG_EXPECT_CK_OK(c, rv))
1443 return rv;
1444
1445 if (mode == TEE_MODE_ENCRYPT)
1446 rv = C_EncryptInit(*session, mechanism, object);
1447 if (mode == TEE_MODE_DECRYPT)
1448 rv = C_DecryptInit(*session, mechanism, object);
1449
1450 if (rv == CKR_DEVICE_MEMORY)
1451 return rv;
1452 if (!ADBG_EXPECT_CK_OK(c, rv))
1453 return CKR_GENERAL_ERROR;
1454
1455 return rv;
1456}
1457
1458static void xtest_pkcs11_test_1007(ADBG_Case_t *c)
1459{
1460 CK_RV rv = CKR_GENERAL_ERROR;
1461 CK_SLOT_ID slot = 0;
1462 CK_SESSION_HANDLE sessions[128];
1463 size_t n = 0;
1464
1465 for (n = 0; n < ARRAY_SIZE(sessions); n++)
1466 sessions[n] = CK_INVALID_HANDLE;
1467
1468 rv = init_lib_and_find_token_slot(&slot);
1469 if (!ADBG_EXPECT_CK_OK(c, rv))
1470 return;
1471
1472 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1473
1474 rv = open_cipher_session(c, slot, &sessions[n],
1475 cktest_allowed_valid[0].attr_key,
1476 cktest_allowed_valid[0].attr_count,
1477 cktest_allowed_valid[0].mechanism,
1478 TEE_MODE_ENCRYPT);
1479
1480 /* Failure due to memory allocation is not a error case */
1481 if (rv == CKR_DEVICE_MEMORY)
1482 break;
1483
1484 if (!ADBG_EXPECT_CK_OK(c, rv))
1485 goto out;
1486 }
1487
1488 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, >, 0))
1489 goto out;
1490
1491 Do_ADBG_Log(" created sessions count: %zu", n);
1492
1493 /* Closing session with out bound and invalid IDs (or negative ID) */
1494 rv = C_CloseSession(sessions[n - 1] + 1024);
1495 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1496 rv = C_CloseSession(CK_INVALID_HANDLE);
1497 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1498 rv = C_CloseSession(~0);
1499 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1500
1501 /* Closing each session: all related resources shall be free */
1502 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1503 if (sessions[n] == CK_INVALID_HANDLE)
1504 continue;
1505
1506 rv = C_CloseSession(sessions[n]);
1507 ADBG_EXPECT_CK_OK(c, rv);
1508 sessions[n] = CK_INVALID_HANDLE;
1509 }
1510
1511 /* Open and close another session */
1512 rv = open_cipher_session(c, slot, &sessions[0],
1513 cktest_allowed_valid[0].attr_key,
1514 cktest_allowed_valid[0].attr_count,
1515 cktest_allowed_valid[0].mechanism,
1516 TEE_MODE_ENCRYPT);
1517
1518 if (!ADBG_EXPECT_CK_OK(c, rv))
1519 goto out;
1520
1521 rv = C_CloseSession(sessions[0]);
1522 ADBG_EXPECT_CK_OK(c, rv);
1523 sessions[0] = CK_INVALID_HANDLE;
1524
1525out:
1526 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1527 if (sessions[n] == CK_INVALID_HANDLE)
1528 continue;
1529
1530 rv = C_CloseSession(sessions[n]);
1531 ADBG_EXPECT_CK_OK(c, rv);
1532 }
1533
1534 rv = close_lib();
1535 ADBG_EXPECT_CK_OK(c, rv);
1536}
1537ADBG_CASE_DEFINE(pkcs11, 1007, xtest_pkcs11_test_1007,
1538 "PKCS11: Check operations release at session closure");
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1539
1540#define CK_MAC_KEY_HMAC(_type, _key_array) \
1541 { \
1542 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, \
1543 sizeof(CK_BBOOL) }, \
1544 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, \
1545 sizeof(CK_BBOOL) }, \
1546 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1547 sizeof(CK_OBJECT_CLASS) }, \
1548 { CKA_KEY_TYPE, &(CK_KEY_TYPE){_type}, \
1549 sizeof(CK_KEY_TYPE) }, \
1550 { CKA_VALUE, (void *)(_key_array), \
1551 sizeof(_key_array) } \
1552 }
1553
1554static CK_ATTRIBUTE cktest_hmac_md5_key[] =
1555 CK_MAC_KEY_HMAC(CKK_MD5_HMAC, mac_data_md5_key1);
1556
1557static CK_ATTRIBUTE cktest_hmac_sha1_key[] =
1558 CK_MAC_KEY_HMAC(CKK_SHA_1_HMAC, mac_data_sha1_key1);
1559
1560static CK_ATTRIBUTE cktest_hmac_sha224_key[] =
1561 CK_MAC_KEY_HMAC(CKK_SHA224_HMAC, mac_data_sha224_key1);
1562
1563static CK_ATTRIBUTE cktest_hmac_sha256_key1[] =
1564 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key1);
1565
1566static CK_ATTRIBUTE cktest_hmac_sha256_key2[] =
1567 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key2);
1568
1569static CK_ATTRIBUTE cktest_hmac_sha384_key[] =
1570 CK_MAC_KEY_HMAC(CKK_SHA384_HMAC, mac_data_sha384_key1);
1571
1572static CK_ATTRIBUTE cktest_hmac_sha512_key[] =
1573 CK_MAC_KEY_HMAC(CKK_SHA512_HMAC, mac_data_sha512_key1);
1574
1575struct mac_test {
1576 CK_ATTRIBUTE_PTR attr_key;
1577 CK_ULONG attr_count;
1578 CK_MECHANISM_PTR mechanism;
1579 size_t in_incr;
1580 const uint8_t *in;
1581 size_t in_len;
1582 const uint8_t *out;
1583 size_t out_len;
1584 bool multiple_incr;
1585};
1586
1587#define CKTEST_MAC_TEST(key, mecha, input_incr, input, output, incr) { \
1588 .attr_key = key, \
1589 .attr_count = ARRAY_SIZE(key), \
1590 .mechanism = mecha, \
1591 .in_incr = input_incr, \
1592 .in = input, \
1593 .in_len = ARRAY_SIZE(input), \
1594 .out = output, \
1595 .out_len = ARRAY_SIZE(output), \
1596 .multiple_incr = incr \
1597 }
1598
1599static const struct mac_test cktest_mac_cases[] = {
1600 CKTEST_MAC_TEST(cktest_hmac_md5_key, &cktest_hmac_md5_mechanism,
1601 4, mac_data_md5_in1, mac_data_md5_out1, false),
1602 CKTEST_MAC_TEST(cktest_hmac_sha1_key, &cktest_hmac_sha1_mechanism,
1603 5, mac_data_sha1_in1, mac_data_sha1_out1, false),
1604 CKTEST_MAC_TEST(cktest_hmac_sha224_key, &cktest_hmac_sha224_mechanism,
1605 8, mac_data_sha224_in1, mac_data_sha224_out1, false),
1606 CKTEST_MAC_TEST(cktest_hmac_sha256_key1, &cktest_hmac_sha256_mechanism,
1607 1, mac_data_sha256_in1, mac_data_sha256_out1, false),
1608 CKTEST_MAC_TEST(cktest_hmac_sha256_key2, &cktest_hmac_sha256_mechanism,
1609 7, mac_data_sha256_in2, mac_data_sha256_out2, false),
1610 CKTEST_MAC_TEST(cktest_hmac_sha384_key, &cktest_hmac_sha384_mechanism,
1611 11, mac_data_sha384_in1, mac_data_sha384_out1, false),
1612 CKTEST_MAC_TEST(cktest_hmac_sha512_key, &cktest_hmac_sha512_mechanism,
1613 13, mac_data_sha512_in1, mac_data_sha512_out1, false),
1614};
1615
1616static void xtest_pkcs11_test_1008(ADBG_Case_t *c)
1617{
1618 CK_RV rv = CKR_GENERAL_ERROR;
1619 CK_SLOT_ID slot = 0;
1620 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1621 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1622 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1623 uint8_t out[512] = { 0 };
1624 CK_ULONG out_size = 0;
1625 struct mac_test const *test = NULL;
1626 size_t n = 0;
1627
1628 rv = init_lib_and_find_token_slot(&slot);
1629 if (!ADBG_EXPECT_CK_OK(c, rv))
1630 return;
1631
1632 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1633 if (!ADBG_EXPECT_CK_OK(c, rv))
1634 goto err_close_lib;
1635
1636 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1637
1638 test = &cktest_mac_cases[n];
1639 Do_ADBG_BeginSubCase(c, "Sign case %zu algo (%s)", n,
1640 ckm2str(test->mechanism->mechanism));
1641
1642 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1643 &key_handle);
1644 if (!ADBG_EXPECT_CK_OK(c, rv))
1645 goto err;
1646
1647 /* Test signature in 1 step */
1648 if (test->in != NULL) {
1649 rv = C_SignInit(session, test->mechanism, key_handle);
1650 if (!ADBG_EXPECT_CK_OK(c, rv))
1651 goto err_destr_obj;
1652
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame]1653 /* Pass input buffer of size 0 */
1654 rv = C_SignUpdate(session,
1655 (void *)test->in, 0);
1656 if (!ADBG_EXPECT_CK_OK(c, rv))
1657 goto err_destr_obj;
1658
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1659 rv = C_SignUpdate(session,
1660 (void *)test->in, test->in_len);
1661 if (!ADBG_EXPECT_CK_OK(c, rv))
1662 goto err_destr_obj;
1663
1664 /* Test too short buffer case */
1665 out_size = 1;
1666 rv = C_SignFinal(session, out, &out_size);
1667 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1668 goto err_destr_obj;
1669
1670 /*
1671 * Test NULL buffer case with size as 0
1672 * to get the out_size
1673 */
1674 out_size = 0;
1675 rv = C_SignFinal(session, NULL, &out_size);
1676 if (!ADBG_EXPECT_CK_OK(c, rv))
1677 goto err_destr_obj;
1678
Vesa Jääskeläinenbbe78622021-06-27 16:03:13 +0300[diff] [blame]1679 /*
1680 * Test NULL buffer case with size as non-zero
1681 * to get the out_size
1682 */
1683 out_size = 42;
1684 rv = C_SignFinal(session, NULL, &out_size);
1685 if (!ADBG_EXPECT_CK_OK(c, rv))
1686 goto err_destr_obj;
1687
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1688 /* Get to full output */
1689 memset(out, 0, out_size);
1690 rv = C_SignFinal(session, out, &out_size);
1691 if (!ADBG_EXPECT_CK_OK(c, rv))
1692 goto err_destr_obj;
1693
1694 (void)ADBG_EXPECT_BUFFER(c, test->out,
1695 test->out_len,
1696 out, out_size);
1697 }
1698
1699 /* Test 2 step update signature */
1700 rv = C_SignInit(session, test->mechanism, key_handle);
1701 if (!ADBG_EXPECT_CK_OK(c, rv))
1702 goto err_destr_obj;
1703
1704 if (test->in != NULL) {
1705 rv = C_SignUpdate(session,
1706 (void *)test->in, test->in_incr);
1707 if (!ADBG_EXPECT_CK_OK(c, rv))
1708 goto err_destr_obj;
1709
1710 rv = C_SignUpdate(session,
1711 (void *)(test->in + test->in_incr),
1712 test->in_len - test->in_incr);
1713 if (!ADBG_EXPECT_CK_OK(c, rv))
1714 goto err_destr_obj;
1715 }
1716
1717 out_size = sizeof(out);
1718 memset(out, 0, sizeof(out));
1719
1720 rv = C_SignFinal(session, out, &out_size);
1721 if (!ADBG_EXPECT_CK_OK(c, rv))
1722 goto err_destr_obj;
1723
1724 (void)ADBG_EXPECT_BUFFER(c, test->out,
1725 test->out_len, out, out_size);
1726
1727 /* Test 3 signature in one shot */
1728 if (test->in != NULL) {
1729 rv = C_SignInit(session, test->mechanism, key_handle);
1730 if (!ADBG_EXPECT_CK_OK(c, rv))
1731 goto err_destr_obj;
1732
1733 /* Test too short buffer case */
1734 out_size = 1;
1735 rv = C_Sign(session,(void *)test->in, test->in_len,
1736 out, &out_size);
1737 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1738 goto err_destr_obj;
1739
1740 /*
1741 * Test NULL buffer case with size as 0
1742 * to get the out_size
1743 */
1744 out_size = 0;
1745 rv = C_Sign(session, (void *)test->in, test->in_len,
1746 NULL, &out_size);
1747 if (!ADBG_EXPECT_CK_OK(c, rv))
1748 goto err_destr_obj;
1749
Vesa Jääskeläinenbbe78622021-06-27 16:03:13 +0300[diff] [blame]1750 /*
1751 * Test NULL buffer case with size as non-zero
1752 * to get the out_size
1753 */
1754 out_size = 42;
1755 rv = C_Sign(session, (void *)test->in, test->in_len,
1756 NULL, &out_size);
1757 if (!ADBG_EXPECT_CK_OK(c, rv))
1758 goto err_destr_obj;
1759
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1760 /* Get to full output */
1761 memset(out, 0, out_size);
1762 rv = C_Sign(session,(void *)test->in, test->in_len,
1763 out, &out_size);
1764 if (!ADBG_EXPECT_CK_OK(c, rv))
1765 goto err_destr_obj;
1766
1767 (void)ADBG_EXPECT_BUFFER(c, test->out,
1768 test->out_len,
1769 out, out_size);
1770 }
1771
1772 rv = C_DestroyObject(session, key_handle);
1773 if (!ADBG_EXPECT_CK_OK(c, rv))
1774 goto err;
1775
1776 Do_ADBG_EndSubCase(c, NULL);
1777 }
1778 goto out;
1779
1780err_destr_obj:
1781 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1782err:
1783 Do_ADBG_EndSubCase(c, NULL);
1784out:
1785 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1786err_close_lib:
1787 ADBG_EXPECT_CK_OK(c, close_lib());
1788}
1789ADBG_CASE_DEFINE(pkcs11, 1008, xtest_pkcs11_test_1008,
1790 "PKCS11: Check Compliance of C_Sign - HMAC algorithms");
1791
1792static void xtest_pkcs11_test_1009(ADBG_Case_t *c)
1793{
1794 CK_RV rv = CKR_GENERAL_ERROR;
1795 CK_SLOT_ID slot = 0;
1796 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1797 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1798 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1799 struct mac_test const *test = NULL;
1800 size_t n = 0;
1801
1802 rv = init_lib_and_find_token_slot(&slot);
1803 if (!ADBG_EXPECT_CK_OK(c, rv))
1804 return;
1805
1806 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1807 if (!ADBG_EXPECT_CK_OK(c, rv))
1808 goto err_close_lib;
1809
1810 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1811
1812 test = &cktest_mac_cases[n];
1813 Do_ADBG_BeginSubCase(c, "Verify case %zu algo (%s)", n,
1814 ckm2str(test->mechanism->mechanism));
1815
1816 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1817 &key_handle);
1818 if (!ADBG_EXPECT_CK_OK(c, rv))
1819 goto err;
1820
1821 /* Test Verification in 1 step */
1822 if (test->in != NULL) {
1823 rv = C_VerifyInit(session, test->mechanism, key_handle);
1824 if (!ADBG_EXPECT_CK_OK(c, rv))
1825 goto err_destr_obj;
1826
Ruchika Guptaa2fe4172020-11-30 17:30:35 +0530[diff] [blame]1827 /* Pass input buffer with size 0 - No affect */
1828 rv = C_VerifyUpdate(session, (void *)test->in, 0);
1829 if (!ADBG_EXPECT_CK_OK(c, rv))
1830 goto err_destr_obj;
1831
Ruchika Guptaab553aa2020-11-03 15:39:49 +0530[diff] [blame]1832 rv = C_VerifyUpdate(session, (void *)test->in,
1833 test->in_len);
1834 if (!ADBG_EXPECT_CK_OK(c, rv))
1835 goto err_destr_obj;
1836
1837 rv = C_VerifyFinal(session,
1838 (void *)test->out, test->out_len);
1839 if (!ADBG_EXPECT_CK_OK(c, rv))
1840 goto err_destr_obj;
1841
1842 }
1843
1844 /* Test 2 step update verification*/
1845 rv = C_VerifyInit(session, test->mechanism, key_handle);
1846 if (!ADBG_EXPECT_CK_OK(c, rv))
1847 goto err_destr_obj;
1848
1849 if (test->in != NULL) {
1850 rv = C_VerifyUpdate(session,
1851 (void *)test->in, test->in_incr);
1852 if (!ADBG_EXPECT_CK_OK(c, rv))
1853 goto err_destr_obj;
1854
1855 rv = C_VerifyUpdate(session,
1856 (void *)(test->in + test->in_incr),
1857 test->in_len - test->in_incr);
1858 if (!ADBG_EXPECT_CK_OK(c, rv))
1859 goto err_destr_obj;
1860 }
1861
1862 rv = C_VerifyFinal(session, (void *)test->out, test->out_len);
1863 if (!ADBG_EXPECT_CK_OK(c, rv))
1864 goto err_destr_obj;
1865
1866 /* Error as Operation has already completed */
1867 rv = C_Verify(session,
1868 (void *)test->in, test->in_len,
1869 (void *)test->out, test->out_len);
1870 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED,
1871 rv))
1872 goto err_destr_obj;
1873
1874 /* Test 3 verification in one shot */
1875 if (test->in != NULL) {
1876 rv = C_VerifyInit(session, test->mechanism, key_handle);
1877 if (!ADBG_EXPECT_CK_OK(c, rv))
1878 goto err_destr_obj;
1879
1880 rv = C_Verify(session,
1881 (void *)test->in, test->in_len,
1882 (void *)test->out, test->out_len);
1883 if (!ADBG_EXPECT_CK_OK(c, rv))
1884 goto err_destr_obj;
1885
1886 /* Try calling Verify again */
1887 rv = C_Verify(session,
1888 (void *)test->in, test->in_len,
1889 (void *)test->out, test->out_len);
1890 if (!ADBG_EXPECT_CK_RESULT(c,
1891 CKR_OPERATION_NOT_INITIALIZED,
1892 rv))
1893 goto err_destr_obj;
1894 }
1895
1896 /*
1897 * Test 4 verification
1898 * Error - Signature Length Range with C_VerifyFinal
1899 */
1900 if (test->in != NULL) {
1901 rv = C_VerifyInit(session, test->mechanism, key_handle);
1902 if (!ADBG_EXPECT_CK_OK(c, rv))
1903 goto err_destr_obj;
1904
1905 rv = C_VerifyUpdate(session, (void *)test->in,
1906 test->in_len);
1907 if (!ADBG_EXPECT_CK_OK(c, rv))
1908 goto err_destr_obj;
1909
1910 rv = C_VerifyFinal(session, (void *)test->out, 3);
1911 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1912 rv))
1913 goto err_destr_obj;
1914 }
1915
1916 /*
1917 * Test 5 verification
1918 * Error - Signature Length Range with C_Verify
1919 */
1920 if (test->in != NULL) {
1921 rv = C_VerifyInit(session, test->mechanism, key_handle);
1922 if (!ADBG_EXPECT_CK_OK(c, rv))
1923 goto err_destr_obj;
1924
1925 rv = C_Verify(session,
1926 (void *)test->in, test->in_len,
1927 (void *)test->out, 0);
1928 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1929 rv))
1930 goto err_destr_obj;
1931 }
1932
1933 /* Test 6 verification - Invalid Operation sequence */
1934 if (test->in != NULL) {
1935 rv = C_VerifyInit(session, test->mechanism, key_handle);
1936 if (!ADBG_EXPECT_CK_OK(c, rv))
1937 goto err_destr_obj;
1938
1939 rv = C_Verify(session,
1940 (void *)test->in, test->in_len,
1941 (void *)test->out, test->out_len);
1942 if (!ADBG_EXPECT_CK_OK(c, rv))
1943 goto err_destr_obj;
1944
1945 /* Init session has already terminated with C_Verify */
1946 rv = C_VerifyUpdate(session, (void *)test->in,
1947 test->in_len);
1948 if (!ADBG_EXPECT_CK_RESULT(c,
1949 CKR_OPERATION_NOT_INITIALIZED,
1950 rv))
1951 goto err_destr_obj;
1952 }
1953
1954 rv = C_DestroyObject(session, key_handle);
1955 if (!ADBG_EXPECT_CK_OK(c, rv))
1956 goto err;
1957
1958 Do_ADBG_EndSubCase(c, NULL);
1959 }
1960 goto out;
1961
1962err_destr_obj:
1963 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1964err:
1965 Do_ADBG_EndSubCase(c, NULL);
1966out:
1967 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1968err_close_lib:
1969 ADBG_EXPECT_CK_OK(c, close_lib());
1970}
1971ADBG_CASE_DEFINE(pkcs11, 1009, xtest_pkcs11_test_1009,
1972 "PKCS11: Check Compliance of C_Verify - HMAC Algorithms");
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]1973
1974/* Bad key type */
1975static CK_ATTRIBUTE cktest_generate_gensecret_object_error1[] = {
1976 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1977 sizeof(CK_OBJECT_CLASS) },
1978 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
1979 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
1980};
1981
1982/* Missing VALUE_LEN */
1983static CK_ATTRIBUTE cktest_generate_gensecret_object_error2[] = {
1984 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1985 sizeof(CK_OBJECT_CLASS) },
1986 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1987 sizeof(CK_KEY_TYPE) },
1988};
1989
1990/* Bad object class */
1991static CK_ATTRIBUTE cktest_generate_gensecret_object_error3[] = {
1992 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA}, sizeof(CK_OBJECT_CLASS) },
1993 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1994 sizeof(CK_KEY_TYPE) },
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]1995 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]1996};
1997
1998/* Invalid template with CKA_LOCAL */
1999static CK_ATTRIBUTE cktest_generate_gensecret_object_error4[] = {
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]2000 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]2001 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2002};
2003
2004/* Valid template to generate a generic secret */
2005static CK_ATTRIBUTE cktest_generate_gensecret_object_valid1[] = {
2006 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
2007 sizeof(CK_OBJECT_CLASS) },
2008 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
2009 sizeof(CK_KEY_TYPE) },
2010 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2011 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]2012 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]2013};
2014
2015/* Valid template to generate a generic secret with only VALUE_LEN */
2016static CK_ATTRIBUTE cktest_generate_gensecret_object_valid2[] = {
Ruchika Gupta4c9485f2021-02-16 11:57:47 +0530[diff] [blame]2017 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
Ruchika Gupta71bc7402020-12-11 18:17:27 +0530[diff] [blame]2018 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2019};
2020
2021
2022/* Valid template to generate an all AES purpose key */
2023static CK_ATTRIBUTE cktest_generate_aes_object[] = {
2024 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
2025 sizeof(CK_OBJECT_CLASS) },
2026 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
2027 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2028 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2029 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
2030};
2031
2032static void xtest_pkcs11_test_1010(ADBG_Case_t *c)
2033{
2034 CK_RV rv = CKR_GENERAL_ERROR;
2035 CK_SLOT_ID slot = 0;
2036 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2037 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2038 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
2039 struct mac_test const *test = &cktest_mac_cases[0];
2040 uint8_t out[512] = { 0 };
2041 CK_ULONG out_len = 512;
2042
2043 rv = init_lib_and_find_token_slot(&slot);
2044 if (!ADBG_EXPECT_CK_OK(c, rv))
2045 return;
2046
2047 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2048 if (!ADBG_EXPECT_CK_OK(c, rv))
2049 goto close_lib;
2050
2051 /*
2052 * Generate Generic Secret key using invalid templates
2053 */
2054 Do_ADBG_BeginSubCase(c, "Generate Secret Key with Invalid Templates");
2055
2056 /* NULL Template with !null template length */
2057 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism, NULL,
2058 3, &key_handle);
2059 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
2060 goto err;
2061
2062 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2063 cktest_generate_gensecret_object_error1,
2064 ARRAY_SIZE(cktest_generate_gensecret_object_error1),
2065 &key_handle);
2066 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2067 goto err;
2068
2069 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2070 cktest_generate_gensecret_object_error2,
2071 ARRAY_SIZE(cktest_generate_gensecret_object_error2),
2072 &key_handle);
2073 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCOMPLETE, rv))
2074 goto err;
2075
2076 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2077 cktest_generate_gensecret_object_error3,
2078 ARRAY_SIZE(cktest_generate_gensecret_object_error3),
2079 &key_handle);
2080 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2081 goto err;
2082
2083 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2084 cktest_generate_gensecret_object_error4,
2085 ARRAY_SIZE(cktest_generate_gensecret_object_error4),
2086 &key_handle);
2087 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2088 goto err;
2089
2090 Do_ADBG_EndSubCase(c, NULL);
2091
2092 /*
2093 * Generate a Generic Secret object.
2094 * Try to encrypt with, it should fail...
2095 */
2096 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Encrypting");
2097
2098 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2099 cktest_generate_gensecret_object_valid1,
2100 ARRAY_SIZE(cktest_generate_gensecret_object_valid1),
2101 &key_handle);
2102 if (!ADBG_EXPECT_CK_OK(c, rv))
2103 goto err;
2104
2105 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2106 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_FUNCTION_NOT_PERMITTED, rv))
2107 goto err_destr_obj;
2108
2109 rv = C_DestroyObject(session, key_handle);
2110 if (!ADBG_EXPECT_CK_OK(c, rv))
2111 goto err;
2112
2113 Do_ADBG_EndSubCase(c, NULL);
2114
2115 /*
2116 * Generate a Generic Secret object.
2117 * Try to sign with it, it should pass...
2118 */
2119 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Signing");
2120 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2121 cktest_generate_gensecret_object_valid2,
2122 ARRAY_SIZE(cktest_generate_gensecret_object_valid2),
2123 &key_handle);
2124 if (!ADBG_EXPECT_CK_OK(c, rv))
2125 goto err;
2126
2127 rv = C_SignInit(session, test->mechanism, key_handle);
2128 if (!ADBG_EXPECT_CK_OK(c, rv))
2129 goto err_destr_obj;
2130
2131 rv = C_Sign(session, (void *)test->in, test->in_len,
2132 (void *)out, &out_len);
2133 if (!ADBG_EXPECT_CK_OK(c, rv))
2134 goto err_destr_obj;
2135
2136 rv = C_DestroyObject(session, key_handle);
2137 if (!ADBG_EXPECT_CK_OK(c, rv))
2138 goto err;
2139
2140 Do_ADBG_EndSubCase(c, NULL);
2141
2142 /*
2143 * Generate a 128 bit AES Secret Key.
2144 * Try to encrypt with, it should pass...
2145 */
2146 Do_ADBG_BeginSubCase(c, "Generate AES Key - Try Encrypting");
2147
2148 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
2149 cktest_generate_aes_object,
2150 ARRAY_SIZE(cktest_generate_aes_object),
2151 &key_handle);
2152 if (!ADBG_EXPECT_CK_OK(c, rv))
2153 goto err;
2154
2155 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2156 if (!ADBG_EXPECT_CK_OK(c, rv))
2157 goto err_destr_obj;
2158
2159 rv = C_EncryptFinal(session, NULL, NULL);
2160 /* Only check that the operation is no more active */
2161 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
2162 goto err;
2163
2164 rv = C_DestroyObject(session, key_handle);
2165 if (!ADBG_EXPECT_CK_OK(c, rv))
2166 goto err;
2167
2168 Do_ADBG_EndSubCase(c, NULL);
2169
2170 goto out;
2171
2172err_destr_obj:
2173 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
2174err:
2175 Do_ADBG_EndSubCase(c, NULL);
2176out:
2177 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2178close_lib:
2179 ADBG_EXPECT_CK_OK(c, close_lib());
2180}
2181ADBG_CASE_DEFINE(pkcs11, 1010, xtest_pkcs11_test_1010,
2182 "PKCS11: Key Generation");
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2183
2184static CK_RV create_data_object(CK_SESSION_HANDLE session,
2185 CK_OBJECT_HANDLE *obj_handle,
2186 CK_BBOOL token, CK_BBOOL private,
2187 const char *label)
2188{
2189 CK_OBJECT_CLASS class = CKO_DATA;
2190 CK_ATTRIBUTE object_template[] = {
2191 { CKA_CLASS, &class, sizeof(CK_OBJECT_CLASS) },
2192 { CKA_TOKEN, &token, sizeof(CK_BBOOL) },
2193 { CKA_PRIVATE, &private, sizeof(CK_BBOOL) },
2194 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2195 };
2196
2197 return C_CreateObject(session, object_template,
2198 ARRAY_SIZE(object_template), obj_handle);
2199}
2200
2201static CK_RV test_find_objects(ADBG_Case_t *c, CK_SESSION_HANDLE session,
2202 CK_ATTRIBUTE_PTR find_template,
2203 CK_ULONG attr_count,
2204 CK_OBJECT_HANDLE_PTR obj_found,
2205 CK_ULONG obj_count,
2206 CK_ULONG expected_cnt)
2207{
2208 CK_RV rv = CKR_GENERAL_ERROR;
2209 CK_ULONG hdl_count = 0;
2210
2211 rv = C_FindObjectsInit(session, find_template, attr_count);
2212 if (!ADBG_EXPECT_CK_OK(c, rv))
2213 return rv;
2214
2215 rv = C_FindObjects(session, obj_found, obj_count, &hdl_count);
2216 if (!ADBG_EXPECT_CK_OK(c, rv))
2217 return rv;
2218 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, expected_cnt))
2219 return CKR_GENERAL_ERROR;
2220
2221 rv = C_FindObjectsFinal(session);
2222 if (!ADBG_EXPECT_CK_OK(c, rv))
2223 return rv;
2224
2225 return rv;
2226}
2227
2228static void destroy_persistent_objects(ADBG_Case_t *c, CK_SLOT_ID slot)
2229{
2230 uint32_t rv = CKR_GENERAL_ERROR;
2231 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2232 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2233 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2234 CK_ULONG count = 1;
2235 CK_ATTRIBUTE cktest_find_all_token_objs[] = {
2236 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2237 };
2238
2239 rv = init_user_test_token(slot);
2240 if (!ADBG_EXPECT_CK_OK(c, rv))
2241 return;
2242
2243 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2244 if (!ADBG_EXPECT_CK_OK(c, rv))
2245 return;
2246
2247 /* Login to destroy private objects */
2248 rv = C_Login(session, CKU_USER, test_token_user_pin,
2249 sizeof(test_token_user_pin));
2250 if (!ADBG_EXPECT_CK_OK(c, rv))
2251 goto bail;
2252
2253 rv = C_FindObjectsInit(session, cktest_find_all_token_objs,
2254 ARRAY_SIZE(cktest_find_all_token_objs));
2255 if (!ADBG_EXPECT_CK_OK(c, rv))
2256 goto bail;
2257
2258 while (1) {
2259 rv = C_FindObjects(session, &obj_hdl, 1, &count);
2260 if (!ADBG_EXPECT_CK_OK(c, rv))
2261 goto bail;
2262 if (!count)
2263 break;
2264
2265 rv = C_DestroyObject(session, obj_hdl);
2266 ADBG_EXPECT_CK_OK(c, rv);
2267 }
2268
2269 rv = C_FindObjectsFinal(session);
2270 ADBG_EXPECT_CK_OK(c, rv);
2271
2272 rv = C_Logout(session);
2273 ADBG_EXPECT_CK_OK(c, rv);
2274
2275bail:
2276 rv = C_CloseSession(session);
2277 ADBG_EXPECT_CK_OK(c, rv);
2278}
2279
2280static void xtest_pkcs11_test_1011(ADBG_Case_t *c)
2281{
2282 CK_RV rv = CKR_GENERAL_ERROR;
2283 CK_SLOT_ID slot = 0;
2284 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2285 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2286 CK_OBJECT_HANDLE obj_hdl[10] = { };
2287 CK_OBJECT_HANDLE obj_found[10] = { };
2288 const char *label = "Common Label";
2289 CK_ULONG hdl_count = 0;
2290 size_t n = 0;
2291 uint32_t i = 0;
2292 uint32_t object_id = 0;
2293 bool logged_in = false;
2294 CK_ATTRIBUTE find_template[] = {
2295 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2296 };
2297 CK_ATTRIBUTE find_token_template[] = {
2298 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2299 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2300 };
2301 CK_ATTRIBUTE find_session_template[] = {
2302 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2303 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
2304 };
2305 CK_BBOOL bToken = CK_FALSE;
2306 CK_ATTRIBUTE get_attr_template[] = {
2307 { CKA_TOKEN, &bToken, sizeof(bToken) },
2308 };
2309
2310 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
2311 obj_hdl[n] = CK_INVALID_HANDLE;
2312 for (n = 0; n < ARRAY_SIZE(obj_found); n++)
2313 obj_found[n] = CK_INVALID_HANDLE;
2314
2315 rv = init_lib_and_find_token_slot(&slot);
2316 if (!ADBG_EXPECT_CK_OK(c, rv))
2317 return;
2318
2319 rv = init_test_token(slot);
2320 if (!ADBG_EXPECT_CK_OK(c, rv))
2321 return;
2322
2323 rv = init_user_test_token(slot);
2324 if (!ADBG_EXPECT_CK_OK(c, rv))
2325 return;
2326
2327 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2328 if (!ADBG_EXPECT_CK_OK(c, rv))
2329 goto close_lib;
2330
2331 /*
2332 * Sub test: Create Session Public/Private,
2333 * Token Public/Private objects and find them
2334 */
2335 Do_ADBG_BeginSubCase(c, "Find created Data objects when logged in");
2336
2337 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2338 rv = create_data_object(session, &obj_hdl[object_id++], CK_FALSE,
2339 CK_FALSE, label);
2340 if (!ADBG_EXPECT_CK_OK(c, rv))
2341 goto out;
2342
2343 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2344 rv = create_data_object(session, &obj_hdl[object_id++], CK_TRUE,
2345 CK_FALSE, label);
2346 if (!ADBG_EXPECT_CK_OK(c, rv))
2347 goto out;
2348
2349 /*
2350 * Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE
2351 * Expected error as User not logged in
2352 */
2353 rv = create_data_object(session, &obj_hdl[object_id], CK_TRUE,
2354 CK_TRUE, label);
2355 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2356 goto out;
2357
2358 /* Login to Test Token */
2359 rv = C_Login(session, CKU_USER, test_token_user_pin,
2360 sizeof(test_token_user_pin));
2361 if (!ADBG_EXPECT_CK_OK(c, rv))
2362 goto out;
2363
2364 logged_in = true;
2365
2366 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
2367 rv = create_data_object(session, &obj_hdl[object_id++], CK_TRUE,
2368 CK_TRUE, label);
2369 if (!ADBG_EXPECT_CK_OK(c, rv))
2370 goto out;
2371
2372 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2373 rv = create_data_object(session, &obj_hdl[object_id++], CK_FALSE,
2374 CK_TRUE, label);
2375 if (!ADBG_EXPECT_CK_OK(c, rv))
2376 goto out;
2377
2378 rv = test_find_objects(c, session, find_template,
2379 ARRAY_SIZE(find_template),
2380 obj_found, ARRAY_SIZE(obj_found), 4);
2381 if (!ADBG_EXPECT_CK_OK(c, rv))
2382 goto out;
2383
2384 /*
2385 * Check if object handles returned when creating objects with this
2386 * session are still valid
2387 */
2388 for (i = 0; i < object_id; i++) {
2389 rv = C_GetAttributeValue(session, obj_hdl[i], get_attr_template,
2390 ARRAY_SIZE(get_attr_template));
2391 if (!ADBG_EXPECT_CK_OK(c, rv))
2392 goto out;
2393 }
2394
2395 Do_ADBG_EndSubCase(c, NULL);
2396
2397 /*
2398 * Sub test: Pass NULL template with count as 0. All objects should
2399 * get returned
2400 */
2401 Do_ADBG_BeginSubCase(c, "Find all objects by passing NULL template");
2402
2403 rv = test_find_objects(c, session, NULL, 0, obj_found,
2404 ARRAY_SIZE(obj_found), 4);
2405 if (!ADBG_EXPECT_CK_OK(c, rv))
2406 goto out;
2407
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2408 Do_ADBG_EndSubCase(c, NULL);
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2409
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2410 /*
2411 * Sub test: finalize search without getting the handles found
2412 */
2413 Do_ADBG_BeginSubCase(c, "Initiate and finalize straight a search");
2414
2415 rv = C_FindObjectsInit(session, find_template,
2416 ARRAY_SIZE(find_template));
2417 if (!ADBG_EXPECT_CK_OK(c, rv))
2418 goto out;
2419
2420 rv = C_FindObjectsFinal(session);
2421 if (!ADBG_EXPECT_CK_OK(c, rv))
2422 goto out;
2423
2424 /*
2425 * Check if object handles returned when creating objects with this
2426 * session are still valid
2427 */
2428 for (i = 0; i < object_id; i++) {
2429 rv = C_GetAttributeValue(session, obj_hdl[i], get_attr_template,
2430 ARRAY_SIZE(get_attr_template));
2431 if (!ADBG_EXPECT_CK_OK(c, rv))
2432 goto out;
2433 }
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2434 Do_ADBG_EndSubCase(c, NULL);
2435
2436 /*
2437 * Sub test: Logout and find objects. We will find only public
2438 * objects (2)
2439 */
2440 Do_ADBG_BeginSubCase(c, "Find created Data objects when logged out");
2441
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2442 rv = C_Logout(session);
2443 ADBG_EXPECT_CK_OK(c, rv);
2444
2445 logged_in = false;
2446
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2447 rv = test_find_objects(c, session, find_template,
2448 ARRAY_SIZE(find_template),
2449 obj_found, ARRAY_SIZE(obj_found), 2);
2450 if (!ADBG_EXPECT_CK_OK(c, rv))
2451 goto out;
2452
2453 Do_ADBG_EndSubCase(c, NULL);
2454
2455 /*
2456 * Sub test
2457 */
2458 Do_ADBG_BeginSubCase(c, "Find objects 1 by 1 and match handles");
2459
2460 for (n = 0; n < ARRAY_SIZE(obj_found); n++)
2461 obj_found[n] = CK_INVALID_HANDLE;
2462
2463 rv = C_FindObjectsInit(session, find_template,
2464 ARRAY_SIZE(find_template));
2465 if (!ADBG_EXPECT_CK_OK(c, rv))
2466 goto out;
2467
2468 rv = C_FindObjects(session, obj_found, 1, &hdl_count);
2469 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2470 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 1) ||
2471 !ADBG_EXPECT_TRUE(c, (obj_found[0] == obj_hdl[0]) ||
2472 (obj_found[0] == obj_hdl[1])))
2473 goto out;
2474
2475 rv = C_FindObjects(session, &obj_found[1], 1, &hdl_count);
2476 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2477 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 1) ||
2478 !ADBG_EXPECT_TRUE(c, (obj_found[1] == obj_hdl[0]) ||
2479 (obj_found[1] == obj_hdl[1])) ||
2480 !ADBG_EXPECT_TRUE(c, (obj_found[1] != obj_found[0])))
2481 goto out;
2482
2483 rv = C_FindObjects(session, obj_found, 1, &hdl_count);
2484 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2485 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 0))
2486 goto out;
2487
2488 rv = C_FindObjectsFinal(session);
2489 if (!ADBG_EXPECT_CK_OK(c, rv))
2490 goto out;
2491
2492 Do_ADBG_EndSubCase(c, NULL);
2493
2494 /*
2495 * Sub test: Find objects with CKA_TOKEN=TRUE
2496 */
2497 Do_ADBG_BeginSubCase(c, "Find persistent objects");
2498
2499 rv = test_find_objects(c, session, find_token_template,
2500 ARRAY_SIZE(find_token_template),
2501 obj_found, ARRAY_SIZE(obj_found), 1);
2502 if (!ADBG_EXPECT_CK_OK(c, rv))
2503 goto out;
2504
2505 Do_ADBG_EndSubCase(c, NULL);
2506
2507 /*
2508 * Sub test: Find only session objects
2509 */
2510 Do_ADBG_BeginSubCase(c, "Find session objects");
2511
2512 rv = test_find_objects(c, session, find_session_template,
2513 ARRAY_SIZE(find_session_template),
2514 obj_found, ARRAY_SIZE(obj_found), 1);
2515 if (!ADBG_EXPECT_CK_OK(c, rv))
2516 goto out;
2517
2518 Do_ADBG_EndSubCase(c, NULL);
2519
2520 /*
2521 * Sub test:
2522 */
2523 Do_ADBG_BeginSubCase(c, "Login again and find Data objects");
2524
2525 /* Login to Test Token */
2526 rv = C_Login(session, CKU_USER, test_token_user_pin,
2527 sizeof(test_token_user_pin));
2528 if (!ADBG_EXPECT_CK_OK(c, rv))
2529 goto out;
2530
2531 logged_in = true;
2532
2533 rv = test_find_objects(c, session, find_template,
2534 ARRAY_SIZE(find_template),
Ruchika Guptab8dac1c2021-01-14 12:37:58 +0530[diff] [blame]2535 obj_found, ARRAY_SIZE(obj_found), 3);
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2536 if (!ADBG_EXPECT_CK_OK(c, rv))
2537 goto out;
2538
Ruchika Guptaafe2b542020-12-24 15:51:31 +0530[diff] [blame]2539 rv = C_Logout(session);
2540 ADBG_EXPECT_CK_OK(c, rv);
2541
2542 logged_in = false;
2543
2544 Do_ADBG_EndSubCase(c, NULL);
2545
2546 /*
2547 * Sub test: Close session and open new session, find objects
2548 * without logging and after logging
2549 */
2550 Do_ADBG_BeginSubCase(c, "Find objects from brand new session");
2551
2552 rv = C_CloseSession(session);
2553 if (!ADBG_EXPECT_CK_OK(c, rv))
2554 goto destr_obj;
2555
2556 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2557 if (!ADBG_EXPECT_CK_OK(c, rv))
2558 goto destr_obj;
2559
2560 rv = test_find_objects(c, session, find_template,
2561 ARRAY_SIZE(find_template),
2562 obj_found, ARRAY_SIZE(obj_found), 1);
2563 if (!ADBG_EXPECT_CK_OK(c, rv))
2564 goto out;
2565
2566 /* Login to Test Token */
2567 rv = C_Login(session, CKU_USER, test_token_user_pin,
2568 sizeof(test_token_user_pin));
2569 if (!ADBG_EXPECT_CK_OK(c, rv))
2570 goto out;
2571
2572 logged_in = true;
2573
2574 rv = test_find_objects(c, session, find_template,
2575 ARRAY_SIZE(find_template),
2576 obj_found, ARRAY_SIZE(obj_found), 2);
2577 if (!ADBG_EXPECT_CK_OK(c, rv))
2578 goto out;
2579
2580 rv = C_Logout(session);
2581 ADBG_EXPECT_CK_OK(c, rv);
2582
2583 logged_in = false;
2584
2585 Do_ADBG_EndSubCase(c, NULL);
2586
2587 /*
2588 * Sub test: invalid call cases
2589 */
2590 Do_ADBG_BeginSubCase(c, "Invalid cases");
2591
2592 rv = C_FindObjectsFinal(session);
2593 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
2594
2595 rv = C_FindObjects(session,
2596 obj_found, ARRAY_SIZE(obj_found), &hdl_count);
2597 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
2598
2599 rv = C_FindObjectsInit(session, find_template,
2600 ARRAY_SIZE(find_template));
2601 if (!ADBG_EXPECT_CK_OK(c, rv))
2602 goto out;
2603
2604 rv = C_FindObjectsInit(session, find_template,
2605 ARRAY_SIZE(find_template));
2606 ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK);
2607
2608 rv = C_FindObjectsFinal(session);
2609 ADBG_EXPECT_CK_OK(c, rv);
2610
2611 rv = C_FindObjectsInit(session, find_template,
2612 ARRAY_SIZE(find_template));
2613 ADBG_EXPECT_CK_OK(c, rv);
2614
2615 /*
2616 * Intentionally do not finalize the active object search. It should be
2617 * released together with the session closure.
2618 */
2619 Do_ADBG_EndSubCase(c, NULL);
2620
2621out:
2622 if (logged_in)
2623 ADBG_EXPECT_CK_OK(c, C_Logout(session));
2624
2625 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2626
2627destr_obj:
2628 destroy_persistent_objects(c, slot);
2629close_lib:
2630 ADBG_EXPECT_CK_OK(c, close_lib());
2631}
2632ADBG_CASE_DEFINE(pkcs11, 1011, xtest_pkcs11_test_1011,
2633 "PKCS11: Test Find Objects");
Vesa Jääskeläinen33ada292021-01-13 23:17:55 +0200[diff] [blame]2634
2635static void xtest_pkcs11_test_1012(ADBG_Case_t *c)
2636{
2637 CK_RV rv = CKR_GENERAL_ERROR;
2638 CK_SLOT_ID slot = 0;
2639 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2640 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2641 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2642 CK_OBJECT_HANDLE key_hdl = CK_INVALID_HANDLE;
2643 size_t i = 0;
2644
2645 CK_OBJECT_CLASS obj_class = CKO_DATA;
2646 CK_BBOOL obj_token = CK_FALSE;
2647 CK_BBOOL obj_private = CK_FALSE;
2648 uint8_t obj_value[5] = { 1, 2, 3, 4, 5 };
2649 const char *obj_label = "Label";
2650
2651 CK_ATTRIBUTE object_template[] = {
2652 { CKA_CLASS, &obj_class, sizeof(obj_class) },
2653 { CKA_TOKEN, &obj_token, sizeof(obj_token) },
2654 { CKA_PRIVATE, &obj_private, sizeof(obj_private) },
2655 { CKA_VALUE, obj_value, sizeof(obj_value) },
2656 { CKA_LABEL, (CK_UTF8CHAR_PTR)obj_label, strlen(obj_label) },
2657 };
2658
2659 CK_OBJECT_CLASS secret_class = CKO_SECRET_KEY;
2660 CK_BBOOL secret_token = CK_FALSE;
2661 CK_BBOOL secret_private = CK_FALSE;
2662 CK_KEY_TYPE secret_key_type = CKK_GENERIC_SECRET;
2663 CK_ULONG secret_len = 32;
2664 CK_MECHANISM_TYPE secret_allowed_mecha[] = { CKM_SHA_1_HMAC,
2665 CKM_SHA224_HMAC,
2666 CKM_SHA256_HMAC };
2667
2668 CK_ATTRIBUTE secret_template[] = {
2669 { CKA_CLASS, &secret_class, sizeof(secret_class) },
2670 { CKA_TOKEN, &secret_token, sizeof(secret_token) },
2671 { CKA_PRIVATE, &secret_private, sizeof(secret_private) },
2672 { CKA_KEY_TYPE, &secret_key_type, sizeof(secret_key_type) },
2673 { CKA_VALUE_LEN, &secret_len, sizeof(secret_len) },
2674 { CKA_ALLOWED_MECHANISMS, secret_allowed_mecha,
2675 sizeof(secret_allowed_mecha) }
2676 };
2677
2678 CK_BBOOL g_token = CK_TRUE;
2679 CK_BBOOL g_private = CK_TRUE;
2680 CK_OBJECT_CLASS g_class = ~0;
2681 uint8_t g_value[128] = { 0 };
2682 CK_MECHANISM_TYPE g_mecha_list[10] = { 0 };
2683
2684 uint8_t *data_ptr = NULL;
2685
2686 CK_ATTRIBUTE get_attr_template_bc[] = {
2687 { CKA_TOKEN, &g_token, sizeof(g_token) },
2688 { CKA_CLASS, &g_class, sizeof(g_class) },
2689 };
2690
2691 CK_ATTRIBUTE get_attr_template_cb[] = {
2692 { CKA_CLASS, &g_class, sizeof(g_class) },
2693 { CKA_TOKEN, &g_token, sizeof(g_token) },
2694 };
2695
Vesa Jääskeläinen2f068b12021-06-27 17:46:53 +0300[diff] [blame]2696 CK_ATTRIBUTE get_attr_template_query_bc[] = {
2697 { CKA_TOKEN, NULL, 0 },
2698 { CKA_CLASS, NULL, 0 },
2699 };
2700
2701 CK_ATTRIBUTE get_attr_template_query_cb[] = {
2702 { CKA_CLASS, NULL, 0 },
2703 { CKA_TOKEN, NULL, 0 },
2704 };
2705
Vesa Jääskeläinen33ada292021-01-13 23:17:55 +0200[diff] [blame]2706 CK_ATTRIBUTE get_attr_template_ve[] = {
2707 { CKA_VALUE, &g_value, sizeof(obj_value) },
2708 };
2709
2710 CK_ATTRIBUTE get_attr_template_vl[] = {
2711 { CKA_VALUE, &g_value, sizeof(g_value) },
2712 };
2713
2714 CK_ATTRIBUTE get_attr_template_bvecb[] = {
2715 { CKA_TOKEN, &g_token, sizeof(g_token) },
2716 { CKA_VALUE, &g_value, sizeof(obj_value) },
2717 { CKA_CLASS, &g_class, sizeof(g_class) },
2718 { CKA_TOKEN, &g_private, sizeof(g_private) },
2719 };
2720
2721 CK_ATTRIBUTE get_attr_template_bvlcb[] = {
2722 { CKA_TOKEN, &g_token, sizeof(g_token) },
2723 { CKA_VALUE, &g_value, sizeof(g_value) },
2724 { CKA_CLASS, &g_class, sizeof(g_class) },
2725 { CKA_TOKEN, &g_private, sizeof(g_private) },
2726 };
2727
2728 CK_ATTRIBUTE get_attr_template_am[] = {
2729 { CKA_ALLOWED_MECHANISMS, &g_mecha_list, sizeof(g_mecha_list) },
2730 };
2731
2732 rv = init_lib_and_find_token_slot(&slot);
2733 if (!ADBG_EXPECT_CK_OK(c, rv))
2734 return;
2735
2736 rv = init_test_token(slot);
2737 if (!ADBG_EXPECT_CK_OK(c, rv))
2738 goto close_lib;
2739
2740 rv = init_user_test_token(slot);
2741 if (!ADBG_EXPECT_CK_OK(c, rv))
2742 goto close_lib;
2743
2744 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2745 if (!ADBG_EXPECT_CK_OK(c, rv))
2746 goto close_lib;
2747
2748 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2749 rv = C_CreateObject(session, object_template,
2750 ARRAY_SIZE(object_template), &obj_hdl);
2751 if (!ADBG_EXPECT_CK_OK(c, rv))
2752 goto out;
2753
2754 /*
2755 * Sub test: Test Boolean (1 byte) + object class (CK_ULONG)
2756 */
2757 Do_ADBG_BeginSubCase(c, "Get Attribute - boolean + class");
2758 g_token = CK_TRUE;
2759 g_class = ~0;
2760
2761 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bc,
2762 ARRAY_SIZE(get_attr_template_bc));
2763 if (!ADBG_EXPECT_CK_OK(c, rv))
2764 goto out;
2765
2766 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2767 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2768
2769 Do_ADBG_EndSubCase(c, NULL);
2770
2771 /*
2772 * Sub test: object class (CK_ULONG) + Test Boolean (1 byte)
2773 */
2774 Do_ADBG_BeginSubCase(c, "Get Attribute - class + boolean");
2775 g_token = CK_TRUE;
2776 g_class = ~0;
2777
2778 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_cb,
2779 ARRAY_SIZE(get_attr_template_cb));
2780 if (!ADBG_EXPECT_CK_OK(c, rv))
2781 goto out;
2782
2783 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2784 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2785
2786 Do_ADBG_EndSubCase(c, NULL);
2787
2788 /*
Vesa Jääskeläinen2f068b12021-06-27 17:46:53 +0300[diff] [blame]2789 * Sub test: Query size boolean (1 byte) + object class (CK_ULONG)
2790 */
2791 Do_ADBG_BeginSubCase(c, "Get Attribute - query size boolean + class");
2792 g_token = CK_TRUE;
2793 g_class = ~0;
2794
2795 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_query_bc,
2796 ARRAY_SIZE(get_attr_template_query_bc));
2797 if (!ADBG_EXPECT_CK_OK(c, rv))
2798 goto out;
2799
2800 ADBG_EXPECT_COMPARE_UNSIGNED(c,
2801 get_attr_template_query_bc[0].ulValueLen, ==, 1);
2802 ADBG_EXPECT_COMPARE_UNSIGNED(c,
2803 get_attr_template_query_bc[1].ulValueLen, ==, sizeof(CK_ULONG));
2804
2805 Do_ADBG_EndSubCase(c, NULL);
2806
2807 /*
2808 * Sub test: Query size object class (CK_ULONG) + boolean (1 byte)
2809 */
2810 Do_ADBG_BeginSubCase(c, "Get Attribute - query size class + boolean");
2811 g_token = CK_TRUE;
2812 g_class = ~0;
2813
2814 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_query_cb,
2815 ARRAY_SIZE(get_attr_template_query_cb));
2816 if (!ADBG_EXPECT_CK_OK(c, rv))
2817 goto out;
2818
2819 ADBG_EXPECT_COMPARE_UNSIGNED(c,
2820 get_attr_template_query_cb[0].ulValueLen, ==, sizeof(CK_ULONG));
2821 ADBG_EXPECT_COMPARE_UNSIGNED(c,
2822 get_attr_template_query_cb[1].ulValueLen, ==, 1);
2823
2824 Do_ADBG_EndSubCase(c, NULL);
2825
2826 /*
Vesa Jääskeläinen33ada292021-01-13 23:17:55 +0200[diff] [blame]2827 * Sub test: value with exact size
2828 */
2829 Do_ADBG_BeginSubCase(c, "Get Attribute - value with exact size buffer");
2830 memset(g_value, 0xCC, sizeof(g_value));
2831
2832 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_ve,
2833 ARRAY_SIZE(get_attr_template_ve));
2834 if (!ADBG_EXPECT_CK_OK(c, rv))
2835 goto out;
2836
2837 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_ve[0].ulValueLen, ==, sizeof(obj_value));
2838 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2839 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2840 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2841 break;
2842
2843 Do_ADBG_EndSubCase(c, NULL);
2844
2845 /*
2846 * Sub test: value with larger buffer
2847 */
2848 Do_ADBG_BeginSubCase(c, "Get Attribute - value with larger buffer");
2849 memset(g_value, 0xCC, sizeof(g_value));
2850
2851 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_vl,
2852 ARRAY_SIZE(get_attr_template_vl));
2853 if (!ADBG_EXPECT_CK_OK(c, rv))
2854 goto out;
2855
2856 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_vl[0].ulValueLen, ==, sizeof(obj_value));
2857 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2858 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2859 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2860 break;
2861
2862 Do_ADBG_EndSubCase(c, NULL);
2863
2864 /*
2865 * Sub test: bool + value with exact size + class + bool
2866 */
2867 Do_ADBG_BeginSubCase(c, "Get Attribute - bool + value with exact size + class + bool");
2868 memset(g_value, 0xCC, sizeof(g_value));
2869 g_token = CK_TRUE;
2870 g_private = CK_TRUE;
2871 g_class = ~0;
2872
2873 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bvecb,
2874 ARRAY_SIZE(get_attr_template_bvecb));
2875 if (!ADBG_EXPECT_CK_OK(c, rv))
2876 goto out;
2877
2878 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_bvecb[1].ulValueLen,
2879 ==, sizeof(obj_value));
2880 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2881 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2882 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2883 break;
2884
2885 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2886 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2887 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE);
2888
2889 Do_ADBG_EndSubCase(c, NULL);
2890
2891 /*
2892 * Sub test: bool + value with larger buffer + class + bool
2893 */
2894 Do_ADBG_BeginSubCase(c, "Get Attribute - bool + value with larger buffer + class + bool");
2895 memset(g_value, 0xCC, sizeof(g_value));
2896 g_token = CK_TRUE;
2897 g_private = CK_TRUE;
2898 g_class = ~0;
2899
2900 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bvlcb,
2901 ARRAY_SIZE(get_attr_template_bvlcb));
2902 if (!ADBG_EXPECT_CK_OK(c, rv))
2903 goto out;
2904
2905 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_bvlcb[1].ulValueLen,
2906 ==, sizeof(obj_value));
2907 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2908 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2909 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2910 break;
2911
2912 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2913 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2914 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE);
2915
2916 Do_ADBG_EndSubCase(c, NULL);
2917
2918 /*
2919 * Sub test: allowed mechanism list
2920 */
2921 Do_ADBG_BeginSubCase(c, "Get Attribute - allowed mechanism list");
2922 memset(g_mecha_list, 0xCC, sizeof(g_mecha_list));
2923
2924 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2925 secret_template, ARRAY_SIZE(secret_template),
2926 &key_hdl);
2927 if (!ADBG_EXPECT_CK_OK(c, rv))
2928 goto out;
2929
2930 rv = C_GetAttributeValue(session, key_hdl, get_attr_template_am,
2931 ARRAY_SIZE(get_attr_template_am));
2932 if (!ADBG_EXPECT_CK_OK(c, rv))
2933 goto out;
2934
2935 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_am[0].ulValueLen, ==,
2936 sizeof(secret_allowed_mecha));
2937
2938 for (i = 0; i < sizeof(secret_allowed_mecha) / sizeof(*secret_allowed_mecha); i++)
2939 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_mecha_list[i], ==, secret_allowed_mecha[i]))
2940 break;
2941
2942 data_ptr = (uint8_t *)g_mecha_list;
2943 for (i = sizeof(secret_allowed_mecha); i < sizeof(g_mecha_list); i++)
2944 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, data_ptr[i], ==, 0xCC))
2945 break;
2946
2947 Do_ADBG_EndSubCase(c, NULL);
2948
2949out:
2950 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2951
2952close_lib:
2953 ADBG_EXPECT_CK_OK(c, close_lib());
2954}
2955ADBG_CASE_DEFINE(pkcs11, 1012, xtest_pkcs11_test_1012,
2956 "PKCS11: Serializer tests");
Ruchika Guptafdabbfa2021-01-25 11:55:18 +0530[diff] [blame]2957
2958static void xtest_pkcs11_test_1013(ADBG_Case_t *c)
2959{
2960 CK_RV rv = CKR_GENERAL_ERROR;
2961 CK_SLOT_ID slot = 0;
2962 CK_SESSION_HANDLE rw_session = CK_INVALID_HANDLE;
2963 CK_SESSION_HANDLE ro_session = CK_INVALID_HANDLE;
2964 CK_FLAGS rw_session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2965 CK_FLAGS ro_session_flags = CKF_SERIAL_SESSION;
2966 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2967 const char *label = "Dummy Objects";
2968 bool ro_logged_in = false;
2969
2970 rv = init_lib_and_find_token_slot(&slot);
2971 if (!ADBG_EXPECT_CK_OK(c, rv))
2972 return;
2973
2974 rv = init_test_token(slot);
2975 if (!ADBG_EXPECT_CK_OK(c, rv))
2976 goto close_lib;
2977
2978 rv = init_user_test_token(slot);
2979 if (!ADBG_EXPECT_CK_OK(c, rv))
2980 goto close_lib;
2981
2982 /* Open a RW session */
2983 rv = C_OpenSession(slot, rw_session_flags, NULL, 0, &rw_session);
2984 if (!ADBG_EXPECT_CK_OK(c, rv))
2985 goto close_lib;
2986
2987 /* Open a RO session */
2988 rv = C_OpenSession(slot, ro_session_flags, NULL, 0, &ro_session);
2989 if (!ADBG_EXPECT_CK_OK(c, rv))
2990 goto close_lib;
2991
2992 /*
2993 * Sub test: Check object creation from a R/O Public session
2994 */
2995 Do_ADBG_BeginSubCase(c, "Create objects in R/O Public Session");
2996
2997 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2998 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
2999 CK_FALSE, label);
3000 if (!ADBG_EXPECT_CK_OK(c, rv))
3001 goto out;
3002
3003 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3004 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3005 CK_TRUE, label);
3006 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3007 goto out;
3008
3009 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3010 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3011 CK_FALSE, label);
3012 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3013 goto out;
3014
3015 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3016 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3017 CK_TRUE, label);
3018 /* For Token object creation, SESSION_READ_ONLY will take priority */
3019 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3020 goto out;
3021
3022 Do_ADBG_EndSubCase(c, NULL);
3023
3024 /*
3025 * Sub test: Check access for a R/W Public session
3026 */
3027 Do_ADBG_BeginSubCase(c, "Create objects in R/O Public Session");
3028
3029 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3030 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3031 CK_FALSE, label);
3032 if (!ADBG_EXPECT_CK_OK(c, rv))
3033 goto out;
3034
3035 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3036 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3037 CK_TRUE, label);
3038 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3039 goto out;
3040
3041 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3042 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3043 CK_FALSE, label);
3044 if (!ADBG_EXPECT_CK_OK(c, rv))
3045 goto out;
3046
3047 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3048 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3049 CK_TRUE, label);
3050 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3051 goto out;
3052
3053 Do_ADBG_EndSubCase(c, NULL);
3054
3055 /*
3056 * Sub test: Check access for a R/O User session
3057 */
3058 Do_ADBG_BeginSubCase(c, "Create objects in R/O User Session");
3059
3060 /* Login to Test Token */
3061 rv = C_Login(ro_session, CKU_USER, test_token_user_pin,
3062 sizeof(test_token_user_pin));
3063 if (!ADBG_EXPECT_CK_OK(c, rv))
3064 goto out;
3065
3066 ro_logged_in = true;
3067
3068 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3069 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3070 CK_FALSE, label);
3071 if (!ADBG_EXPECT_CK_OK(c, rv))
3072 goto out;
3073
3074 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3075 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3076 CK_TRUE, label);
3077 if (!ADBG_EXPECT_CK_OK(c, rv))
3078 goto out;
3079
3080 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3081 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3082 CK_FALSE, label);
3083 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3084 goto out;
3085
3086 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3087 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3088 CK_TRUE, label);
3089 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3090 goto out;
3091
3092 Do_ADBG_EndSubCase(c, NULL);
3093
3094 /*
3095 * Sub test: Check access for a R/W User session
3096 */
3097 Do_ADBG_BeginSubCase(c, "Create objects in R/W User Session");
3098
3099 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3100 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3101 CK_FALSE, label);
3102 if (!ADBG_EXPECT_CK_OK(c, rv))
3103 goto out;
3104
3105 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3106 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3107 CK_TRUE, label);
3108 if (!ADBG_EXPECT_CK_OK(c, rv))
3109 goto out;
3110
3111 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3112 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3113 CK_FALSE, label);
3114 if (!ADBG_EXPECT_CK_OK(c, rv))
3115 goto out;
3116
3117 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3118 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3119 CK_TRUE, label);
3120 if (!ADBG_EXPECT_CK_OK(c, rv))
3121 goto out;
3122
3123 /* Log out */
3124 ADBG_EXPECT_CK_OK(c, C_Logout(ro_session));
3125 ro_logged_in = false;
3126
3127 /* Close RO session */
3128 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3129 ro_session = CK_INVALID_HANDLE;
3130
3131 Do_ADBG_EndSubCase(c, NULL);
3132
3133 /*
3134 * Sub test: Check access for a R/W SO session
3135 */
3136 Do_ADBG_BeginSubCase(c, "Create objects in R/W SO Session");
3137
3138 /* Login as security officer in RW session */
3139 rv = C_Login(rw_session, CKU_SO, test_token_so_pin,
3140 sizeof(test_token_so_pin));
3141 if (!ADBG_EXPECT_CK_OK(c, rv))
3142 goto out;
3143
3144 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3145 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3146 CK_FALSE, label);
3147 if (!ADBG_EXPECT_CK_OK(c, rv))
3148 goto logout;
3149
3150 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3151 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3152 CK_TRUE, label);
3153 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3154 goto logout;
3155
3156 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3157 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3158 CK_FALSE, label);
3159 if (!ADBG_EXPECT_CK_OK(c, rv))
3160 goto logout;
3161
3162 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3163 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3164 CK_TRUE, label);
3165 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3166 goto logout;
3167
3168logout:
3169 ADBG_EXPECT_CK_OK(c, C_Logout(rw_session));
3170out:
3171 if (ro_logged_in)
3172 ADBG_EXPECT_CK_OK(c, C_Logout(ro_session));
3173
3174 if (ro_session != CK_INVALID_HANDLE)
3175 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3176
3177 ADBG_EXPECT_CK_OK(c, C_CloseSession(rw_session));
3178
3179 Do_ADBG_EndSubCase(c, NULL);
3180
3181 destroy_persistent_objects(c, slot);
3182close_lib:
3183 ADBG_EXPECT_CK_OK(c, close_lib());
3184
3185}
3186ADBG_CASE_DEFINE(pkcs11, 1013, xtest_pkcs11_test_1013,
3187 "PKCS11: Object creation upon session type");
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3188
3189static void xtest_pkcs11_test_1014(ADBG_Case_t *c)
3190{
3191 CK_RV rv = CKR_GENERAL_ERROR;
3192 CK_SLOT_ID slot = 0;
3193 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3194 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3195 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
3196 const char *id = "1";
3197 const char *label = "Dummy Objects";
3198 const char *new_label = "New Object lable";
3199 size_t n = 0;
3200 char *g_label[100] = { };
3201 char *g_id[100] = { };
3202 CK_MECHANISM_TYPE secret_allowed_mecha[] = { CKM_SHA_1_HMAC,
3203 CKM_SHA224_HMAC,
3204 CKM_SHA256_HMAC };
3205 CK_ATTRIBUTE secret_key_template[] = {
3206 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3207 sizeof(CK_OBJECT_CLASS) },
3208 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3209 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3210 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3211 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3212 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3213 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3214 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
3215 sizeof(CK_KEY_TYPE) },
3216 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3217 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3218 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3219 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3220 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3221 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3222 { CKA_ALLOWED_MECHANISMS, secret_allowed_mecha,
3223 sizeof(secret_allowed_mecha) },
3224 };
3225 CK_BBOOL g_derive = CK_FALSE;
3226 CK_BBOOL g_sign = CK_FALSE;
3227 CK_BBOOL g_verify = CK_FALSE;
3228 CK_BBOOL g_encrypt = CK_FALSE;
3229 CK_BBOOL g_decrypt = CK_FALSE;
3230 CK_BBOOL g_wrap = CK_FALSE;
3231 CK_BBOOL g_unwrap = CK_FALSE;
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3232 uint32_t g_len = 0;
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3233 CK_ATTRIBUTE get_template[] = {
3234 { CKA_LABEL, (CK_UTF8CHAR_PTR)g_label, sizeof(g_label) },
3235 { CKA_ID, (CK_BYTE_PTR)g_id, sizeof(g_id) },
3236 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
3237 { CKA_SIGN, &g_sign, sizeof(CK_BBOOL) },
3238 { CKA_VERIFY, &g_verify, sizeof(CK_BBOOL) },
3239 { CKA_ENCRYPT, &g_encrypt, sizeof(CK_BBOOL) },
3240 { CKA_DECRYPT, &g_decrypt, sizeof(CK_BBOOL) },
3241 { CKA_WRAP, &g_wrap, sizeof(CK_BBOOL) },
3242 { CKA_UNWRAP, &g_unwrap, sizeof(CK_BBOOL) },
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3243 { CKA_VALUE_LEN, &g_len, sizeof(CK_ULONG) },
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3244 };
3245 CK_ATTRIBUTE set_template[] = {
3246 { CKA_LABEL, (CK_UTF8CHAR_PTR)new_label, strlen(new_label) },
3247 { CKA_ID, (CK_BYTE_PTR)id, strlen(id) },
3248 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3249 { CKA_WRAP, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3250 { CKA_UNWRAP, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3251 { CKA_SIGN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3252 { CKA_VERIFY, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3253 { CKA_ENCRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3254 { CKA_DECRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3255 /* CKA_SENSITIVE -> CK_FALSE to CK_TRUE is allowed */
3256 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3257 /* CKA_EXTRACTABLE -> CK_TRUE to CK_FALSE is allowed */
3258 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3259 /* CKA_COPYABLE -> CK_TRUE to CK_FALSE is allowed */
3260 { CKA_COPYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3261 };
3262 CK_ATTRIBUTE set_inv_template1[] = {
3263 /* Attributes Not Modifiable */
3264 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA},
3265 sizeof(CK_OBJECT_CLASS) },
3266 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3267 { CKA_ALWAYS_SENSITIVE, &(CK_BBOOL){CK_FALSE},
3268 sizeof(CK_BBOOL) },
3269 { CKA_NEVER_EXTRACTABLE, &(CK_BBOOL){CK_FALSE},
3270 sizeof(CK_BBOOL) },
3271 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3272 { CKA_PRIVATE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3273 { CKA_MODIFIABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3274 { CKA_DESTROYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3275 /* Change not allowed from CK_TRUE -> CK_FALSE */
3276 { CKA_SENSITIVE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3277 /* Change not allowed from CK_FALSE -> CK_TRUE */
3278 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3279 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3280 };
3281 CK_ATTRIBUTE set_inv_template2[] = {
3282 { CKA_APPLICATION, (CK_UTF8CHAR_PTR)label, sizeof(label) },
3283 };
3284 CK_ATTRIBUTE set_trusted_template[] = {
3285 { CKA_TRUSTED, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3286 };
3287
3288 rv = init_lib_and_find_token_slot(&slot);
3289 if (!ADBG_EXPECT_CK_OK(c, rv))
3290 return;
3291
3292 rv = init_test_token(slot);
3293 if (!ADBG_EXPECT_CK_OK(c, rv))
3294 goto close_lib;
3295
3296 rv = init_user_test_token(slot);
3297 if (!ADBG_EXPECT_CK_OK(c, rv))
3298 goto close_lib;
3299
3300 /* Open a RW session */
3301 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3302 if (!ADBG_EXPECT_CK_OK(c, rv))
3303 goto close_lib;
3304
3305 /* Create a secret key object */
3306 rv = C_CreateObject(session, secret_key_template,
3307 ARRAY_SIZE(secret_key_template), &obj_hdl);
3308 if (!ADBG_EXPECT_CK_OK(c, rv))
3309 goto close_session;
3310
3311 Do_ADBG_BeginSubCase(c, "Set attributes on secret key object");
3312
3313 rv = C_GetAttributeValue(session, obj_hdl, get_template,
3314 ARRAY_SIZE(get_template));
3315 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3316 !ADBG_EXPECT_BUFFER(c, label, strlen(label), g_label,
3317 get_template[0].ulValueLen) ||
3318 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
3319 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_FALSE) ||
3320 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_FALSE) ||
3321 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_TRUE) ||
3322 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_TRUE) ||
3323 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_TRUE) ||
3324 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_TRUE) ||
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3325 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_len, ==, 16) ||
Ruchika Gupta1fe9d4e2021-01-28 13:52:27 +0530[diff] [blame]3326 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_template[1].ulValueLen, ==, 0))
3327 goto out;
3328
3329 rv = C_SetAttributeValue(session, obj_hdl, set_template,
3330 ARRAY_SIZE(set_template));
3331 if (!ADBG_EXPECT_CK_OK(c, rv))
3332 goto out;
3333
3334 get_template[0].ulValueLen = sizeof(g_label);
3335 get_template[1].ulValueLen = sizeof(g_id);
3336 rv = C_GetAttributeValue(session, obj_hdl, get_template,
3337 ARRAY_SIZE(get_template));
3338 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3339 !ADBG_EXPECT_BUFFER(c, new_label, strlen(new_label), g_label,
3340 get_template[0].ulValueLen) ||
3341 !ADBG_EXPECT_BUFFER(c, id, strlen(id), g_id,
3342 get_template[1].ulValueLen) ||
3343 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_TRUE) ||
3344 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_TRUE) ||
3345 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_TRUE) ||
3346 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_FALSE) ||
3347 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_FALSE) ||
3348 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_FALSE) ||
3349 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_FALSE))
3350 goto out;
3351
3352 Do_ADBG_EndSubCase(c, NULL);
3353
3354 Do_ADBG_BeginSubCase(c, "Test Invalid template with R/O Attributes");
3355
3356 for (n = 0; n < ARRAY_SIZE(set_inv_template1); n++) {
3357 rv = C_SetAttributeValue(session, obj_hdl,
3358 &set_inv_template1[n], 1);
3359 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_READ_ONLY, rv))
3360 goto out;
3361 }
3362
3363 Do_ADBG_EndSubCase(c, NULL);
3364
3365 Do_ADBG_BeginSubCase(c, "Test Invalid template with Invalid Attribute");
3366
3367 rv = C_SetAttributeValue(session, obj_hdl, set_inv_template2,
3368 ARRAY_SIZE(set_inv_template2));
3369 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_TYPE_INVALID, rv))
3370 goto out;
3371
3372 Do_ADBG_EndSubCase(c, NULL);
3373
3374 Do_ADBG_BeginSubCase(c, "Set CKA_TRUSTED with and w/o SO Login");
3375
3376 rv = C_SetAttributeValue(session, obj_hdl, set_trusted_template,
3377 ARRAY_SIZE(set_trusted_template));
3378 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_READ_ONLY, rv))
3379 goto out;
3380
3381 /* Login as SO in RW session */
3382 rv = C_Login(session, CKU_SO, test_token_so_pin,
3383 sizeof(test_token_so_pin));
3384 if (!ADBG_EXPECT_CK_OK(c, rv))
3385 goto out;
3386
3387 rv = C_SetAttributeValue(session, obj_hdl, set_trusted_template,
3388 ARRAY_SIZE(set_trusted_template));
3389 ADBG_EXPECT_CK_OK(c, rv);
3390
3391 ADBG_EXPECT_CK_OK(c, C_Logout(session));
3392out:
3393 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, obj_hdl));
3394
3395 Do_ADBG_EndSubCase(c, NULL);
3396
3397close_session:
3398 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
3399
3400close_lib:
3401 ADBG_EXPECT_CK_OK(c, close_lib());
3402}
3403ADBG_CASE_DEFINE(pkcs11, 1014, xtest_pkcs11_test_1014,
3404 "PKCS11: Test C_SetAttributeValue()");
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3405
3406static void xtest_pkcs11_test_1015(ADBG_Case_t *c)
3407{
3408 CK_RV rv = CKR_GENERAL_ERROR;
3409 CK_SLOT_ID slot = 0;
3410 CK_SESSION_HANDLE rw_session = CK_INVALID_HANDLE;
3411 CK_SESSION_HANDLE ro_session = CK_INVALID_HANDLE;
3412 CK_FLAGS rw_session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3413 CK_FLAGS ro_session_flags = CKF_SERIAL_SESSION;
3414 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
3415 CK_OBJECT_HANDLE obj_hdl_ro = CK_INVALID_HANDLE;
3416 CK_OBJECT_HANDLE obj_hdl_cp = CK_INVALID_HANDLE;
3417 const char *label = "Dummy Objects";
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3418 CK_ATTRIBUTE secret_key_create_template[] = {
3419 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3420 sizeof(CK_OBJECT_CLASS) },
3421 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
3422 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3423 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3424 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3425 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3426 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3427 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3428 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
3429 };
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3430 CK_ATTRIBUTE secret_key_template[] = {
3431 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3432 sizeof(CK_OBJECT_CLASS) },
3433 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
3434 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3435 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3436 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3437 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3438 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3439 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3440 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3441 };
3442 CK_BBOOL g_token = CK_FALSE;
3443 CK_BBOOL g_private = CK_FALSE;
3444 CK_BBOOL g_modify = CK_FALSE;
3445 CK_BBOOL g_copy = CK_FALSE;
3446 CK_BBOOL g_destroy = CK_FALSE;
3447 CK_BBOOL g_extract = CK_FALSE;
3448 CK_BBOOL g_sensitive = CK_FALSE;
3449 CK_BBOOL g_nextract = CK_FALSE;
3450 CK_BBOOL g_asensitive = CK_FALSE;
3451 CK_BBOOL g_local = CK_FALSE;
Vesa Jääskeläinen06f428a2021-06-27 20:02:29 +0300[diff] [blame]3452 CK_BYTE g_value[16] = { };
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3453 CK_ATTRIBUTE get_template[] = {
3454 { CKA_TOKEN, &g_token, sizeof(CK_BBOOL) },
3455 { CKA_PRIVATE, &g_private, sizeof(CK_BBOOL) },
3456 { CKA_MODIFIABLE, &g_modify, sizeof(CK_BBOOL) },
3457 { CKA_COPYABLE, &g_copy, sizeof(CK_BBOOL) },
3458 { CKA_DESTROYABLE, &g_destroy, sizeof(CK_BBOOL) },
3459 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
3460 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
3461 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
3462 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
3463 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
3464 };
Vesa Jääskeläinen06f428a2021-06-27 20:02:29 +0300[diff] [blame]3465 CK_ATTRIBUTE get_value_template[] = {
3466 { CKA_VALUE, &g_value, sizeof(g_value) }
3467 };
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3468 CK_ATTRIBUTE copy_template[] = {
3469 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3470 { CKA_MODIFIABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3471 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3472 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3473 };
3474 CK_ATTRIBUTE copy_template_inv[] = {
3475 { CKA_APPLICATION, (CK_UTF8CHAR_PTR)label, sizeof(label) },
3476 };
3477 CK_ATTRIBUTE copy_template_priv[] = {
3478 { CKA_PRIVATE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3479 };
3480 CK_ATTRIBUTE set_template[] = {
3481 { CKA_COPYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3482 };
3483
3484 rv = init_lib_and_find_token_slot(&slot);
3485 if (!ADBG_EXPECT_CK_OK(c, rv))
3486 return;
3487
3488 rv = init_test_token(slot);
3489 if (!ADBG_EXPECT_CK_OK(c, rv))
3490 goto close_lib;
3491
3492 rv = init_user_test_token(slot);
3493 if (!ADBG_EXPECT_CK_OK(c, rv))
3494 goto close_lib;
3495
3496 /* Open a RW session */
3497 rv = C_OpenSession(slot, rw_session_flags, NULL, 0, &rw_session);
3498 if (!ADBG_EXPECT_CK_OK(c, rv))
3499 goto close_lib;
3500
3501 /* Open a RO session */
3502 rv = C_OpenSession(slot, ro_session_flags, NULL, 0, &ro_session);
3503 if (!ADBG_EXPECT_CK_OK(c, rv))
3504 goto close_session;
3505
Ruchika Guptaf2eb88a2021-03-22 19:38:11 +0530[diff] [blame^]3506 /*
3507 * All objects in this test are session objects hence released at
3508 * session closure on test completion.
3509 */
3510
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3511 /* Generate a secret key object in rw session */
3512 rv = C_GenerateKey(rw_session, &cktest_aes_keygen_mechanism,
3513 secret_key_template,
3514 ARRAY_SIZE(secret_key_template), &obj_hdl);
3515 if (!ADBG_EXPECT_CK_OK(c, rv))
3516 goto close_session;
3517
3518 /* Check its attribute values */
3519 rv = C_GetAttributeValue(rw_session, obj_hdl, get_template,
3520 ARRAY_SIZE(get_template));
3521 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3522 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3523 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3524 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3525 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3526 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3527 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
3528 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3529 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3530 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3531 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3532 goto close_session;
3533
Vesa Jääskeläinen06f428a2021-06-27 20:02:29 +0300[diff] [blame]3534 /* Check that we can get (secret) CKA_VALUE */
3535 get_value_template[0].ulValueLen = sizeof(g_value);
3536 rv = C_GetAttributeValue(rw_session, obj_hdl, get_value_template,
3537 ARRAY_SIZE(get_value_template));
3538 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3539 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_value_template[0].ulValueLen,
3540 ==, sizeof(g_value)))
3541 goto close_session;
3542
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3543 /* Create a secret key object in ro session*/
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]3544 rv = C_CreateObject(ro_session, secret_key_create_template,
3545 ARRAY_SIZE(secret_key_create_template), &obj_hdl_ro);
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3546 if (!ADBG_EXPECT_CK_OK(c, rv))
3547 goto close_session;
3548
3549 /*
3550 * Duplicate the object generated in RW session using C_GenerateKey() to
3551 * another object. Pass Template as NULL and test the attributes of
3552 * new created object.
3553 */
3554 Do_ADBG_BeginSubCase(c, "Copy Local Obj with NULL Template");
3555 rv = C_CopyObject(rw_session, obj_hdl, NULL, 0, &obj_hdl_cp);
3556 if (!ADBG_EXPECT_CK_OK(c, rv))
3557 goto out;
3558
3559 /*
3560 * Check its attribute values, should match the original object.
3561 * CKA_LOCAL shall be TRUE even in copied object as original object
3562 * was generated using C_GenerateKey()
3563 */
3564 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_template,
3565 ARRAY_SIZE(get_template));
3566 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3567 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3568 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3569 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3570 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3571 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3572 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
3573 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3574 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3575 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3576 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3577 goto out;
3578
3579 rv = C_DestroyObject(rw_session, obj_hdl_cp);
3580 if (!ADBG_EXPECT_CK_OK(c, rv))
3581 goto out;
3582
3583 obj_hdl_cp = CK_INVALID_HANDLE;
3584
3585 Do_ADBG_EndSubCase(c, NULL);
3586
3587 /*
3588 * Duplicate the object generated in RO session using C_CreateObject()
3589 * to another object. Pass Template as NULL and test the attributes of
3590 * new created object.
3591 */
3592 Do_ADBG_BeginSubCase(c, "Copy a non-local object with NULL Template");
3593
3594 /* Copy ro session object */
3595 rv = C_CopyObject(ro_session, obj_hdl_ro, NULL, 0, &obj_hdl_cp);
3596 if (!ADBG_EXPECT_CK_OK(c, rv))
3597 goto out;
3598
3599 /*
3600 * Check its attribute values, should match the original object.
3601 * CKA_LOCAL shall be FALSE even in copied object as original object
3602 * was generated using C_CreateObject()
3603 */
3604 rv = C_GetAttributeValue(ro_session, obj_hdl_cp, get_template,
3605 ARRAY_SIZE(get_template));
3606 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3607 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3608 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3609 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3610 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3611 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3612 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
3613 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3614 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3615 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3616 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3617 goto out;
3618
3619 rv = C_DestroyObject(ro_session, obj_hdl_cp);
3620 if (!ADBG_EXPECT_CK_OK(c, rv))
3621 goto out;
3622
3623 obj_hdl_cp = CK_INVALID_HANDLE;
3624
3625 Do_ADBG_EndSubCase(c, NULL);
3626
3627 /*
3628 * Test copying object with a valid template and check if attributes
3629 * get modified as indicated in the template. Checks modification of
3630 * attributes like CKA_TOKEN, CKA_MODIFIABLE which were not modifiable
3631 * via C_SetAttributeValue(). Also modifies the CKA_SENSITIVE,
3632 * CKA_EXTRACTABLE and checks corresponding values of RO attributes
3633 * CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE.
3634 */
3635 Do_ADBG_BeginSubCase(c, "Copy Object with Valid Template");
3636
3637 /*
3638 * Copy Session Object as a Token object
3639 * Properties CKA_MODIFIABLE turned to FALSE
3640 * CKA_EXTRACTABLE changed from TRUE to FALSE
3641 * CKA_NEVER_EXTRACTABLE should be FALSE.
3642 * CKA_SENSITIVE set to TRUE
3643 * However CKA_ALWAYS_SENSITIVE should be FALSE
3644 */
3645 rv = C_CopyObject(rw_session, obj_hdl, copy_template,
3646 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3647 if (!ADBG_EXPECT_CK_OK(c, rv))
3648 goto out;
3649
3650 /* Check the changed attribute values */
3651 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_template,
3652 ARRAY_SIZE(get_template));
3653 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3654 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_TRUE) ||
3655 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_FALSE) ||
3656 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
3657 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3658 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
3659 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3660 goto out;
3661
Vesa Jääskeläinen06f428a2021-06-27 20:02:29 +0300[diff] [blame]3662 /* Check that we cannot anymore get (secret) CKA_VALUE */
3663 get_value_template[0].ulValueLen = sizeof(g_value);
3664 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_value_template,
3665 ARRAY_SIZE(get_value_template));
3666 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_SENSITIVE, rv) ||
3667 !(get_value_template[0].ulValueLen == CK_UNAVAILABLE_INFORMATION))
3668 goto close_session;
3669
Ruchika Gupta1f60ed42021-02-02 13:15:58 +0530[diff] [blame]3670 /*
3671 * The copied object has CKA_MODIFIABLE set to FALSE. Check if
3672 * call to C_SetAttributeValue() returns CKR_ACTION_PROHIBITED
3673 */
3674 rv = C_SetAttributeValue(rw_session, obj_hdl_cp, set_template,
3675 ARRAY_SIZE(set_template));
3676 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ACTION_PROHIBITED, rv))
3677 goto out;
3678
3679 rv = C_DestroyObject(rw_session, obj_hdl_cp);
3680 if (!ADBG_EXPECT_CK_OK(c, rv))
3681 goto out;
3682
3683 obj_hdl_cp = CK_INVALID_HANDLE;
3684
3685 Do_ADBG_EndSubCase(c, NULL);
3686
3687 /*
3688 * Test changing the CKA_PRIVATE to TRUE when copying object.
3689 * Fails when user is not logged in. Passes after user logs in
3690 */
3691 Do_ADBG_BeginSubCase(c, "Copy Object as a Private Object");
3692
3693 /* The first attempt will fail as user is not logged in */
3694 rv = C_CopyObject(rw_session, obj_hdl, copy_template_priv,
3695 ARRAY_SIZE(copy_template_priv), &obj_hdl_cp);
3696 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3697 goto out;
3698
3699 /* Login to Test Token and repeat*/
3700 rv = C_Login(rw_session, CKU_USER, test_token_user_pin,
3701 sizeof(test_token_user_pin));
3702 if (!ADBG_EXPECT_CK_OK(c, rv))
3703 goto out;
3704
3705 /* Try copying a public object to a private object - should pass */
3706 rv = C_CopyObject(rw_session, obj_hdl, copy_template_priv,
3707 ARRAY_SIZE(copy_template_priv), &obj_hdl_cp);
3708 if (!ADBG_EXPECT_CK_OK(c, rv)) {
3709 ADBG_EXPECT_CK_OK(c, C_Logout(rw_session));
3710 goto out;
3711 }
3712
3713 if (!ADBG_EXPECT_CK_OK(c, C_Logout(rw_session)))
3714 goto out;
3715
3716 Do_ADBG_EndSubCase(c, NULL);
3717
3718 Do_ADBG_BeginSubCase(c, "Copy Object with Invalid Template");
3719
3720 rv = C_CopyObject(rw_session, obj_hdl, copy_template_inv,
3721 ARRAY_SIZE(copy_template_inv), &obj_hdl_cp);
3722 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_TYPE_INVALID, rv))
3723 goto out;
3724
3725 Do_ADBG_EndSubCase(c, NULL);
3726
3727 Do_ADBG_BeginSubCase(c, "Copy Object with COPYABLE false");
3728
3729 rv = C_SetAttributeValue(rw_session, obj_hdl, set_template,
3730 ARRAY_SIZE(set_template));
3731 if (!ADBG_EXPECT_CK_OK(c, rv))
3732 goto out;
3733
3734 rv = C_CopyObject(rw_session, obj_hdl, copy_template,
3735 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3736 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ACTION_PROHIBITED, rv))
3737 goto out;
3738
3739 Do_ADBG_EndSubCase(c, NULL);
3740
3741 Do_ADBG_BeginSubCase(c, "Copy session object to token in RO session");
3742
3743 rv = C_CopyObject(ro_session, obj_hdl_ro, copy_template,
3744 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3745 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3746 goto out;
3747
3748out:
3749 Do_ADBG_EndSubCase(c, NULL);
3750
3751 /* Destroy any token objects which may have been created */
3752 destroy_persistent_objects(c, slot);
3753
3754close_session:
3755 /* Closing session will also destroy all session objects */
3756 if (ro_session != CK_INVALID_HANDLE)
3757 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3758
3759 ADBG_EXPECT_CK_OK(c, C_CloseSession(rw_session));
3760
3761close_lib:
3762 ADBG_EXPECT_CK_OK(c, close_lib());
3763}
3764ADBG_CASE_DEFINE(pkcs11, 1015, xtest_pkcs11_test_1015,
3765 "PKCS11: Test C_CopyObject()");
Vesa Jääskeläinenf8687fe2021-02-06 20:58:22 +0200[diff] [blame]3766
3767static void xtest_pkcs11_test_1016(ADBG_Case_t *c)
3768{
3769 CK_RV rv = CKR_GENERAL_ERROR;
3770 CK_SLOT_ID slot = 0;
3771 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3772 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3773 uint8_t buffer[64] = { 0 };
3774 size_t i = 0;
3775
3776 rv = init_lib_and_find_token_slot(&slot);
3777 if (!ADBG_EXPECT_CK_OK(c, rv))
3778 return;
3779
3780 rv = init_test_token(slot);
3781 if (!ADBG_EXPECT_CK_OK(c, rv))
3782 goto close_lib;
3783
3784 rv = init_user_test_token(slot);
3785 if (!ADBG_EXPECT_CK_OK(c, rv))
3786 goto close_lib;
3787
3788 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3789 if (!ADBG_EXPECT_CK_OK(c, rv))
3790 goto close_lib;
3791
3792 Do_ADBG_BeginSubCase(c, "Seed random bytes");
3793
3794 memset(buffer, 0xCC, sizeof(buffer));
3795
3796 rv = C_SeedRandom(session, buffer, sizeof(buffer));
3797 if (!ADBG_EXPECT_CK_OK(c, rv))
3798 goto out;
3799
3800 Do_ADBG_EndSubCase(c, NULL);
3801
3802 Do_ADBG_BeginSubCase(c, "Seed random bytes with zero length buffer");
3803
3804 rv = C_SeedRandom(session, buffer, 0);
3805 if (!ADBG_EXPECT_CK_OK(c, rv))
3806 goto out;
3807
3808 rv = C_SeedRandom(session, NULL, 0);
3809 if (!ADBG_EXPECT_CK_OK(c, rv))
3810 goto out;
3811
3812 Do_ADBG_EndSubCase(c, NULL);
3813
3814 Do_ADBG_BeginSubCase(c, "Generate random bytes");
3815
3816 memset(buffer, 0xCC, sizeof(buffer));
3817
3818 rv = C_GenerateRandom(session, buffer, 61);
3819 if (!ADBG_EXPECT_CK_OK(c, rv))
3820 goto out;
3821
3822 /* Verify that end of buffer is still 0xCC */
3823 for (i = 61; i < sizeof(buffer); i++)
3824 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, buffer[i], ==, 0xCC))
3825 break;
3826
3827 Do_ADBG_EndSubCase(c, NULL);
3828
3829 Do_ADBG_BeginSubCase(c, "Generate random bytes with zero length buffer");
3830
3831 memset(buffer, 0xCC, sizeof(buffer));
3832
3833 rv = C_GenerateRandom(session, buffer, 0);
3834 if (!ADBG_EXPECT_CK_OK(c, rv))
3835 goto out;
3836
3837 /* Verify that whole buffer is still 0xCC */
3838 for (i = 0; i < sizeof(buffer); i++)
3839 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, buffer[i], ==, 0xCC))
3840 break;
3841
3842 rv = C_GenerateRandom(session, NULL, 0);
3843 ADBG_EXPECT_CK_OK(c, rv);
3844
3845out:
3846 Do_ADBG_EndSubCase(c, NULL);
3847
3848 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
3849
3850close_lib:
3851 ADBG_EXPECT_CK_OK(c, close_lib());
3852}
3853ADBG_CASE_DEFINE(pkcs11, 1016, xtest_pkcs11_test_1016,
3854 "PKCS11: Random number generator tests");
Ruchika Gupta5f7717a2021-02-17 13:34:24 +0530[diff] [blame]3855
3856static CK_RV derive_sym_key(CK_SESSION_HANDLE session,
3857 CK_OBJECT_HANDLE parent_key,
3858 CK_MECHANISM_TYPE mechanism, size_t data_len,
3859 CK_OBJECT_HANDLE_PTR derv_key_hdl, size_t key_len,
3860 CK_OBJECT_CLASS key_class, CK_KEY_TYPE key_type,
3861 CK_BBOOL sensitive, CK_BBOOL extble)
3862{
3863 CK_RV rv = CKR_GENERAL_ERROR;
3864 uint8_t buffer[512] = { 0 };
3865 uint8_t iv[16] = { 0 };
3866 CK_MECHANISM mech_derive = { 0 };
3867 CK_KEY_DERIVATION_STRING_DATA key_derv_param = { 0 };
Victor Chonge3a876d2021-05-04 18:03:07 +0100[diff] [blame]3868 CK_AES_CBC_ENCRYPT_DATA_PARAMS aes_cbc_param = { };
Ruchika Gupta5f7717a2021-02-17 13:34:24 +0530[diff] [blame]3869 CK_ATTRIBUTE derived_key_template[] = {
3870 { CKA_CLASS, &key_class, sizeof(key_class) },
3871 { CKA_KEY_TYPE, &key_type, sizeof(key_type) },
3872 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3873 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3874 { CKA_SENSITIVE, &sensitive, sizeof(sensitive) },
3875 { CKA_EXTRACTABLE, &extble, sizeof(extble) },
3876 { CKA_VALUE_LEN, &key_len, sizeof(key_len) }
3877 };
3878
3879 if (data_len > sizeof(buffer))
3880 return rv;
3881
3882 switch (mechanism) {
3883 case CKM_AES_ECB_ENCRYPT_DATA:
3884 key_derv_param.pData = buffer;
3885 key_derv_param.ulLen = data_len;
3886 mech_derive.mechanism = mechanism;
3887 mech_derive.pParameter = &key_derv_param;
3888 mech_derive.ulParameterLen = sizeof(key_derv_param);
3889 break;
3890 case CKM_AES_CBC_ENCRYPT_DATA:
3891 memcpy(aes_cbc_param.iv, iv, 16);
3892 aes_cbc_param.pData = buffer;
3893 aes_cbc_param.length = data_len;
3894 mech_derive.mechanism = mechanism;
3895 mech_derive.pParameter = &aes_cbc_param;
3896 mech_derive.ulParameterLen = sizeof(aes_cbc_param);
3897 break;
3898 case CKM_AES_ECB:
3899 /* Not a derivation algorithm */
3900 mech_derive.mechanism = mechanism;
3901 mech_derive.pParameter = NULL;
3902 mech_derive.ulParameterLen = 0;
3903 break;
3904 default:
3905 return rv;
3906 }
3907
3908 /* Don't use VALUE_LEN parameter if key_len passed is 0 */
3909 if (key_len)
3910 rv = C_DeriveKey(session, &mech_derive, parent_key,
3911 derived_key_template,
3912 ARRAY_SIZE(derived_key_template),
3913 derv_key_hdl);
3914 else
3915 /* last attribute in template is the derived key size */
3916 rv = C_DeriveKey(session, &mech_derive, parent_key,
3917 derived_key_template,
3918 ARRAY_SIZE(derived_key_template) - 1,
3919 derv_key_hdl);
3920 return rv;
3921}
3922
3923static void xtest_pkcs11_test_1017(ADBG_Case_t *c)
3924{
3925 CK_RV rv = CKR_GENERAL_ERROR;
3926 CK_SLOT_ID slot = 0;
3927 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3928 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3929 CK_OBJECT_HANDLE derv_key_hdl = CK_INVALID_HANDLE;
3930 CK_OBJECT_HANDLE aes_key1 = CK_INVALID_HANDLE;
3931 CK_OBJECT_HANDLE aes_key2 = CK_INVALID_HANDLE;
3932 CK_OBJECT_HANDLE aes_key_enc = CK_INVALID_HANDLE;
3933 size_t data_len = 0;
3934 size_t key_len = 0;
3935 CK_BBOOL g_extract = CK_FALSE;
3936 CK_BBOOL g_sensitive = CK_FALSE;
3937 CK_BBOOL g_nextract = CK_FALSE;
3938 CK_BBOOL g_asensitive = CK_FALSE;
3939 CK_BBOOL g_local = CK_FALSE;
3940 CK_OBJECT_CLASS g_class = CKO_VENDOR_DEFINED;
3941 CK_KEY_TYPE g_key_type = CKK_VENDOR_DEFINED;
3942 uint8_t g_val[516] = { 0 };
3943 CK_ULONG secret_len = 0;
3944 CK_ATTRIBUTE get_template[] = {
3945 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
3946 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
3947 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
3948 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
3949 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
3950 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
3951 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
3952 { CKA_VALUE_LEN, &secret_len, sizeof(secret_len) },
3953 /*
3954 * CKA_VALUE should remain last attribute in template,
3955 * in this test case as we check the length returned
3956 * from last index of the get_template in this test.
3957 */
3958 { CKA_VALUE, g_val, sizeof(g_val) },
3959 };
3960 uint32_t idx = ARRAY_SIZE(get_template) - 1;
3961 CK_ATTRIBUTE parent_template1[] = {
3962 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3963 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3964 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3965 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3966 };
3967 CK_ATTRIBUTE parent_template2[] = {
3968 { CKA_SENSITIVE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3969 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3970 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3971 { CKA_ENCRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3972 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3973 };
3974 CK_ATTRIBUTE parent_template_wo_derive[] = {
3975 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3976 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3977 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3978 };
3979 CK_ATTRIBUTE parent_template_w_enc_der[] = {
3980 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3981 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3982 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3983 };
3984
3985 rv = init_lib_and_find_token_slot(&slot);
3986 if (!ADBG_EXPECT_CK_OK(c, rv))
3987 return;
3988
3989 rv = init_test_token(slot);
3990 if (!ADBG_EXPECT_CK_OK(c, rv))
3991 goto close_lib;
3992
3993 rv = init_user_test_token(slot);
3994 if (!ADBG_EXPECT_CK_OK(c, rv))
3995 goto close_lib;
3996
3997 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3998 if (!ADBG_EXPECT_CK_OK(c, rv))
3999 goto close_lib;
4000
4001 /*
4002 * Parent AES Key 1
4003 * SENSITIVE = TRUE, EXTRACTABLE = FALSE
4004 * ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4005 */
4006 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4007 parent_template1, ARRAY_SIZE(parent_template1),
4008 &aes_key1);
4009 if (!ADBG_EXPECT_CK_OK(c, rv))
4010 goto close_session;
4011
4012 /*
4013 * Parent AES Key 2
4014 * SENSITIVE = FALSE, EXTRACTABLE = TRUE
4015 * ALWAYS_SENSITIVE = FALSE, NEVER_EXTRACTABLE = FALSE
4016 */
4017 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4018 parent_template2, ARRAY_SIZE(parent_template2),
4019 &aes_key2);
4020 if (!ADBG_EXPECT_CK_OK(c, rv))
4021 goto close_session;
4022
4023 Do_ADBG_BeginSubCase(c, "Derive Generic secret - AES-ECB Mechanism");
4024
4025 /*
4026 * Use AES key 1 as Parent key
4027 * 1. VALUE_LEN attribute not given in derivation template. Length
4028 * of key should be same as that of data length.
4029 * 2. Derivation template has SENSITIVE = TRUE, EXTRACTABLE = FALSE
4030 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4031 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4032 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4033 * 3. LOCAL should be false
4034 */
4035 data_len = 512;
4036 key_len = 0;
4037 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4038 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4039 CKK_GENERIC_SECRET, CK_TRUE, CK_FALSE);
4040 if (!ADBG_EXPECT_CK_OK(c, rv))
4041 goto out;
4042
4043 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4044 ARRAY_SIZE(get_template) - 1);
4045 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4046 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, data_len) ||
4047 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4048 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==,
4049 CKK_GENERIC_SECRET) ||
4050 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4051 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
4052 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
4053 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_TRUE) ||
4054 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE))
4055 goto out;
4056
4057 rv = C_DestroyObject(session, derv_key_hdl);
4058 if (!ADBG_EXPECT_CK_OK(c, rv))
4059 goto out;
4060
4061 Do_ADBG_EndSubCase(c, NULL);
4062
4063 Do_ADBG_BeginSubCase(c, "Derive AES key using AES-EBC");
4064
4065 /*
4066 * Use AES key 2 as Parent key
4067 * 1. VALUE_LEN < DATA_LEN, Derived key should have VALUE_LEN key size
4068 * 2. Derivation template has SENSITIVE = TRUE, EXTRACTABLE = FALSE
4069 * Parent key has ALWAYS_SENSITIVE = FALSE, NEVER_EXTRACTABLE = FALSE
4070 * So derived key, ALWAYS_SENSITIVE will be FALSE and
4071 * NEVER_EXTRACTABLE will be FALSE
4072 * 3. LOCAL should be false
4073 */
4074 data_len = 32;
4075 key_len = 16;
4076 rv = derive_sym_key(session, aes_key2, CKM_AES_ECB_ENCRYPT_DATA,
4077 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4078 CKK_AES, CK_TRUE, CK_FALSE);
4079 if (!ADBG_EXPECT_CK_OK(c, rv))
4080 goto out;
4081
4082 /* This being a SENSITIVE object, we can't get the VALUE */
4083 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4084 ARRAY_SIZE(get_template) - 1);
4085 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4086 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4087 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4088 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
4089 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4090 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
4091 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
4092 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4093 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
4094 goto out;
4095
4096 rv = C_DestroyObject(session, derv_key_hdl);
4097 if (!ADBG_EXPECT_CK_OK(c, rv))
4098 goto out;
4099
4100 Do_ADBG_EndSubCase(c, NULL);
4101
4102 Do_ADBG_BeginSubCase(c, "Derive AES key using AES-CBC");
4103
4104 /*
4105 * Use AES key 1 as Parent key
4106 * 1. VALUE_LEN = DATA_LEN, Derived key should have VALUE_LEN key size
4107 * 2. Derivation template has SENSITIVE = FALSE, EXTRACTABLE = FALSE
4108 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4109 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4110 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4111 * 3. LOCAL should be false
4112 */
4113 data_len = 32;
4114 key_len = 32;
4115 rv = derive_sym_key(session, aes_key1, CKM_AES_CBC_ENCRYPT_DATA,
4116 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4117 CKK_AES, CK_FALSE, CK_FALSE);
4118 if (!ADBG_EXPECT_CK_OK(c, rv))
4119 goto out;
4120
4121 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4122 ARRAY_SIZE(get_template) - 1);
4123 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4124 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4125 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4126 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
4127 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4128 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
4129 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
4130 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4131 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE))
4132 goto out;
4133
4134 rv = C_DestroyObject(session, derv_key_hdl);
4135 if (!ADBG_EXPECT_CK_OK(c, rv))
4136 goto out;
4137
4138 Do_ADBG_EndSubCase(c, NULL);
4139
4140 Do_ADBG_BeginSubCase(c, "Derive Generic secret key using AES-CBC");
4141 /*
4142 * Use AES key 2 as Parent key
4143 * 1. VALUE_LEN < DATA_LEN, Derived key should have VALUE_LEN key size
4144 * 2. Derivation template has SENSITIVE = FALSE, EXTRACTABLE = TRUE
4145 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4146 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4147 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4148 * 3. LOCAL should be false
4149 */
4150 data_len = 512;
4151 key_len = 256;
4152 rv = derive_sym_key(session, aes_key2, CKM_AES_CBC_ENCRYPT_DATA,
4153 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4154 CKK_GENERIC_SECRET, CK_FALSE, CK_TRUE);
4155 if (!ADBG_EXPECT_CK_OK(c, rv))
4156 goto out;
4157
4158 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4159 ARRAY_SIZE(get_template));
4160 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4161 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_template[idx].ulValueLen, ==,
4162 key_len) ||
4163 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4164 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4165 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==,
4166 CKK_GENERIC_SECRET) ||
4167 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4168 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
4169 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
4170 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4171 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
4172 goto out;
4173
4174 rv = C_DestroyObject(session, derv_key_hdl);
4175 if (!ADBG_EXPECT_CK_OK(c, rv))
4176 goto out;
4177
4178 Do_ADBG_EndSubCase(c, NULL);
4179
4180 Do_ADBG_BeginSubCase(c, "Invalid parameters during derivation");
4181
4182 /* Length of data used for derivation < key length */
4183 data_len = 16;
4184 key_len = 32;
4185 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4186 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4187 CKK_AES, CK_FALSE, CK_TRUE);
4188 if (!ADBG_EXPECT_CK_RESULT(c, CKR_DATA_LEN_RANGE, rv))
4189 goto out;
4190
4191 /* Data is not multiple of 16 */
4192 data_len = 18;
4193 key_len = 32;
4194 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4195 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4196 CKK_AES, CK_FALSE, CK_TRUE);
4197 if (!ADBG_EXPECT_CK_RESULT(c, CKR_DATA_LEN_RANGE, rv))
4198 goto out;
4199
4200 /* Wrong Mechanism */
4201 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB,
4202 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4203 CKK_AES, CK_FALSE, CK_TRUE);
4204 if (!ADBG_EXPECT_CK_RESULT(c, CKR_MECHANISM_INVALID, rv))
4205 goto out;
4206
4207 Do_ADBG_EndSubCase(c, NULL);
4208
4209 Do_ADBG_BeginSubCase(c, "Failure if operation already active");
4210
4211 /* Generate an AES key which can perform Encryption */
4212 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4213 parent_template_w_enc_der,
4214 ARRAY_SIZE(parent_template_w_enc_der),
4215 &aes_key_enc);
4216 if (!ADBG_EXPECT_CK_OK(c, rv))
4217 goto out;
4218
4219 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, aes_key_enc);
4220 if (!ADBG_EXPECT_CK_OK(c, rv))
4221 goto out;
4222
4223 data_len = 32;
4224 key_len = 32;
4225 rv = derive_sym_key(session, aes_key2, CKM_AES_ECB_ENCRYPT_DATA,
4226 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4227 CKK_AES, CK_FALSE, CK_TRUE);
4228 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_ACTIVE, rv))
4229 goto out;
4230
4231 rv = C_EncryptFinal(session, NULL, NULL);
4232 /* Only check that the operation is no more active */
4233 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
4234 goto out;
4235
4236 Do_ADBG_EndSubCase(c, NULL);
4237
4238 Do_ADBG_BeginSubCase(c, "Failure if parent key CKA_ENCRYPT is TRUE");
4239
4240 data_len = 32;
4241 key_len = 32;
4242 rv = derive_sym_key(session, aes_key_enc, CKM_AES_ECB_ENCRYPT_DATA,
4243 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4244 CKK_AES, CK_FALSE, CK_TRUE);
4245 /*
4246 * Not strictly expecting FUNCTION_FAILED but expecting a failure
4247 * as we have added a restriction that keys with attribute CKA_ENCRYPT
4248 * set can't be used for derivation.
4249 */
4250 if (!ADBG_EXPECT_CK_RESULT(c, CKR_FUNCTION_FAILED, rv))
4251 goto out;
4252
4253 Do_ADBG_EndSubCase(c, NULL);
4254
4255 Do_ADBG_BeginSubCase(c, "Failure if parent key CKA_DERIVE is FALSE");
4256
4257 rv = C_DestroyObject(session, aes_key1);
4258 if (!ADBG_EXPECT_CK_OK(c, rv))
4259 goto out;
4260
4261 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4262 parent_template_wo_derive,
4263 ARRAY_SIZE(parent_template_wo_derive),
4264 &aes_key1);
4265 if (!ADBG_EXPECT_CK_OK(c, rv))
4266 goto out;
4267
4268 data_len = 32;
4269 key_len = 32;
4270 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4271 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4272 CKK_AES, CK_FALSE, CK_TRUE);
4273 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_TYPE_INCONSISTENT, rv))
4274 goto out;
4275
4276out:
4277 Do_ADBG_EndSubCase(c, NULL);
4278
4279close_session:
4280 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
4281
4282close_lib:
4283 ADBG_EXPECT_CK_OK(c, close_lib());
4284}
4285ADBG_CASE_DEFINE(pkcs11, 1017, xtest_pkcs11_test_1017,
4286 "PKCS11: AES Key Derivation tests");
Vesa Jääskeläinenc95ee1e2021-03-06 12:20:12 +0200[diff] [blame]4287
4288/* Digest test patterns */
4289static const char digest_test_pattern[] = "The quick brown fox jumps over the lazy dog";
4290static const char digest_test_pattern_empty[] = "";
4291
4292/* MD5 checksums for digest test patterns */
4293static const uint8_t digest_test_pattern_md5[] = {
4294 0x9e, 0x10, 0x7d, 0x9d, 0x37, 0x2b, 0xb6, 0x82, 0x6b, 0xd8, 0x1d, 0x35,
4295 0x42, 0xa4, 0x19, 0xd6
4296};
4297static const uint8_t digest_test_pattern_empty_md5[] = {
4298 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, 0xe9, 0x80, 0x09, 0x98,
4299 0xec, 0xf8, 0x42, 0x7e
4300};
4301
4302/* SHA-1 checksums for digest test patterns */
4303static const uint8_t digest_test_pattern_sha1[] = {
4304 0x2f, 0xd4, 0xe1, 0xc6, 0x7a, 0x2d, 0x28, 0xfc, 0xed, 0x84, 0x9e, 0xe1,
4305 0xbb, 0x76, 0xe7, 0x39, 0x1b, 0x93, 0xeb, 0x12
4306};
4307static const uint8_t digest_test_pattern_empty_sha1[] = {
4308 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55, 0xbf, 0xef,
4309 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09
4310};
4311
4312/* SHA-224 checksums for digest test patterns */
4313static const uint8_t digest_test_pattern_sha224[] = {
4314 0x73, 0x0e, 0x10, 0x9b, 0xd7, 0xa8, 0xa3, 0x2b, 0x1c, 0xb9, 0xd9, 0xa0,
4315 0x9a, 0xa2, 0x32, 0x5d, 0x24, 0x30, 0x58, 0x7d, 0xdb, 0xc0, 0xc3, 0x8b,
4316 0xad, 0x91, 0x15, 0x25
4317};
4318static const uint8_t digest_test_pattern_empty_sha224[] = {
4319 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47, 0x61, 0x02, 0xbb,
4320 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
4321 0xc5, 0xb3, 0xe4, 0x2f
4322};
4323
4324/* SHA-256 checksums for digest test patterns */
4325static const uint8_t digest_test_pattern_sha256[] = {
4326 0xd7, 0xa8, 0xfb, 0xb3, 0x07, 0xd7, 0x80, 0x94, 0x69, 0xca, 0x9a, 0xbc,
4327 0xb0, 0x08, 0x2e, 0x4f, 0x8d, 0x56, 0x51, 0xe4, 0x6d, 0x3c, 0xdb, 0x76,
4328 0x2d, 0x02, 0xd0, 0xbf, 0x37, 0xc9, 0xe5, 0x92
4329};
4330static const uint8_t digest_test_pattern_empty_sha256[] = {
4331 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
4332 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
4333 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
4334};
4335
4336/* SHA-384 checksums for digest test patterns */
4337static const uint8_t digest_test_pattern_sha384[] = {
4338 0xca, 0x73, 0x7f, 0x10, 0x14, 0xa4, 0x8f, 0x4c, 0x0b, 0x6d, 0xd4, 0x3c,
4339 0xb1, 0x77, 0xb0, 0xaf, 0xd9, 0xe5, 0x16, 0x93, 0x67, 0x54, 0x4c, 0x49,
4340 0x40, 0x11, 0xe3, 0x31, 0x7d, 0xbf, 0x9a, 0x50, 0x9c, 0xb1, 0xe5, 0xdc,
4341 0x1e, 0x85, 0xa9, 0x41, 0xbb, 0xee, 0x3d, 0x7f, 0x2a, 0xfb, 0xc9, 0xb1
4342};
4343static const uint8_t digest_test_pattern_empty_sha384[] = {
4344 0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e,
4345 0xb1, 0xb1, 0xe3, 0x6a, 0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43,
4346 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, 0x27, 0x4e, 0xde, 0xbf,
4347 0xe7, 0x6f, 0x65, 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b
4348};
4349
4350/* SHA-512 checksums for digest test patterns */
4351static const uint8_t digest_test_pattern_sha512[] = {
4352 0x07, 0xe5, 0x47, 0xd9, 0x58, 0x6f, 0x6a, 0x73, 0xf7, 0x3f, 0xba, 0xc0,
4353 0x43, 0x5e, 0xd7, 0x69, 0x51, 0x21, 0x8f, 0xb7, 0xd0, 0xc8, 0xd7, 0x88,
4354 0xa3, 0x09, 0xd7, 0x85, 0x43, 0x6b, 0xbb, 0x64, 0x2e, 0x93, 0xa2, 0x52,
4355 0xa9, 0x54, 0xf2, 0x39, 0x12, 0x54, 0x7d, 0x1e, 0x8a, 0x3b, 0x5e, 0xd6,
4356 0xe1, 0xbf, 0xd7, 0x09, 0x78, 0x21, 0x23, 0x3f, 0xa0, 0x53, 0x8f, 0x3d,
4357 0xb8, 0x54, 0xfe, 0xe6
4358};
4359static const uint8_t digest_test_pattern_empty_sha512[] = {
4360 0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, 0xf1, 0x54, 0x28, 0x50,
4361 0xd6, 0x6d, 0x80, 0x07, 0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
4362 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, 0x47, 0xd0, 0xd1, 0x3c,
4363 0x5d, 0x85, 0xf2, 0xb0, 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
4364 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, 0xa5, 0x38, 0x32, 0x7a,
4365 0xf9, 0x27, 0xda, 0x3e
4366};
4367
4368#define DIGEST_TEST(_test_name, _mecha, _data, _digest) \
4369 { \
4370 .test_name = _test_name, \
4371 .mecha = _mecha, \
4372 .data = _data, \
4373 .data_size = sizeof(_data) - 1, \
4374 .digest = _digest, \
4375 .digest_size = sizeof(_digest) \
4376 }
4377
4378/* Digest simple test suite */
4379static struct {
4380 const char *test_name;
4381 CK_MECHANISM_TYPE mecha;
4382 const void *data;
4383 CK_ULONG data_size;
4384 const uint8_t *digest;
4385 CK_ULONG digest_size;
4386} digest_test_patterns[] = {
4387 DIGEST_TEST("CKM_MD5/empty", CKM_MD5, digest_test_pattern_empty,
4388 digest_test_pattern_empty_md5),
4389 DIGEST_TEST("CKM_MD5/test pattern", CKM_MD5, digest_test_pattern,
4390 digest_test_pattern_md5),
4391 DIGEST_TEST("CKM_SHA_1/empty", CKM_SHA_1, digest_test_pattern_empty,
4392 digest_test_pattern_empty_sha1),
4393 DIGEST_TEST("CKM_SHA_1/test pattern", CKM_SHA_1, digest_test_pattern,
4394 digest_test_pattern_sha1),
4395 DIGEST_TEST("CKM_SHA224/empty", CKM_SHA224, digest_test_pattern_empty,
4396 digest_test_pattern_empty_sha224),
4397 DIGEST_TEST("CKM_SHA224/test pattern", CKM_SHA224, digest_test_pattern,
4398 digest_test_pattern_sha224),
4399 DIGEST_TEST("CKM_SHA256/empty", CKM_SHA256, digest_test_pattern_empty,
4400 digest_test_pattern_empty_sha256),
4401 DIGEST_TEST("CKM_SHA256/test pattern", CKM_SHA256, digest_test_pattern,
4402 digest_test_pattern_sha256),
4403 DIGEST_TEST("CKM_SHA384/empty", CKM_SHA384, digest_test_pattern_empty,
4404 digest_test_pattern_empty_sha384),
4405 DIGEST_TEST("CKM_SHA384/test pattern", CKM_SHA384, digest_test_pattern,
4406 digest_test_pattern_sha384),
4407 DIGEST_TEST("CKM_SHA512/empty", CKM_SHA512, digest_test_pattern_empty,
4408 digest_test_pattern_empty_sha512),
4409 DIGEST_TEST("CKM_SHA512/test pattern", CKM_SHA512, digest_test_pattern,
4410 digest_test_pattern_sha512),
4411};
4412
4413static CK_ATTRIBUTE digest_generate_aes_object[] = {
4414 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
4415 sizeof(CK_OBJECT_CLASS) },
4416 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_AES }, sizeof(CK_KEY_TYPE) },
4417 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4418 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4419 { CKA_SENSITIVE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4420 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
4421 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
4422};
4423
4424static CK_ATTRIBUTE digest_generate_gensecret_object[] = {
4425 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
4426 sizeof(CK_OBJECT_CLASS) },
4427 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_GENERIC_SECRET },
4428 sizeof(CK_KEY_TYPE) },
4429 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4430 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4431 { CKA_SENSITIVE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4432 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
Ruchika Guptae86aba22021-03-11 00:36:01 +0530[diff] [blame]4433 { CKA_VALUE_LEN, &(CK_ULONG){ 32 }, sizeof(CK_ULONG) },
Vesa Jääskeläinenc95ee1e2021-03-06 12:20:12 +0200[diff] [blame]4434};
4435
4436static CK_ATTRIBUTE digest_data_object[] = {
4437 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_DATA },
4438 sizeof(CK_OBJECT_CLASS) },
4439 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4440 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4441};
4442
4443static void xtest_pkcs11_test_1018(ADBG_Case_t *c)
4444{
4445 CK_RV rv = CKR_GENERAL_ERROR;
4446 CK_SLOT_ID slot = 0;
4447 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
4448 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
4449 bool logged_in = false;
4450 uint8_t data[128] = { 0 };
4451 CK_ULONG data_size = 0;
4452 uint8_t digest[64] = { 0 };
4453 CK_ULONG digest_size = 0;
4454 const uint8_t *expect_digest = NULL;
4455 CK_ULONG expect_digest_size = 0;
4456 CK_MECHANISM mechanism = { CKM_MD5, NULL, 0 };
4457 uint8_t secret_data[128] = { 0 };
4458 CK_ULONG secret_data_size __maybe_unused = 0;
4459 CK_ATTRIBUTE digest_get_secret_value[] = {
4460 { CKA_VALUE, &secret_data, sizeof(secret_data) },
4461 };
4462 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
4463#ifdef OPENSSL_FOUND
4464 EVP_MD_CTX *mdctx = NULL;
4465 unsigned char hash[EVP_MAX_MD_SIZE] = { 0 };
4466 unsigned int md_len = 0;
4467 int ret = 0;
4468#endif
4469 size_t i = 0;
4470
4471 rv = init_lib_and_find_token_slot(&slot);
4472 if (!ADBG_EXPECT_CK_OK(c, rv))
4473 return;
4474
4475 rv = init_test_token(slot);
4476 if (!ADBG_EXPECT_CK_OK(c, rv))
4477 goto close_lib;
4478
4479 rv = init_user_test_token(slot);
4480 if (!ADBG_EXPECT_CK_OK(c, rv))
4481 goto close_lib;
4482
4483 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
4484 if (!ADBG_EXPECT_CK_OK(c, rv))
4485 goto close_lib;
4486
4487 /* Test out simple successful cases with init+update+final*/
4488 for (i = 0; i < ARRAY_SIZE(digest_test_patterns); i++) {
4489 Do_ADBG_BeginSubCase(c, "Simple digest tests - update - %s",
4490 digest_test_patterns[i].test_name);
4491
4492 mechanism.mechanism = digest_test_patterns[i].mecha;
4493 memset(data, 0xCC, sizeof(data));
4494 memset(digest, 0xCC, sizeof(digest));
4495 digest_size = sizeof(digest);
4496
4497 memcpy(data, digest_test_patterns[i].data,
4498 digest_test_patterns[i].data_size);
4499 data_size = digest_test_patterns[i].data_size;
4500
4501 expect_digest = digest_test_patterns[i].digest;
4502 expect_digest_size = digest_test_patterns[i].digest_size;
4503
4504 rv = C_DigestInit(session, &mechanism);
4505 if (!ADBG_EXPECT_CK_OK(c, rv))
4506 goto out;
4507
4508 rv = C_DigestUpdate(session, data, data_size);
4509 if (!ADBG_EXPECT_CK_OK(c, rv))
4510 goto out;
4511
4512 rv = C_DigestFinal(session, digest, &digest_size);
4513 if (!ADBG_EXPECT_CK_OK(c, rv))
4514 goto out;
4515
4516 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4517 digest, digest_size))
4518 goto out;
4519
4520 /* Verify that end of buffer is still 0xCC */
4521 for (i = expect_digest_size; i < sizeof(digest); i++)
4522 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest[i], ==,
4523 0xCC))
4524 goto out;
4525
4526 Do_ADBG_EndSubCase(c, NULL);
4527 }
4528
4529 /* Test out simple successful cases */
4530 for (i = 0; i < ARRAY_SIZE(digest_test_patterns); i++) {
4531 Do_ADBG_BeginSubCase(c, "Simple digest tests - oneshot - %s",
4532 digest_test_patterns[i].test_name);
4533
4534 mechanism.mechanism = digest_test_patterns[i].mecha;
4535 memset(data, 0xCC, sizeof(data));
4536 memset(digest, 0xCC, sizeof(digest));
4537 digest_size = sizeof(digest);
4538
4539 memcpy(data, digest_test_patterns[i].data,
4540 digest_test_patterns[i].data_size);
4541 data_size = digest_test_patterns[i].data_size;
4542
4543 expect_digest = digest_test_patterns[i].digest;
4544 expect_digest_size = digest_test_patterns[i].digest_size;
4545
4546 rv = C_DigestInit(session, &mechanism);
4547 if (!ADBG_EXPECT_CK_OK(c, rv))
4548 goto out;
4549
4550 rv = C_Digest(session, data, data_size, digest, &digest_size);
4551 if (!ADBG_EXPECT_CK_OK(c, rv))
4552 goto out;
4553
4554 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4555 digest, digest_size))
4556 goto out;
4557
4558 /* Verify that end of buffer is still 0xCC */
4559 for (i = expect_digest_size; i < sizeof(digest); i++)
4560 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest[i], ==,
4561 0xCC))
4562 goto out;
4563
4564 Do_ADBG_EndSubCase(c, NULL);
4565 }
4566
4567 /* Test out key updates */
4568
4569 Do_ADBG_BeginSubCase(c, "Simple digest tests - AES key update - SHA-256");
4570
4571 /* Login to Test Token */
4572 rv = C_Login(session, CKU_USER, test_token_user_pin,
4573 sizeof(test_token_user_pin));
4574 if (!ADBG_EXPECT_CK_OK(c, rv))
4575 goto out;
4576
4577 logged_in = true;
4578
4579 /* Generate AES key */
4580 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4581 digest_generate_aes_object,
4582 ARRAY_SIZE(digest_generate_aes_object),
4583 &key_handle);
4584 if (!ADBG_EXPECT_CK_OK(c, rv))
4585 goto out;
4586
4587 memset(secret_data, 0xCC, sizeof(data));
4588 digest_get_secret_value[0].ulValueLen = sizeof(secret_data);
4589
4590 /* Get value of generated secret for verification purposes */
4591 rv = C_GetAttributeValue(session, key_handle, digest_get_secret_value,
4592 ARRAY_SIZE(digest_get_secret_value));
4593 if (!ADBG_EXPECT_CK_OK(c, rv))
4594 goto out;
4595
4596 secret_data_size = digest_get_secret_value[0].ulValueLen;
4597
4598 /* Calculate digest with PKCS11 */
4599 mechanism.mechanism = CKM_SHA256;
4600
4601 memset(data, 0xCC, sizeof(data));
4602 memset(digest, 0xCC, sizeof(digest));
4603 digest_size = sizeof(digest);
4604
4605 memcpy(data, digest_test_patterns[0].data,
4606 digest_test_patterns[0].data_size);
4607 data_size = digest_test_patterns[0].data_size;
4608
4609 rv = C_DigestInit(session, &mechanism);
4610 if (!ADBG_EXPECT_CK_OK(c, rv))
4611 goto out;
4612
4613 rv = C_DigestUpdate(session, data, data_size);
4614 if (!ADBG_EXPECT_CK_OK(c, rv))
4615 goto out;
4616
4617 rv = C_DigestKey(session, key_handle);
4618 if (!ADBG_EXPECT_CK_OK(c, rv))
4619 goto out;
4620
4621 rv = C_DigestFinal(session, digest, &digest_size);
4622 if (!ADBG_EXPECT_CK_OK(c, rv))
4623 goto out;
4624
4625 /* Verify digest with openssl */
4626#ifdef OPENSSL_FOUND
4627 mdctx = EVP_MD_CTX_create();
4628 if (!ADBG_EXPECT_NOT_NULL(c, mdctx))
4629 goto out;
4630 ret = EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
4631 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4632 goto out;
4633 ret = EVP_DigestUpdate(mdctx, data, data_size);
4634 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4635 goto out;
4636 ret = EVP_DigestUpdate(mdctx, secret_data, secret_data_size);
4637 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4638 goto out;
4639 ret = EVP_DigestFinal_ex(mdctx, hash, &md_len);
4640 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4641 goto out;
4642 EVP_MD_CTX_destroy(mdctx);
4643 mdctx = NULL;
4644
4645 if (!ADBG_EXPECT_BUFFER(c, hash, md_len, digest, digest_size))
4646 goto out;
4647#else
4648 Do_ADBG_Log("OpenSSL not available, skipping C_DigestKey verification");
4649#endif
4650
4651 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4652 key_handle = CK_INVALID_HANDLE;
4653
4654 Do_ADBG_EndSubCase(c, NULL);
4655
4656 Do_ADBG_BeginSubCase(c, "Simple digest tests - generic secret key update - SHA-256");
4657
4658 /* Generate generic secret key */
4659 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
4660 digest_generate_gensecret_object,
4661 ARRAY_SIZE(digest_generate_gensecret_object),
4662 &key_handle);
4663 if (!ADBG_EXPECT_CK_OK(c, rv))
4664 goto out;
4665
4666 memset(secret_data, 0xCC, sizeof(data));
4667 digest_get_secret_value[0].ulValueLen = sizeof(secret_data);
4668
4669 /* Get value of generated secret for verification purposes */
4670 rv = C_GetAttributeValue(session, key_handle, digest_get_secret_value,
4671 ARRAY_SIZE(digest_get_secret_value));
4672 if (!ADBG_EXPECT_CK_OK(c, rv))
4673 goto out;
4674
4675 secret_data_size = digest_get_secret_value[0].ulValueLen;
4676
4677 /* Calculate digest with PKCS11 */
4678 mechanism.mechanism = CKM_SHA256;
4679
4680 memset(data, 0xCC, sizeof(data));
4681 memset(digest, 0xCC, sizeof(digest));
4682 digest_size = sizeof(digest);
4683
4684 memcpy(data, digest_test_patterns[0].data,
4685 digest_test_patterns[0].data_size);
4686 data_size = digest_test_patterns[0].data_size;
4687
4688 rv = C_DigestInit(session, &mechanism);
4689 if (!ADBG_EXPECT_CK_OK(c, rv))
4690 goto out;
4691
4692 rv = C_DigestUpdate(session, data, data_size);
4693 if (!ADBG_EXPECT_CK_OK(c, rv))
4694 goto out;
4695
4696 rv = C_DigestKey(session, key_handle);
4697 if (!ADBG_EXPECT_CK_OK(c, rv))
4698 goto out;
4699
4700 rv = C_DigestFinal(session, digest, &digest_size);
4701 if (!ADBG_EXPECT_CK_OK(c, rv))
4702 goto out;
4703
4704 /* Verify digest with openssl */
4705#ifdef OPENSSL_FOUND
4706 mdctx = EVP_MD_CTX_create();
4707 if (!ADBG_EXPECT_NOT_NULL(c, mdctx))
4708 goto out;
4709 ret = EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
4710 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4711 goto out;
4712 ret = EVP_DigestUpdate(mdctx, data, data_size);
4713 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4714 goto out;
4715 ret = EVP_DigestUpdate(mdctx, secret_data, secret_data_size);
4716 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4717 goto out;
4718 ret = EVP_DigestFinal_ex(mdctx, hash, &md_len);
4719 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4720 goto out;
4721 EVP_MD_CTX_destroy(mdctx);
4722 mdctx = NULL;
4723
4724 if (!ADBG_EXPECT_BUFFER(c, hash, md_len, digest, digest_size))
4725 goto out;
4726#else
4727 Do_ADBG_Log("OpenSSL not available, skipping C_DigestKey verification");
4728#endif
4729
4730 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4731 key_handle = CK_INVALID_HANDLE;
4732
4733 Do_ADBG_EndSubCase(c, NULL);
4734
4735 Do_ADBG_BeginSubCase(c, "Query digest size - C_DigestFinal");
4736
4737 mechanism.mechanism = digest_test_patterns[0].mecha;
4738
4739 memset(data, 0xCC, sizeof(data));
4740 memset(digest, 0xCC, sizeof(digest));
4741 digest_size = 0;
4742
4743 memcpy(data, digest_test_patterns[0].data,
4744 digest_test_patterns[0].data_size);
4745 data_size = digest_test_patterns[0].data_size;
4746
4747 expect_digest = digest_test_patterns[0].digest;
4748 expect_digest_size = digest_test_patterns[0].digest_size;
4749
4750 rv = C_DigestInit(session, &mechanism);
4751 if (!ADBG_EXPECT_CK_OK(c, rv))
4752 goto out;
4753
4754 rv = C_DigestUpdate(session, data, data_size);
4755 if (!ADBG_EXPECT_CK_OK(c, rv))
4756 goto out;
4757
4758 rv = C_DigestFinal(session, NULL, &digest_size);
4759 if (!ADBG_EXPECT_CK_OK(c, rv))
4760 goto out;
4761
4762 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==,
4763 expect_digest_size))
4764 goto out;
4765
4766 rv = C_DigestFinal(session, digest, &digest_size);
4767 if (!ADBG_EXPECT_CK_OK(c, rv))
4768 goto out;
4769
4770 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4771 digest, digest_size))
4772 goto out;
4773
4774 Do_ADBG_EndSubCase(c, NULL);
4775
4776 Do_ADBG_BeginSubCase(c, "Query digest size - C_Digest");
4777
4778 mechanism.mechanism = digest_test_patterns[0].mecha;
4779
4780 memset(data, 0xCC, sizeof(data));
4781 memset(digest, 0xCC, sizeof(digest));
4782 digest_size = 0;
4783
4784 memcpy(data, digest_test_patterns[0].data,
4785 digest_test_patterns[0].data_size);
4786 data_size = digest_test_patterns[0].data_size;
4787
4788 expect_digest = digest_test_patterns[0].digest;
4789 expect_digest_size = digest_test_patterns[0].digest_size;
4790
4791 rv = C_DigestInit(session, &mechanism);
4792 if (!ADBG_EXPECT_CK_OK(c, rv))
4793 goto out;
4794
4795 rv = C_Digest(session, data, data_size, NULL, &digest_size);
4796 if (!ADBG_EXPECT_CK_OK(c, rv))
4797 goto out;
4798
4799 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==,
4800 expect_digest_size))
4801 goto out;
4802
4803 rv = C_Digest(session, data, data_size, digest, &digest_size);
4804 if (!ADBG_EXPECT_CK_OK(c, rv))
4805 goto out;
4806
4807 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4808 digest, digest_size))
4809 goto out;
4810
4811 Do_ADBG_EndSubCase(c, NULL);
4812
4813 Do_ADBG_BeginSubCase(c, "Query digest size - buffer too small");
4814
4815 mechanism.mechanism = CKM_SHA256;
4816
4817 memset(data, 0xCC, sizeof(data));
4818 memset(digest, 0xCC, sizeof(digest));
4819 digest_size = 0;
4820
4821 memcpy(data, digest_test_patterns[0].data,
4822 digest_test_patterns[0].data_size);
4823 data_size = digest_test_patterns[0].data_size;
4824
4825 rv = C_DigestInit(session, &mechanism);
4826 if (!ADBG_EXPECT_CK_OK(c, rv))
4827 goto out;
4828
4829 rv = C_DigestUpdate(session, data, data_size);
4830 if (!ADBG_EXPECT_CK_OK(c, rv))
4831 goto out;
4832
4833 rv = C_DigestFinal(session, digest, &digest_size);
4834 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
4835 goto out;
4836
4837 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==, 32))
4838 goto out;
4839
4840 rv = C_DigestFinal(session, digest, &digest_size);
4841 if (!ADBG_EXPECT_CK_OK(c, rv))
4842 goto out;
4843
4844 Do_ADBG_EndSubCase(c, NULL);
4845
4846 /* Test bad arguments & operation terminations */
4847
4848 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestUpdate");
4849
4850 mechanism.mechanism = CKM_SHA256;
4851
4852 memset(data, 0xCC, sizeof(data));
4853 memset(digest, 0xCC, sizeof(digest));
4854 digest_size = sizeof(digest);
4855
4856 memcpy(data, digest_test_patterns[0].data,
4857 digest_test_patterns[0].data_size);
4858 data_size = digest_test_patterns[0].data_size;
4859
4860 rv = C_DigestInit(session, &mechanism);
4861 if (!ADBG_EXPECT_CK_OK(c, rv))
4862 goto out;
4863
4864 rv = C_DigestUpdate(session, NULL, 10);
4865 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4866 goto out;
4867
4868 rv = C_DigestUpdate(session, data, data_size);
4869 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4870 goto out;
4871
4872 Do_ADBG_EndSubCase(c, NULL);
4873
4874 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with NULL digest");
4875
4876 mechanism.mechanism = CKM_SHA256;
4877
4878 memset(data, 0xCC, sizeof(data));
4879 memset(digest, 0xCC, sizeof(digest));
4880 digest_size = sizeof(digest);
4881
4882 memcpy(data, digest_test_patterns[0].data,
4883 digest_test_patterns[0].data_size);
4884 data_size = digest_test_patterns[0].data_size;
4885
4886 rv = C_DigestInit(session, &mechanism);
4887 if (!ADBG_EXPECT_CK_OK(c, rv))
4888 goto out;
4889
4890 rv = C_DigestUpdate(session, data, data_size);
4891 if (!ADBG_EXPECT_CK_OK(c, rv))
4892 goto out;
4893
4894 rv = C_DigestFinal(session, NULL, NULL);
4895 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4896 goto out;
4897
4898 rv = C_DigestFinal(session, digest, &digest_size);
4899 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4900 goto out;
4901
4902 Do_ADBG_EndSubCase(c, NULL);
4903
4904 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with digest but NULL size");
4905
4906 mechanism.mechanism = CKM_SHA256;
4907
4908 memset(data, 0xCC, sizeof(data));
4909 memset(digest, 0xCC, sizeof(digest));
4910 digest_size = sizeof(digest);
4911
4912 memcpy(data, digest_test_patterns[0].data,
4913 digest_test_patterns[0].data_size);
4914 data_size = digest_test_patterns[0].data_size;
4915
4916 rv = C_DigestInit(session, &mechanism);
4917 if (!ADBG_EXPECT_CK_OK(c, rv))
4918 goto out;
4919
4920 rv = C_DigestUpdate(session, data, data_size);
4921 if (!ADBG_EXPECT_CK_OK(c, rv))
4922 goto out;
4923
4924 rv = C_DigestFinal(session, digest, NULL);
4925 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4926 goto out;
4927
4928 rv = C_DigestFinal(session, digest, &digest_size);
4929 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4930 goto out;
4931
4932 Do_ADBG_EndSubCase(c, NULL);
4933
4934 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_Digest with NULL data but non-zero size");
4935
4936 mechanism.mechanism = CKM_SHA256;
4937
4938 memset(data, 0xCC, sizeof(data));
4939 memset(digest, 0xCC, sizeof(digest));
4940 digest_size = sizeof(digest);
4941
4942 memcpy(data, digest_test_patterns[0].data,
4943 digest_test_patterns[0].data_size);
4944 data_size = digest_test_patterns[0].data_size;
4945
4946 rv = C_DigestInit(session, &mechanism);
4947 if (!ADBG_EXPECT_CK_OK(c, rv))
4948 goto out;
4949
4950 rv = C_Digest(session, NULL, 10, digest, &digest_size);
4951 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4952 goto out;
4953
4954 rv = C_Digest(session, data, data_size, digest, &digest_size);
4955 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4956 goto out;
4957
4958 Do_ADBG_EndSubCase(c, NULL);
4959
4960 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_Digest with NULL digest");
4961
4962 mechanism.mechanism = CKM_SHA256;
4963
4964 memset(data, 0xCC, sizeof(data));
4965 memset(digest, 0xCC, sizeof(digest));
4966 digest_size = sizeof(digest);
4967
4968 memcpy(data, digest_test_patterns[0].data,
4969 digest_test_patterns[0].data_size);
4970 data_size = digest_test_patterns[0].data_size;
4971
4972 rv = C_DigestInit(session, &mechanism);
4973 if (!ADBG_EXPECT_CK_OK(c, rv))
4974 goto out;
4975
4976 rv = C_Digest(session, data, data_size, NULL, NULL);
4977 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4978 goto out;
4979
4980 rv = C_Digest(session, data, data_size, digest, &digest_size);
4981 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4982 goto out;
4983
4984 Do_ADBG_EndSubCase(c, NULL);
4985
4986 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with digest but NULL size");
4987
4988 mechanism.mechanism = CKM_SHA256;
4989
4990 memset(data, 0xCC, sizeof(data));
4991 memset(digest, 0xCC, sizeof(digest));
4992 digest_size = sizeof(digest);
4993
4994 memcpy(data, digest_test_patterns[0].data,
4995 digest_test_patterns[0].data_size);
4996 data_size = digest_test_patterns[0].data_size;
4997
4998 rv = C_DigestInit(session, &mechanism);
4999 if (!ADBG_EXPECT_CK_OK(c, rv))
5000 goto out;
5001
5002 rv = C_Digest(session, data, data_size, digest, NULL);
5003 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
5004 goto out;
5005
5006 rv = C_Digest(session, data, data_size, digest, &digest_size);
5007 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
5008 goto out;
5009
5010 Do_ADBG_EndSubCase(c, NULL);
5011
5012 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestKey with invalid key handle");
5013
5014 rv = C_CreateObject(session, digest_data_object,
5015 ARRAY_SIZE(digest_data_object), &key_handle);
5016 if (!ADBG_EXPECT_CK_OK(c, rv))
5017 goto out;
5018
5019 mechanism.mechanism = CKM_SHA256;
5020
5021 memset(data, 0xCC, sizeof(data));
5022 memset(digest, 0xCC, sizeof(digest));
5023 digest_size = sizeof(digest);
5024
5025 memcpy(data, digest_test_patterns[0].data,
5026 digest_test_patterns[0].data_size);
5027 data_size = digest_test_patterns[0].data_size;
5028
5029 rv = C_DigestInit(session, &mechanism);
5030 if (!ADBG_EXPECT_CK_OK(c, rv))
5031 goto out;
5032
5033 rv = C_DigestKey(session, 9999);
5034 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_HANDLE_INVALID, rv))
5035 goto out;
5036
5037 rv = C_DigestKey(session, key_handle);
5038 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
5039 goto out;
5040
5041 Do_ADBG_EndSubCase(c, NULL);
5042
5043 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestKey with non-secret key type");
5044
5045 mechanism.mechanism = CKM_SHA256;
5046
5047 memset(data, 0xCC, sizeof(data));
5048 memset(digest, 0xCC, sizeof(digest));
5049 digest_size = sizeof(digest);
5050
5051 memcpy(data, digest_test_patterns[0].data,
5052 digest_test_patterns[0].data_size);
5053 data_size = digest_test_patterns[0].data_size;
5054
5055 rv = C_DigestInit(session, &mechanism);
5056 if (!ADBG_EXPECT_CK_OK(c, rv))
5057 goto out;
5058
5059 rv = C_DigestKey(session, key_handle);
5060 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_INDIGESTIBLE, rv))
5061 goto out;
5062
5063 rv = C_DigestKey(session, key_handle);
5064 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
5065 goto out;
5066
5067 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
5068 key_handle = CK_INVALID_HANDLE;
5069
5070out:
5071#ifdef OPENSSL_FOUND
5072 if (!ADBG_EXPECT_POINTER(c, NULL, mdctx)) {
5073 Do_ADBG_Log("Unexpected failure in openssl functions: %d",
5074 ret);
5075 EVP_MD_CTX_destroy(mdctx);
5076 }
5077#endif
5078
5079 Do_ADBG_EndSubCase(c, NULL);
5080
5081 if (logged_in)
5082 ADBG_EXPECT_CK_OK(c, C_Logout(session));
5083
5084 if (key_handle != CK_INVALID_HANDLE) {
5085 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
5086 key_handle = CK_INVALID_HANDLE;
5087 }
5088
5089 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
5090
5091close_lib:
5092 ADBG_EXPECT_CK_OK(c, close_lib());
5093}
5094ADBG_CASE_DEFINE(pkcs11, 1018, xtest_pkcs11_test_1018,
5095 "PKCS11: Digest tests");
Vesa Jääskeläinena4ab9572021-04-07 12:50:06 +0300[diff] [blame]5096
5097/**
5098 * 0:d=0 hl=2 l= 22 cons: SEQUENCE
5099 * 2:d=1 hl=2 l= 20 cons: SET
5100 * 4:d=2 hl=2 l= 18 cons: SEQUENCE
5101 * 6:d=3 hl=2 l= 3 prim: OBJECT :commonName
5102 * 11:d=3 hl=2 l= 11 prim: UTF8STRING :common name
5103 */
5104static uint8_t subject_common_name[] = {
5105 0x30, 0x16, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
5106 0x0b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x20, 0x6e, 0x61, 0x6d, 0x65
5107};
5108
5109/**
5110 * 0:d=0 hl=2 l= 8 prim: OBJECT :prime256v1
5111 */
5112static uint8_t ecdsa_nist_p256[] = {
5113 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03,
5114 0x01, 0x07
5115};
5116
5117/**
5118 * 0:d=0 hl=2 l= 5 prim: OBJECT :secp384r1
5119 */
5120static uint8_t ecdsa_nist_p384[] = {
5121 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22
5122};
5123
5124/**
5125 * 0:d=0 hl=2 l= 5 prim: OBJECT :secp521r1
5126 */
5127static uint8_t ecdsa_nist_p521[] = {
5128 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23
5129};
5130
5131#define EC_SIGN_TEST(_test_name, _mecha, _data) \
5132 { \
5133 .test_name = _test_name, \
5134 .mecha = _mecha, \
5135 .data = _data, \
5136 .data_size = sizeof(_data) - 1, \
5137 }
5138
5139/* List of elliptic curve signing multi stage digest mechas */
5140static struct {
5141 const char *test_name;
5142 CK_MECHANISM_TYPE mecha;
5143 const void *data;
5144 CK_ULONG data_size;
5145} ec_sign_tests[] = {
5146 EC_SIGN_TEST("CKM_ECDSA_SHA1", CKM_ECDSA_SHA1, digest_test_pattern),
5147 EC_SIGN_TEST("CKM_ECDSA_SHA224", CKM_ECDSA_SHA224, digest_test_pattern),
5148 EC_SIGN_TEST("CKM_ECDSA_SHA256", CKM_ECDSA_SHA256, digest_test_pattern),
5149 EC_SIGN_TEST("CKM_ECDSA_SHA384", CKM_ECDSA_SHA384, digest_test_pattern),
5150 EC_SIGN_TEST("CKM_ECDSA_SHA512", CKM_ECDSA_SHA512, digest_test_pattern),
5151};
5152
5153static int test_ec_operations(ADBG_Case_t *c, CK_SESSION_HANDLE session,
5154 const char *curve_name, uint8_t *curve,
5155 size_t curve_size)
5156{
5157 CK_RV rv = CKR_GENERAL_ERROR;
5158
5159 CK_OBJECT_HANDLE public_key = CK_INVALID_HANDLE;
5160 CK_OBJECT_HANDLE private_key = CK_INVALID_HANDLE;
5161
5162 CK_MECHANISM mechanism = {
5163 CKM_EC_KEY_PAIR_GEN, NULL, 0
5164 };
5165 CK_MECHANISM sign_mechanism = {
5166 CKM_ECDSA, NULL, 0
5167 };
5168 CK_BYTE id[] = { 123 };
5169
5170 CK_ATTRIBUTE public_key_template[] = {
5171 { CKA_ENCRYPT, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5172 { CKA_VERIFY, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5173 { CKA_WRAP, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5174 { CKA_EC_PARAMS, ecdsa_nist_p256, sizeof(ecdsa_nist_p256) }
5175 };
5176
5177 CK_ATTRIBUTE private_key_template[] = {
5178 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5179 { CKA_PRIVATE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5180 { CKA_SUBJECT, subject_common_name,
5181 sizeof(subject_common_name) },
5182 { CKA_ID, id, sizeof(id) },
5183 { CKA_SENSITIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5184 { CKA_DECRYPT, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5185 { CKA_SIGN, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5186 { CKA_UNWRAP, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) }
5187 };
5188
5189 CK_OBJECT_CLASS g_class = 0;
5190 CK_KEY_TYPE g_key_type = 0;
5191 CK_BYTE g_id[32] = { 0 };
5192 CK_DATE g_start_date = { 0 };
5193 CK_DATE g_end_date = { 0 };
5194 CK_BBOOL g_derive = CK_FALSE;
5195 CK_BBOOL g_local = CK_FALSE;
5196 CK_MECHANISM_TYPE g_keygen_mecha = 0;
5197 CK_BYTE g_subject[64] = { 0 };
5198 CK_BBOOL g_encrypt = CK_FALSE;
5199 CK_BBOOL g_verify = CK_FALSE;
5200 CK_BBOOL g_verify_recover = CK_FALSE;
5201 CK_BBOOL g_wrap = CK_FALSE;
5202 CK_BBOOL g_trusted = CK_FALSE;
5203 CK_BYTE g_public_key_info[1024] = { 0 };
5204 CK_BBOOL g_sensitive = CK_FALSE;
5205 CK_BBOOL g_decrypt = CK_FALSE;
5206 CK_BBOOL g_sign = CK_FALSE;
5207 CK_BBOOL g_sign_recover = CK_FALSE;
5208 CK_BBOOL g_unwrap = CK_FALSE;
5209 CK_BBOOL g_extract = CK_FALSE;
5210 CK_BBOOL g_asensitive = CK_FALSE;
5211 CK_BBOOL g_nextract = CK_FALSE;
5212 CK_BBOOL g_wrap_with_trusted = CK_FALSE;
5213 CK_BBOOL g_always_authenticate = CK_FALSE;
5214
5215 CK_ATTRIBUTE get_public_template[] = {
5216 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
5217 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
5218 { CKA_ID, g_id, sizeof(g_id) },
5219 { CKA_START_DATE, &g_start_date, sizeof(CK_DATE) },
5220 { CKA_END_DATE, &g_end_date, sizeof(CK_DATE) },
5221 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
5222 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
5223 { CKA_KEY_GEN_MECHANISM, &g_keygen_mecha, sizeof(CK_MECHANISM_TYPE) },
5224 { CKA_SUBJECT, g_subject, sizeof(g_subject) },
5225 { CKA_ENCRYPT, &g_encrypt, sizeof(CK_BBOOL) },
5226 { CKA_VERIFY, &g_verify, sizeof(CK_BBOOL) },
5227 { CKA_VERIFY_RECOVER, &g_verify_recover, sizeof(CK_BBOOL) },
5228 { CKA_WRAP, &g_wrap, sizeof(CK_BBOOL) },
5229 { CKA_TRUSTED, &g_trusted, sizeof(CK_BBOOL) },
5230 { CKA_PUBLIC_KEY_INFO, g_public_key_info, sizeof(g_public_key_info) },
5231 };
5232
5233 CK_ATTRIBUTE get_private_template[] = {
5234 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
5235 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
5236 { CKA_ID, g_id, sizeof(g_id) },
5237 { CKA_START_DATE, &g_start_date, sizeof(CK_DATE) },
5238 { CKA_END_DATE, &g_end_date, sizeof(CK_DATE) },
5239 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
5240 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
5241 { CKA_KEY_GEN_MECHANISM, &g_keygen_mecha, sizeof(CK_MECHANISM_TYPE) },
5242 { CKA_SUBJECT, g_subject, sizeof(g_subject) },
5243 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
5244 { CKA_DECRYPT, &g_decrypt, sizeof(CK_BBOOL) },
5245 { CKA_SIGN, &g_sign, sizeof(CK_BBOOL) },
5246 { CKA_SIGN_RECOVER, &g_sign_recover, sizeof(CK_BBOOL) },
5247 { CKA_UNWRAP, &g_unwrap, sizeof(CK_BBOOL) },
5248 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
5249 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
5250 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
5251 { CKA_WRAP_WITH_TRUSTED, &g_wrap_with_trusted, sizeof(CK_BBOOL) },
5252 { CKA_ALWAYS_AUTHENTICATE, &g_always_authenticate, sizeof(CK_BBOOL) },
5253 { CKA_PUBLIC_KEY_INFO, g_public_key_info, sizeof(g_public_key_info) },
5254 };
5255
5256 uint8_t signature[512] = { 0 };
5257 CK_ULONG signature_len = 0;
5258
5259 size_t i = 0;
5260
5261 Do_ADBG_BeginSubCase(c, "%s: Generate key pair",
5262 curve_name);
5263
5264 public_key_template[3].pValue = curve;
5265 public_key_template[3].ulValueLen = curve_size;
5266
5267 rv = C_GenerateKeyPair(session, &mechanism, public_key_template,
5268 ARRAY_SIZE(public_key_template),
5269 private_key_template,
5270 ARRAY_SIZE(private_key_template),
5271 &public_key, &private_key);
5272 if (!ADBG_EXPECT_CK_OK(c, rv))
5273 goto err;
5274
5275 /* reset get public key template */
5276 memset(g_id, 0, sizeof(g_id));
5277 memset(g_subject, 0, sizeof(g_subject));
5278 memset(g_public_key_info, 0, sizeof(g_public_key_info));
5279 get_public_template[2].ulValueLen = sizeof(g_id);
5280 get_public_template[8].ulValueLen = sizeof(g_subject);
5281 get_public_template[14].ulValueLen = sizeof(g_public_key_info);
5282
5283 rv = C_GetAttributeValue(session, public_key, get_public_template,
5284 ARRAY_SIZE(get_public_template));
5285 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5286 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_PUBLIC_KEY) ||
5287 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_EC) ||
5288 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
5289 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
5290 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_keygen_mecha, ==,
5291 CKM_EC_KEY_PAIR_GEN) ||
5292 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_FALSE) ||
5293 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_TRUE) ||
5294 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify_recover, ==, CK_FALSE) ||
5295 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_FALSE) ||
5296 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_trusted, ==, CK_FALSE))
5297 goto err_destr_obj;
5298
5299 /* reset get private key template */
5300 memset(g_id, 0, sizeof(g_id));
5301 memset(g_subject, 0, sizeof(g_subject));
5302 memset(g_public_key_info, 0, sizeof(g_public_key_info));
5303 get_private_template[2].ulValueLen = sizeof(g_id);
5304 get_private_template[8].ulValueLen = sizeof(g_subject);
5305 get_private_template[19].ulValueLen = sizeof(g_public_key_info);
5306
5307 rv = C_GetAttributeValue(session, private_key, get_private_template,
5308 ARRAY_SIZE(get_private_template));
5309 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5310 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_PRIVATE_KEY) ||
5311 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_EC) ||
5312 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
5313 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
5314 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_keygen_mecha, ==,
5315 CKM_EC_KEY_PAIR_GEN) ||
5316 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
5317 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_FALSE) ||
5318 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_TRUE) ||
5319 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign_recover, ==, CK_FALSE) ||
5320 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_FALSE) ||
5321 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
5322 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_TRUE) ||
5323 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE) ||
5324 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap_with_trusted, ==, CK_FALSE) ||
5325 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_always_authenticate, ==, CK_FALSE))
5326 goto err_destr_obj;
5327
5328 Do_ADBG_EndSubCase(c, NULL);
5329
5330 Do_ADBG_BeginSubCase(c,
5331 "%s: Sign & verify tests - oneshot - CKM_ECDSA",
5332 curve_name);
5333
5334 sign_mechanism.mechanism = CKM_ECDSA;
5335 memset(signature, 0, sizeof(signature));
5336 signature_len = sizeof(signature);
5337
5338 rv = C_SignInit(session, &sign_mechanism, private_key);
5339 if (!ADBG_EXPECT_CK_OK(c, rv))
5340 goto err_destr_obj;
5341
5342 rv = C_Sign(session, (void *)digest_test_pattern_sha256,
5343 sizeof(digest_test_pattern_sha256), (void *)signature,
5344 &signature_len);
5345 if (!ADBG_EXPECT_CK_OK(c, rv))
5346 goto err_destr_obj;
5347
5348 rv = C_VerifyInit(session, &sign_mechanism, public_key);
5349 if (!ADBG_EXPECT_CK_OK(c, rv))
5350 goto err_destr_obj;
5351
5352 rv = C_Verify(session, (void *)digest_test_pattern_sha256,
5353 sizeof(digest_test_pattern_sha256), (void *)signature,
5354 signature_len);
5355 if (!ADBG_EXPECT_CK_OK(c, rv))
5356 goto err_destr_obj;
5357
5358 Do_ADBG_EndSubCase(c, NULL);
5359
5360 for (i = 0; i < ARRAY_SIZE(ec_sign_tests); i++) {
5361 Do_ADBG_BeginSubCase(c, "%s: Sign & verify - oneshot - %s",
5362 curve_name, ec_sign_tests[i].test_name);
5363
5364 sign_mechanism.mechanism = ec_sign_tests[i].mecha;
5365 memset(signature, 0, sizeof(signature));
5366 signature_len = sizeof(signature);
5367
5368 rv = C_SignInit(session, &sign_mechanism, private_key);
5369 if (!ADBG_EXPECT_CK_OK(c, rv))
5370 goto err_destr_obj;
5371
5372 rv = C_Sign(session, (void *)ec_sign_tests[i].data,
5373 ec_sign_tests[i].data_size,
5374 (void *)signature, &signature_len);
5375 if (!ADBG_EXPECT_CK_OK(c, rv))
5376 goto err_destr_obj;
5377
5378 rv = C_VerifyInit(session, &sign_mechanism, public_key);
5379 if (!ADBG_EXPECT_CK_OK(c, rv))
5380 goto err_destr_obj;
5381
5382 rv = C_Verify(session, (void *)ec_sign_tests[i].data,
5383 ec_sign_tests[i].data_size,
5384 (void *)signature, signature_len);
5385 if (!ADBG_EXPECT_CK_OK(c, rv))
5386 goto err_destr_obj;
5387
5388 Do_ADBG_EndSubCase(c, NULL);
5389 }
5390
5391 Do_ADBG_BeginSubCase(c, "%s: Destroy keys", curve_name);
5392
5393 rv = C_DestroyObject(session, private_key);
5394 if (!ADBG_EXPECT_CK_OK(c, rv))
5395 goto err_destr_obj;
5396
5397 rv = C_DestroyObject(session, public_key);
5398 if (!ADBG_EXPECT_CK_OK(c, rv))
5399 goto err;
5400
5401 Do_ADBG_EndSubCase(c, NULL);
5402
5403 return 1;
5404
5405err_destr_obj:
5406 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, private_key));
5407 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, public_key));
5408err:
5409 Do_ADBG_EndSubCase(c, NULL);
5410
5411 return 0;
5412}
5413
5414static void xtest_pkcs11_test_1019(ADBG_Case_t *c)
5415{
5416 CK_RV rv = CKR_GENERAL_ERROR;
5417 CK_SLOT_ID slot = 0;
5418 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
5419 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
5420 int ret = 0;
5421
5422 rv = init_lib_and_find_token_slot(&slot);
5423 if (!ADBG_EXPECT_CK_OK(c, rv))
5424 return;
5425
5426 rv = init_test_token(slot);
5427 if (!ADBG_EXPECT_CK_OK(c, rv))
5428 goto close_lib;
5429
5430 rv = init_user_test_token(slot);
5431 if (!ADBG_EXPECT_CK_OK(c, rv))
5432 goto close_lib;
5433
5434 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
5435 if (!ADBG_EXPECT_CK_OK(c, rv))
5436 goto close_lib;
5437
5438 /* Login to Test Token */
5439 rv = C_Login(session, CKU_USER, test_token_user_pin,
5440 sizeof(test_token_user_pin));
5441 if (!ADBG_EXPECT_CK_OK(c, rv))
5442 goto out;
5443
5444 ret = test_ec_operations(c, session, "P-256", ecdsa_nist_p256,
5445 sizeof(ecdsa_nist_p256));
5446 if (!ret)
5447 goto out;
5448 ret = test_ec_operations(c, session, "P-384", ecdsa_nist_p384,
5449 sizeof(ecdsa_nist_p384));
5450 if (!ret)
5451 goto out;
5452
5453 if (level > 0) {
5454 ret = test_ec_operations(c, session, "P-521", ecdsa_nist_p521,
5455 sizeof(ecdsa_nist_p521));
5456 if (!ret)
5457 goto out;
5458 }
5459out:
5460 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
5461close_lib:
5462 ADBG_EXPECT_CK_OK(c, close_lib());
5463}
5464ADBG_CASE_DEFINE(pkcs11, 1019, xtest_pkcs11_test_1019,
5465 "PKCS11: Elliptic Curve key generation and signing");
Ruchika Guptaf2eb88a2021-03-22 19:38:11 +0530[diff] [blame^]5466
5467#define WRAPPED_TEST_KEY_SIZE 48
5468
5469static void xtest_pkcs11_test_1020(ADBG_Case_t *c)
5470{
5471 CK_RV rv = CKR_GENERAL_ERROR;
5472 CK_SLOT_ID slot = 0;
5473 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
5474 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
5475 CK_OBJECT_HANDLE wrapping_key1 = CK_INVALID_HANDLE;
5476 CK_OBJECT_HANDLE wrapping_key2 = CK_INVALID_HANDLE;
5477 CK_OBJECT_HANDLE wrapping_key_inv = CK_INVALID_HANDLE;
5478 CK_OBJECT_HANDLE key = CK_INVALID_HANDLE;
5479 CK_OBJECT_HANDLE key_sz24 = CK_INVALID_HANDLE;
5480 CK_OBJECT_HANDLE key_sens = CK_INVALID_HANDLE;
5481 CK_OBJECT_HANDLE key_inv = CK_INVALID_HANDLE;
5482 CK_OBJECT_HANDLE unwrapped_key = CK_INVALID_HANDLE;
5483 CK_ATTRIBUTE set_w_unw_template[] = {
5484 { CKA_WRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5485 { CKA_UNWRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5486 };
5487 CK_ATTRIBUTE set_wwt_template[] = {
5488 { CKA_WRAP_WITH_TRUSTED, &(CK_BBOOL){ CK_TRUE },
5489 sizeof(CK_BBOOL) },
5490 };
5491 CK_ATTRIBUTE set_trusted_template[] = {
5492 { CKA_TRUSTED, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5493 };
5494 CK_ATTRIBUTE wrap_template[] = {
5495 { CKA_SENSITIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5496 };
5497 CK_ATTRIBUTE unwrap_template[] = {
5498 { CKA_SENSITIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5499 };
5500 CK_ATTRIBUTE wrapping_key_template[] = {
5501 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5502 { CKA_WRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5503 { CKA_UNWRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5504 { CKA_SENSITIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5505 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5506 };
5507 CK_ATTRIBUTE wrapping_key_temp_w_indirect[] = {
5508 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5509 { CKA_WRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5510 { CKA_UNWRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5511 { CKA_WRAP_TEMPLATE, &wrap_template, sizeof(wrap_template) },
5512 { CKA_UNWRAP_TEMPLATE, &unwrap_template,
5513 sizeof(unwrap_template) },
5514 };
5515 CK_ATTRIBUTE unwrap_template2[] = {
5516 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
5517 sizeof(CK_OBJECT_CLASS) },
5518 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_AES }, sizeof(CK_KEY_TYPE) },
5519 { CKA_TOKEN, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5520 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5521 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5522 };
5523 CK_ATTRIBUTE wrapping_key_temp_w_indirect2[] = {
5524 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5525 { CKA_WRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5526 { CKA_UNWRAP, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5527 { CKA_UNWRAP_TEMPLATE, &unwrap_template2,
5528 sizeof(unwrap_template2) },
5529 };
5530 CK_ATTRIBUTE wrapping_key_template_inv1[] = {
5531 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5532 { CKA_WRAP, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5533 };
5534 CK_ATTRIBUTE key_template[] = {
5535 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5536 { CKA_ENCRYPT, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5537 { CKA_DECRYPT, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5538 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5539 };
5540 CK_ATTRIBUTE key_template_sens[] = {
5541 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5542 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5543 { CKA_SENSITIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5544 };
5545 CK_ATTRIBUTE key_template_inv1[] = {
5546 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5547 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
5548 };
5549 CK_ATTRIBUTE key_sz24_template[] = {
5550 { CKA_VALUE_LEN, &(CK_ULONG){ 24 }, sizeof(CK_ULONG) },
5551 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5552 };
5553 CK_ATTRIBUTE new_key_template[] = {
5554 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
5555 sizeof(CK_OBJECT_CLASS) },
5556 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_GENERIC_SECRET },
5557 sizeof(CK_KEY_TYPE) },
5558 { CKA_ENCRYPT, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5559 { CKA_DECRYPT, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5560 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5561 { CKA_SENSITIVE, &(CK_BBOOL){ CK_FALSE}, sizeof(CK_BBOOL) },
5562 };
5563 CK_ATTRIBUTE new_key_template_sens[] = {
5564 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
5565 sizeof(CK_OBJECT_CLASS) },
5566 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_AES }, sizeof(CK_KEY_TYPE) },
5567 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5568 { CKA_SENSITIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5569 };
5570 CK_ATTRIBUTE new_key_template2[] = {
5571 { CKA_DERIVE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5572 };
5573 CK_ATTRIBUTE new_key_template3[] = {
5574 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
5575 { CKA_PRIVATE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5576 };
5577 CK_ATTRIBUTE new_key_template4[] = {
5578 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
5579 sizeof(CK_OBJECT_CLASS) },
5580 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_GENERIC_SECRET },
5581 sizeof(CK_KEY_TYPE) },
5582 { CKA_PRIVATE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
5583 };
5584 CK_BBOOL g_extract = CK_FALSE;
5585 CK_BBOOL g_sensitive = CK_TRUE;
5586 CK_BBOOL g_nextract = CK_TRUE;
5587 CK_BBOOL g_asensitive = CK_TRUE;
5588 CK_BBOOL g_local = CK_TRUE;
5589 CK_BBOOL g_token = CK_FALSE;
5590 CK_BBOOL g_derive = CK_FALSE;
5591 CK_OBJECT_CLASS g_class = CKO_VENDOR_DEFINED;
5592 CK_KEY_TYPE g_key_type = CKK_VENDOR_DEFINED;
5593 uint8_t g_val[WRAPPED_TEST_KEY_SIZE] = { 0 };
5594 CK_ULONG key_len = 0;
5595 uint8_t g_unwrapped_val[WRAPPED_TEST_KEY_SIZE] = { 0 };
5596 CK_ULONG unwrapped_key_len = 0;
5597 /* Keep last attribute as CKA_VALUE */
5598 CK_ATTRIBUTE get_template_unwrapped[] = {
5599 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
5600 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
5601 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
5602 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
5603 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
5604 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
5605 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
5606 { CKA_TOKEN, &g_token, sizeof(CK_BBOOL) },
5607 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
5608 { CKA_VALUE_LEN, &unwrapped_key_len,
5609 sizeof(unwrapped_key_len) },
5610 { CKA_VALUE, g_unwrapped_val, sizeof(g_unwrapped_val) },
5611 };
5612 CK_ATTRIBUTE get_template[] = {
5613 { CKA_VALUE_LEN, &key_len, sizeof(key_len) },
5614 { CKA_VALUE, g_val, sizeof(g_val) },
5615 };
5616 uint8_t buf[WRAPPED_TEST_KEY_SIZE] = { 0 };
5617 CK_ULONG size = 0;
5618
5619 rv = init_lib_and_find_token_slot(&slot);
5620 if (!ADBG_EXPECT_CK_OK(c, rv))
5621 return;
5622
5623 rv = init_test_token(slot);
5624 if (!ADBG_EXPECT_CK_OK(c, rv))
5625 goto close_lib;
5626
5627 rv = init_user_test_token(slot);
5628 if (!ADBG_EXPECT_CK_OK(c, rv))
5629 goto close_lib;
5630
5631 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
5632 if (!ADBG_EXPECT_CK_OK(c, rv))
5633 goto close_lib;
5634
5635 /* Wrapping Key - AES Key */
5636 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5637 wrapping_key_template,
5638 ARRAY_SIZE(wrapping_key_template), &wrapping_key1);
5639 if (!ADBG_EXPECT_CK_OK(c, rv))
5640 goto close_session;
5641
5642 /* Key to be wrapped - AES key */
5643 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5644 key_template, ARRAY_SIZE(key_template),
5645 &key);
5646 if (!ADBG_EXPECT_CK_OK(c, rv))
5647 goto close_session;
5648
5649 Do_ADBG_BeginSubCase(c, "Test key wrap with AES ECB");
5650
5651 /*
5652 * Test NULL buffer and NULL out_size to verify bad argument processing
5653 */
5654 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
5655 NULL, NULL);
5656 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
5657 goto out;
5658
5659 /*
5660 * Test NULL buffer case with size as 0 to get the out_size
5661 */
5662 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
5663 NULL, &size);
5664 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5665 !ADBG_EXPECT_COMPARE_UNSIGNED(c, size, <=, sizeof(buf)))
5666 goto out;
5667
5668 /*
5669 * Test NULL buffer case with size non zero size to get the out_size
5670 */
5671 size = 1;
5672 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
5673 NULL, &size);
5674 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5675 !ADBG_EXPECT_COMPARE_UNSIGNED(c, size, <=, sizeof(buf)))
5676 goto out;
5677
5678 /* Test short buffer */
5679 size = 12;
5680 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
5681 buf, &size);
5682 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv) ||
5683 !ADBG_EXPECT_COMPARE_UNSIGNED(c, size, <=, sizeof(buf)))
5684 goto out;
5685
5686 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
5687 buf, &size);
5688 if (!ADBG_EXPECT_CK_OK(c, rv))
5689 goto out;
5690
5691 /*
5692 * Get the size of the original key which was wrapped in key_len.
5693 * This will be compared to the length of the key after unwrapping.
5694 */
5695 rv = C_GetAttributeValue(session, key, get_template,
5696 ARRAY_SIZE(get_template));
5697 if (!ADBG_EXPECT_CK_OK(c, rv))
5698 goto out;
5699
5700 Do_ADBG_EndSubCase(c, NULL);
5701
5702 Do_ADBG_BeginSubCase(c, "Test key unwrap with AES ECB");
5703
5704 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, buf,
5705 size, new_key_template, ARRAY_SIZE(new_key_template),
5706 &unwrapped_key);
5707 if (!ADBG_EXPECT_CK_OK(c, rv))
5708 goto out;
5709
5710 /*
5711 * The key created after unwrapping should have CKA_LOCAL = FALSE,
5712 * CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE as FALSE.
5713 * Default value of CKA_EXTRACTABLE if not specified in the template
5714 * is TRUE. We have deliberately set CKA_SENSITIVE to false for
5715 * both original key and unwrapped_key. This is done to be able to
5716 * extract the value of keys and compare them. This is done mainly
5717 * for testing. In actual examples, we expect CKA_SENSITIVE of keys
5718 * to be wrapped to be TRUE.
5719 */
5720 rv = C_GetAttributeValue(session, unwrapped_key, get_template_unwrapped,
5721 ARRAY_SIZE(get_template_unwrapped));
5722 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5723 !ADBG_EXPECT_BUFFER(c, g_unwrapped_val, unwrapped_key_len, g_val,
5724 key_len) ||
5725 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
5726 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==,
5727 CKK_GENERIC_SECRET) ||
5728 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
5729 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
5730 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
5731 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
5732 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
5733 goto out;
5734
5735 rv = C_DestroyObject(session, unwrapped_key);
5736 if (!ADBG_EXPECT_CK_OK(c, rv))
5737 goto out;
5738
5739 Do_ADBG_EndSubCase(c, NULL);
5740
5741 Do_ADBG_BeginSubCase(c, "Invalid UnWrap cases");
5742
5743 /* Failure when unwrapping as a private session key */
5744 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, buf,
5745 size, new_key_template4, ARRAY_SIZE(new_key_template4),
5746 &unwrapped_key);
5747 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
5748 goto out;
5749
5750 /* Provide incomplete template */
5751 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, buf,
5752 size, new_key_template2, ARRAY_SIZE(new_key_template2),
5753 &unwrapped_key);
5754
5755 /*
5756 * The error code can also be CKR_TEMPLATE_INCOMPLETE. The
5757 * current implementation returns CKR_TEMPLATE_INCONSISTENT
5758 */
5759 if (!ADBG_EXPECT_TRUE(c, rv == CKR_TEMPLATE_INCOMPLETE ||
5760 rv == CKR_TEMPLATE_INCONSISTENT))
5761 goto out;
5762
5763 /* Try unwrapping with a key without CKA_UNWRAP */
5764 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, key, buf, size,
5765 new_key_template, ARRAY_SIZE(new_key_template),
5766 &unwrapped_key);
5767 if (!ADBG_EXPECT_CK_RESULT(c, CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, rv))
5768 goto out;
5769
5770 Do_ADBG_EndSubCase(c, NULL);
5771
5772 Do_ADBG_BeginSubCase(c, "Invalid Wrap cases");
5773
5774 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5775 wrapping_key_template_inv1,
5776 ARRAY_SIZE(wrapping_key_template_inv1),
5777 &wrapping_key_inv);
5778 if (!ADBG_EXPECT_CK_OK(c, rv))
5779 goto out;
5780
5781 /* Wrapping key used without CKA_WRAP set */
5782 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key_inv,
5783 key, buf, &size);
5784 if (!ADBG_EXPECT_CK_RESULT(c, CKR_WRAPPING_KEY_TYPE_INCONSISTENT, rv))
5785 goto out;
5786
5787 rv = C_DestroyObject(session, wrapping_key_inv);
5788 ADBG_EXPECT_CK_OK(c, rv);
5789
5790 /* Use invalid wrapping key handle */
5791 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key_inv,
5792 key, buf, &size);
5793 if (!ADBG_EXPECT_CK_RESULT(c, CKR_WRAPPING_KEY_HANDLE_INVALID, rv))
5794 goto out;
5795
5796 /* CKA_EXTRACTABLE attribute of the key to be wrapped is CKA_FALSE */
5797 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5798 key_template_inv1, ARRAY_SIZE(key_template_inv1),
5799 &key_inv);
5800 if (!ADBG_EXPECT_CK_OK(c, rv))
5801 goto out;
5802
5803 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1,
5804 key_inv, buf, &size);
5805 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_UNEXTRACTABLE, rv))
5806 goto out;
5807
5808 rv = C_DestroyObject(session, key_inv);
5809 ADBG_EXPECT_CK_OK(c, rv);
5810
5811 /* Use invalid key handle */
5812 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1,
5813 key_inv, buf, &size);
5814 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_HANDLE_INVALID, rv))
5815 goto out;
5816
5817 /* Try wrapping the wrapping key */
5818 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1,
5819 wrapping_key1, buf, &size);
5820 if (!ADBG_EXPECT_CK_RESULT(c, CKR_WRAPPING_KEY_HANDLE_INVALID, rv))
5821 goto out;
5822
5823 /* Use invalid mechanism */
5824 rv = C_WrapKey(session, &cktest_hmac_md5_mechanism, wrapping_key1, key,
5825 buf, &size);
5826 if (!ADBG_EXPECT_CK_RESULT(c, CKR_MECHANISM_INVALID, rv))
5827 goto out;
5828
5829 /* Try wrapping when an operation is already active */
5830 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key);
5831 if (!ADBG_EXPECT_CK_OK(c, rv))
5832 goto out;
5833
5834 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
5835 buf, &size);
5836 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_ACTIVE, rv))
5837 goto out;
5838
5839 rv = C_EncryptFinal(session, NULL, NULL);
5840 /* Only check that the operation is no more active */
5841 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
5842 goto out;
5843
5844 /*
5845 * Try wrapping using CKK_GENERIC_SECRET when mechanism used is
5846 * AES_ECB. Generate a secret key object in rw session.
5847 */
5848 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
5849 cktest_generate_gensecret_object_valid1,
5850 ARRAY_SIZE(cktest_generate_gensecret_object_valid1),
5851 &key_inv);
5852 if (!ADBG_EXPECT_CK_OK(c, rv))
5853 goto out;
5854
5855 /* Make the Generic secret key wrapping/unwrapping key */
5856 rv = C_SetAttributeValue(session, key_inv, set_w_unw_template,
5857 ARRAY_SIZE(set_w_unw_template));
5858 if (!ADBG_EXPECT_CK_OK(c, rv))
5859 goto out;
5860
5861 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, key_inv, key, buf,
5862 &size);
5863 if (!ADBG_EXPECT_CK_RESULT(c, CKR_WRAPPING_KEY_TYPE_INCONSISTENT, rv))
5864 goto out;
5865
5866 rv = C_DestroyObject(session, key_inv);
5867 ADBG_EXPECT_CK_OK(c, rv);
5868
5869 Do_ADBG_EndSubCase(c, NULL);
5870
5871 Do_ADBG_BeginSubCase(c, "Wrap with different length key");
5872
5873 /* Generate Key of size 192 bits */
5874 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5875 key_sz24_template, ARRAY_SIZE(key_sz24_template),
5876 &key_sz24);
5877 if (!ADBG_EXPECT_CK_OK(c, rv))
5878 goto out;
5879
5880 size = 0;
5881 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1,
5882 key_sz24, buf, &size);
5883 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv) ||
5884 !ADBG_EXPECT_COMPARE_UNSIGNED(c, size, ==, 32))
5885 goto out;
5886
5887 size = 24;
5888 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1,
5889 key_sz24, buf, &size);
5890 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv) ||
5891 !ADBG_EXPECT_COMPARE_UNSIGNED(c, size, ==, 32))
5892 goto out;
5893
5894 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1,
5895 key_sz24, buf, &size);
5896 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5897 !ADBG_EXPECT_COMPARE_UNSIGNED(c, size, ==, 32))
5898 goto out;
5899
5900 Do_ADBG_EndSubCase(c, NULL);
5901
5902 Do_ADBG_BeginSubCase(c, "Test Wrap/Unwrap with indirect template");
5903
5904 /* Wrapping Key with indirect templates - AES Key */
5905 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5906 wrapping_key_temp_w_indirect,
5907 ARRAY_SIZE(wrapping_key_temp_w_indirect),
5908 &wrapping_key2);
5909 if (!ADBG_EXPECT_CK_OK(c, rv))
5910 goto out;
5911
5912 /*
5913 * Attribute mismatch with CKA_WRAP_TEMPLATE.
5914 * Error expected when wrapping a key whose template doesn't match with
5915 * the CKA_WRAP_TEMPLATE in the wrapping_key. In this example, the
5916 * CKA_WRAP_TEMPLATE expects CKA_SENSITIVE of the key to be wrapped to
5917 * be TRUE which is not the case here.
5918 */
5919 size = sizeof(buf);
5920 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2, key,
5921 buf, &size);
5922 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_HANDLE_INVALID, rv))
5923 goto out;
5924
5925 /* Generate SENSITIVE Key */
5926 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5927 key_template_sens, ARRAY_SIZE(key_template_sens),
5928 &key_sens);
5929 if (!ADBG_EXPECT_CK_OK(c, rv))
5930 goto out;
5931
5932 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2,
5933 key_sens, buf, &size);
5934 if (!ADBG_EXPECT_CK_OK(c, rv))
5935 goto out;
5936
5937 /*
5938 * Unwrap to create key with SENSITIVE set as FALSE.
5939 * This should fail as indirect attribute CKA_UNWRAP_TEMPLATE restricts
5940 * creation of key with CKA_SENSITIVE as FALSE.
5941 */
5942 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2, buf,
5943 size, new_key_template, ARRAY_SIZE(new_key_template),
5944 &unwrapped_key);
5945 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
5946 goto out;
5947
5948 /* Unwrap a wrapped sensitive key to create a SENSITIVE key */
5949 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2, buf,
5950 size, new_key_template_sens,
5951 ARRAY_SIZE(new_key_template_sens), &unwrapped_key);
5952 if (!ADBG_EXPECT_CK_OK(c, rv))
5953 goto out;
5954
5955 /*
5956 * Get the attributes of created. Skip last attribute in
5957 * get_template_wrapped as that is CKA_VALUE which would give an
5958 * error for a sensitive key
5959 */
5960 rv = C_GetAttributeValue(session, unwrapped_key, get_template_unwrapped,
5961 ARRAY_SIZE(get_template_unwrapped) - 1);
5962 if (!ADBG_EXPECT_CK_OK(c, rv) ||
5963 !ADBG_EXPECT_COMPARE_UNSIGNED(c, unwrapped_key_len, ==, key_len) ||
5964 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
5965 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
5966 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
5967 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
5968 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
5969 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
5970 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
5971 goto out;
5972
5973 if (!ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, unwrapped_key)) ||
5974 !ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, wrapping_key2)) ||
5975 !ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_sens)))
5976 goto out;
5977
5978 /* Create wrapping key with indirect template specifying class & key */
5979 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
5980 wrapping_key_temp_w_indirect2,
5981 ARRAY_SIZE(wrapping_key_temp_w_indirect2),
5982 &wrapping_key2);
5983 if (!ADBG_EXPECT_CK_OK(c, rv))
5984 goto out;
5985
5986 size = sizeof(buf);
5987 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2, key,
5988 buf, &size);
5989 if (!ADBG_EXPECT_CK_OK(c, rv))
5990 goto out;
5991
5992 /* Use minimal new key template just specifying attribute of key */
5993 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2, buf,
5994 size, new_key_template2, ARRAY_SIZE(new_key_template2),
5995 &unwrapped_key);
5996 if (!ADBG_EXPECT_CK_OK(c, rv))
5997 goto out;
5998
5999 rv = C_GetAttributeValue(session, unwrapped_key, get_template_unwrapped,
6000 ARRAY_SIZE(get_template_unwrapped) - 1);
6001
6002 /* Destroy created token object */
6003 if (!ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, unwrapped_key)))
6004 goto out;
6005
6006 if (!ADBG_EXPECT_CK_OK(c, rv) ||
6007 !ADBG_EXPECT_COMPARE_UNSIGNED(c, unwrapped_key_len, ==, key_len) ||
6008 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
6009 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
6010 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
6011 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_TRUE) ||
6012 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_TRUE) ||
6013 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
6014 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
6015 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
6016 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
6017 goto out;
6018
6019 /*
6020 * Unwrap with NULL template when CKA_UNWRAP_TEMPLATE has all
6021 * attributes to generate a key
6022 */
6023 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2, buf,
6024 size, NULL, 0, &unwrapped_key);
6025 if (!ADBG_EXPECT_CK_OK(c, rv))
6026 goto out;
6027
6028 rv = C_GetAttributeValue(session, unwrapped_key, get_template_unwrapped,
6029 ARRAY_SIZE(get_template_unwrapped) - 1);
6030
6031 /* Destroy created token object */
6032 if (!ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, unwrapped_key)))
6033 goto out;
6034
6035 if (!ADBG_EXPECT_CK_OK(c, rv) ||
6036 !ADBG_EXPECT_COMPARE_UNSIGNED(c, unwrapped_key_len, ==, key_len) ||
6037 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
6038 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
6039 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
6040 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_TRUE) ||
6041 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
6042 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
6043 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
6044 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
6045 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE)) {
6046 goto out;
6047 }
6048
6049 /* Unwrap and try create a Private token object */
6050 rv = C_UnwrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key2, buf,
6051 size, new_key_template3, ARRAY_SIZE(new_key_template3),
6052 &unwrapped_key);
6053 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
6054 goto out;
6055
6056 Do_ADBG_EndSubCase(c, NULL);
6057
6058 Do_ADBG_BeginSubCase(c, "Test usage of CKA_WRAP_WITH_TRUSTED");
6059
6060 /* Set Attribute WRAP_WITH_TRUSTED on the key */
6061 rv = C_SetAttributeValue(session, key, set_wwt_template,
6062 ARRAY_SIZE(set_wwt_template));
6063 if (!ADBG_EXPECT_CK_OK(c, rv))
6064 goto out;
6065
6066 /*
6067 * Try wrapping the key with attribute CKA_WRAP_WITH_TRUSTED with
6068 * normal wrapping key
6069 */
6070 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
6071 buf, &size);
6072 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_NOT_WRAPPABLE, rv))
6073 goto out;
6074
6075 /* Login as SO in RW session */
6076 rv = C_Login(session, CKU_SO, test_token_so_pin,
6077 sizeof(test_token_so_pin));
6078 if (!ADBG_EXPECT_CK_OK(c, rv))
6079 goto out;
6080
6081 rv = C_SetAttributeValue(session, wrapping_key1, set_trusted_template,
6082 ARRAY_SIZE(set_trusted_template));
6083 if (!ADBG_EXPECT_CK_OK(c, rv) ||
6084 !ADBG_EXPECT_CK_OK(c, C_Logout(session)))
6085 goto out;
6086
6087 rv = C_WrapKey(session, &cktest_aes_ecb_mechanism, wrapping_key1, key,
6088 buf, &size);
6089 if (!ADBG_EXPECT_CK_OK(c, rv))
6090 goto out;
6091
6092out:
6093 Do_ADBG_EndSubCase(c, NULL);
6094close_session:
6095 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
6096
6097close_lib:
6098 ADBG_EXPECT_CK_OK(c, close_lib());
6099}
6100ADBG_CASE_DEFINE(pkcs11, 1020, xtest_pkcs11_test_1020,
6101 "PKCS11: AES Key Wrap/UnWrap tests");