1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2018, Linaro Limited
4 */
5
6 #include <ck_debug.h>
7 #include <inttypes.h>
8 #ifdef OPENSSL_FOUND
9 #include <openssl/evp.h>
10 #endif
11 #include <pkcs11.h>
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <string.h>
15 #include <util.h>
16
17 #include "xtest_test.h"
18 #include "xtest_helpers.h"
19
20 #include <regression_4000_data.h>
21
22 /*
23 * Some PKCS#11 object resources used in the tests
24 */
25 static const CK_BYTE cktest_aes128_key[16];
26
27 static const CK_BYTE cktest_aes128_iv[16];
28
29 static const CK_AES_CTR_PARAMS cktest_aes_ctr_params = {
30 .ulCounterBits = 1,
31 };
32
33 static CK_MECHANISM cktest_aes_ecb_mechanism = {
34 CKM_AES_ECB,
35 NULL, 0,
36 };
37 static CK_MECHANISM cktest_aes_cbc_mechanism = {
38 CKM_AES_CBC,
39 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
40 };
41 static CK_MECHANISM cktest_aes_ctr_mechanism = {
42 CKM_AES_CTR,
43 (CK_BYTE_PTR)&cktest_aes_ctr_params, sizeof(cktest_aes_ctr_params),
44 };
45 static CK_MECHANISM cktest_aes_cts_mechanism = {
46 CKM_AES_CTS,
47 (CK_BYTE_PTR)cktest_aes128_iv, sizeof(cktest_aes128_iv),
48 };
49 static CK_MECHANISM cktest_hmac_md5_mechanism = {
50 CKM_MD5_HMAC, NULL, 0,
51 };
52 static CK_MECHANISM cktest_hmac_sha1_mechanism = {
53 CKM_SHA_1_HMAC, NULL, 0,
54 };
55 static CK_MECHANISM cktest_hmac_sha224_mechanism = {
56 CKM_SHA224_HMAC, NULL, 0,
57 };
58 static CK_MECHANISM cktest_hmac_sha256_mechanism = {
59 CKM_SHA256_HMAC, NULL, 0,
60 };
61 static CK_MECHANISM cktest_hmac_sha384_mechanism = {
62 CKM_SHA384_HMAC, NULL, 0,
63 };
64 static CK_MECHANISM cktest_hmac_sha512_mechanism = {
65 CKM_SHA512_HMAC, NULL, 0,
66 };
67 static CK_MECHANISM cktest_gensecret_keygen_mechanism = {
68 CKM_GENERIC_SECRET_KEY_GEN, NULL, 0,
69 };
70 static CK_MECHANISM cktest_aes_keygen_mechanism = {
71 CKM_AES_KEY_GEN, NULL, 0,
72 };
73
74 /*
75 * Util to find a slot on which to open a session
76 */
close_lib(void)77 static CK_RV close_lib(void)
78 {
79 return C_Finalize(0);
80 }
81
init_lib_and_find_token_slot(CK_SLOT_ID * slot)82 static CK_RV init_lib_and_find_token_slot(CK_SLOT_ID *slot)
83 {
84 CK_RV rv = CKR_GENERAL_ERROR;
85 CK_SLOT_ID_PTR slots = NULL;
86 CK_ULONG count = 0;
87
88 rv = C_Initialize(0);
89 if (rv)
90 return rv;
91
92 rv = C_GetSlotList(CK_TRUE, NULL, &count);
93 if (rv != CKR_OK)
94 goto bail;
95
96 if (count < 1) {
97 rv = CKR_GENERAL_ERROR;
98 goto bail;
99 }
100
101 slots = malloc(count * sizeof(CK_SLOT_ID));
102 if (!slots) {
103 rv = CKR_HOST_MEMORY;
104 goto bail;
105 }
106
107 rv = C_GetSlotList(CK_TRUE, slots, &count);
108 if (rv)
109 goto bail;
110
111 /* Use the last slot */
112 *slot = slots[count - 1];
113
114 bail:
115 free(slots);
116 if (rv)
117 close_lib();
118
119 return rv;
120 }
121
xtest_pkcs11_test_1000(ADBG_Case_t * c)122 static void xtest_pkcs11_test_1000(ADBG_Case_t *c)
123 {
124 CK_RV rv;
125
126 rv = C_Initialize(NULL);
127 if (!ADBG_EXPECT_CK_OK(c, rv))
128 return;
129
130 rv = C_Finalize(NULL);
131 if (!ADBG_EXPECT_CK_OK(c, rv))
132 return;
133
134 rv = C_Initialize(NULL);
135 if (!ADBG_EXPECT_CK_OK(c, rv))
136 return;
137
138 rv = C_Initialize(NULL);
139 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_ALREADY_INITIALIZED, rv);
140
141 rv = C_Finalize(NULL);
142 ADBG_EXPECT_CK_OK(c, rv);
143
144 rv = C_Finalize(NULL);
145 ADBG_EXPECT_CK_RESULT(c, CKR_CRYPTOKI_NOT_INITIALIZED, rv);
146 }
147
148 ADBG_CASE_DEFINE(pkcs11, 1000, xtest_pkcs11_test_1000,
149 "Initialize and close Cryptoki library");
150
xtest_pkcs11_test_1001(ADBG_Case_t * c)151 static void xtest_pkcs11_test_1001(ADBG_Case_t *c)
152 {
153 CK_RV rv = CKR_GENERAL_ERROR;
154 CK_SLOT_ID_PTR slot_ids = NULL;
155 CK_ULONG slot_count = 0;
156 CK_ULONG present_slot_count = 0;
157 CK_INFO lib_info = { };
158 CK_SLOT_INFO slot_info = { };
159 CK_TOKEN_INFO token_info = { };
160 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
161 size_t i = 0;
162 CK_SLOT_ID max_slot_id = 0;
163 CK_MECHANISM_TYPE_PTR mecha_types = NULL;
164 CK_ULONG mecha_count = 0;
165 CK_MECHANISM_INFO mecha_info = { };
166
167 rv = C_Initialize(NULL);
168 if (!ADBG_EXPECT_CK_OK(c, rv))
169 return;
170
171 Do_ADBG_BeginSubCase(c, "Test C_GetFunctionList()");
172
173 rv = C_GetFunctionList(&ckfunc_list);
174 if (!ADBG_EXPECT_CK_OK(c, rv))
175 goto out;
176
177 if (!ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetInfo) ||
178 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotList) ||
179 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSlotInfo) ||
180 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetTokenInfo) ||
181 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismList) ||
182 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetMechanismInfo))
183 goto out;
184
185 Do_ADBG_EndSubCase(c, "Test C_GetFunctionList()");
186 Do_ADBG_BeginSubCase(c, "Test C_GetInfo()");
187
188 rv = C_GetInfo(&lib_info);
189 if (!ADBG_EXPECT_CK_OK(c, rv))
190 goto out;
191
192 Do_ADBG_EndSubCase(c, "Test C_GetInfo()");
193 Do_ADBG_BeginSubCase(c, "Test C_GetSlotList()");
194
195 rv = C_GetSlotList(0, NULL, &slot_count);
196 if (!ADBG_EXPECT_CK_OK(c, rv))
197 goto out;
198
199 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, !=, 0))
200 goto out;
201
202 if (slot_count > 1) {
203 /* Ensure case non-NULL-buffer and zero-count is tested */
204 CK_SLOT_ID id = 0;
205
206 slot_count = 0;
207 rv = C_GetSlotList(0, &id, &slot_count);
208 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
209 goto out;
210 }
211
212 rv = C_GetSlotList(1, NULL, &present_slot_count);
213 if (!ADBG_EXPECT_CK_OK(c, rv))
214 goto out;
215
216 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, slot_count, ==,
217 present_slot_count))
218 goto out;
219
220 slot_ids = calloc(slot_count, sizeof(CK_SLOT_ID));
221 if (!ADBG_EXPECT_NOT_NULL(c, slot_ids))
222 goto out;
223
224 slot_count--;
225 rv = C_GetSlotList(1, slot_ids, &slot_count);
226 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
227 goto out;
228
229 rv = C_GetSlotList(1, slot_ids, &slot_count);
230 if (!ADBG_EXPECT_CK_OK(c, rv))
231 goto out;
232
233 Do_ADBG_EndSubCase(c, "Test C_GetSlotList()");
234 Do_ADBG_BeginSubCase(c, "Test C_Get{Slot|Token}Info()");
235
236 for (i = 0; i < slot_count; i++) {
237 CK_SLOT_ID slot = slot_ids[i];
238
239 rv = C_GetSlotInfo(slot, &slot_info);
240 if (!ADBG_EXPECT_CK_OK(c, rv))
241 goto out;
242
243 rv = C_GetTokenInfo(slot, &token_info);
244 if (!ADBG_EXPECT_CK_OK(c, rv))
245 goto out;
246
247 if (max_slot_id < slot)
248 max_slot_id = slot;
249 }
250
251 Do_ADBG_EndSubCase(c, "Test C_Get{Slot|Token}Info()");
252 Do_ADBG_BeginSubCase(c, "Test C_GetMechanism{List|Info}()");
253
254 for (i = 0; i < slot_count; i++) {
255 CK_SLOT_ID slot = slot_ids[i];
256 size_t j = 0;
257
258 mecha_count = 0;
259 rv = C_GetMechanismList(slot, NULL, &mecha_count);
260 if (!ADBG_EXPECT_CK_OK(c, rv))
261 goto out;
262
263 if (mecha_count == 0)
264 continue;
265
266 free(mecha_types);
267 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
268 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
269 goto out;
270
271 /* Test specific case: valid buffer reference with 0 count */
272 mecha_count = 0;
273 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
274 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
275 goto out;
276
277 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
278 if (!ADBG_EXPECT_CK_OK(c, rv))
279 goto out;
280
281 for (j = 0; j < mecha_count; j++) {
282 rv = C_GetMechanismInfo(slot, mecha_types[j],
283 &mecha_info);
284 if (!ADBG_EXPECT_CK_OK(c, rv))
285 goto out;
286 }
287 }
288
289 Do_ADBG_EndSubCase(c, "Test C_GetMechanism{List|Info}()");
290 Do_ADBG_BeginSubCase(c, "Test C_GetMechanismList() with larger result buffer");
291
292 for (i = 0; i < slot_count; i++) {
293 CK_SLOT_ID slot = slot_ids[i];
294 CK_ULONG real_mecha_count = 0;
295 CK_ULONG alloc_mecha_count = 0;
296 uint8_t *data_ptr = NULL;
297 size_t j = 0;
298
299 rv = C_GetMechanismList(slot, NULL, &real_mecha_count);
300 if (!ADBG_EXPECT_CK_OK(c, rv))
301 goto out;
302
303 if (real_mecha_count == 0)
304 continue;
305
306 /* Allocate more memory for mechanisms than required */
307 alloc_mecha_count = real_mecha_count + 16;
308 mecha_count = alloc_mecha_count;
309
310 free(mecha_types);
311 mecha_types = calloc(mecha_count, sizeof(*mecha_types));
312 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
313 goto out;
314 memset(mecha_types, 0xCC,
315 alloc_mecha_count * sizeof(*mecha_types));
316
317 rv = C_GetMechanismList(slot, mecha_types, &mecha_count);
318 if (!ADBG_EXPECT_CK_OK(c, rv))
319 goto out;
320
321 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, mecha_count, ==,
322 real_mecha_count))
323 goto out;
324
325 data_ptr = (uint8_t *)mecha_types;
326 for (j = real_mecha_count * sizeof(*mecha_types);
327 j < alloc_mecha_count * sizeof(*mecha_types); j++)
328 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, data_ptr[j], ==,
329 0xCC))
330 break;
331 }
332
333 Do_ADBG_EndSubCase(c, "Test C_GetMechanismList() with larger result buffer");
334 Do_ADBG_BeginSubCase(c, "Test C_Get*Info() with invalid reference");
335
336 rv = C_GetSlotInfo(max_slot_id + 1, &slot_info);
337 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
338 goto out;
339
340 rv = C_GetTokenInfo(max_slot_id + 1, &token_info);
341 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
342 goto out;
343
344 mecha_count = 1;
345 if (!mecha_types)
346 mecha_types = malloc(sizeof(*mecha_types));
347 if (!ADBG_EXPECT_NOT_NULL(c, mecha_types))
348 goto out;
349
350 rv = C_GetMechanismList(max_slot_id + 1, mecha_types, &mecha_count);
351 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
352 goto out;
353
354 rv = C_GetMechanismInfo(max_slot_id + 1, CKM_AES_KEY_GEN, &mecha_info);
355 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
356 goto out;
357
358 rv = C_GetSlotInfo(ULONG_MAX, &slot_info);
359 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
360 goto out;
361
362 rv = C_GetTokenInfo(ULONG_MAX, &token_info);
363 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
364 goto out;
365
366 mecha_count = 1;
367 rv = C_GetMechanismList(ULONG_MAX, mecha_types, &mecha_count);
368 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
369 goto out;
370
371 rv = C_GetMechanismInfo(ULONG_MAX, CKM_AES_KEY_GEN, &mecha_info);
372 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SLOT_ID_INVALID, rv))
373 goto out;
374
375 out:
376 Do_ADBG_EndSubCase(c, NULL);
377 free(slot_ids);
378 free(mecha_types);
379
380 rv = C_Finalize(NULL);
381 ADBG_EXPECT_CK_OK(c, rv);
382 }
383
384 ADBG_CASE_DEFINE(pkcs11, 1001, xtest_pkcs11_test_1001,
385 "PKCS11: List PKCS#11 slots and get information from");
386
xtest_pkcs11_test_1002(ADBG_Case_t * c)387 static void xtest_pkcs11_test_1002(ADBG_Case_t *c)
388 {
389 CK_RV rv = CKR_GENERAL_ERROR;
390 CK_SLOT_ID slot = 0;
391 CK_SESSION_HANDLE session[3] = { 0 };
392 CK_FLAGS session_flags = 0;
393 CK_SESSION_INFO session_info = { };
394 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
395
396 rv = init_lib_and_find_token_slot(&slot);
397 if (!ADBG_EXPECT_CK_OK(c, rv))
398 return;
399
400 rv = C_GetFunctionList(&ckfunc_list);
401 if (!ADBG_EXPECT_CK_OK(c, rv) ||
402 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_OpenSession) ||
403 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseSession) ||
404 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_CloseAllSessions) ||
405 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_GetSessionInfo))
406 goto bail;
407
408 Do_ADBG_BeginSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
409
410 session_flags = CKF_RW_SESSION;
411
412 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
413 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_PARALLEL_NOT_SUPPORTED, rv))
414 goto bail;
415
416 session_flags = CKF_SERIAL_SESSION;
417
418 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
419 if (!ADBG_EXPECT_CK_OK(c, rv))
420 goto bail;
421
422 rv = C_GetSessionInfo(session[0], &session_info);
423 if (!ADBG_EXPECT_CK_OK(c, rv) ||
424 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
425 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
426 session_flags) ||
427 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
428 CKS_RO_PUBLIC_SESSION) ||
429 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
430 goto bail;
431
432 session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
433
434 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[1]);
435 if (!ADBG_EXPECT_CK_OK(c, rv))
436 goto bail;
437
438 rv = C_GetSessionInfo(session[1], &session_info);
439 if (!ADBG_EXPECT_CK_OK(c, rv) ||
440 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
441 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
442 session_flags) ||
443 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
444 CKS_RW_PUBLIC_SESSION) ||
445 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
446 goto bail;
447
448 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[2]);
449 if (!ADBG_EXPECT_CK_OK(c, rv))
450 goto bail;
451
452 rv = C_GetSessionInfo(session[2], &session_info);
453 if (!ADBG_EXPECT_CK_OK(c, rv) ||
454 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.slotID, ==, slot) ||
455 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.flags, ==,
456 session_flags) ||
457 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.state, ==,
458 CKS_RW_PUBLIC_SESSION) ||
459 !ADBG_EXPECT_COMPARE_UNSIGNED(c, session_info.ulDeviceError, ==, 0))
460 goto bail;
461
462 Do_ADBG_EndSubCase(c, "Test C_OpenSession()/C_GetSessionInfo()");
463 Do_ADBG_BeginSubCase(c, "Test C_CloseSession()");
464
465 /* Close 2 of them */
466 rv = C_CloseSession(session[0]);
467 if (!ADBG_EXPECT_CK_OK(c, rv))
468 goto bail;
469
470 rv = C_GetSessionInfo(session[0], &session_info);
471 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
472 goto bail;
473
474 rv = C_GetSessionInfo(session[1], &session_info);
475 if (!ADBG_EXPECT_CK_OK(c, rv))
476 goto bail;
477
478 rv = C_GetSessionInfo(session[2], &session_info);
479 if (!ADBG_EXPECT_CK_OK(c, rv))
480 goto bail;
481
482 /* Close all remaining sessions, later calls should failed on session */
483 rv = C_CloseAllSessions(slot);
484 if (!ADBG_EXPECT_CK_OK(c, rv))
485 goto bail;
486
487 rv = C_CloseSession(session[1]);
488 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
489 goto bail;
490
491 rv = C_CloseSession(session[2]);
492 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
493 goto bail;
494
495 rv = C_GetSessionInfo(session[1], &session_info);
496 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
497 goto bail;
498
499 rv = C_GetSessionInfo(session[2], &session_info);
500 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv))
501 goto bail;
502
503 /* Open a session, should be closed from library closure */
504 rv = C_OpenSession(slot, session_flags, NULL, 0, &session[0]);
505 if (!ADBG_EXPECT_CK_OK(c, rv))
506 goto bail;
507
508 bail:
509 Do_ADBG_EndSubCase(c, NULL);
510 rv = close_lib();
511 ADBG_EXPECT_CK_OK(c, rv);
512 }
513
514 ADBG_CASE_DEFINE(pkcs11, 1002, xtest_pkcs11_test_1002,
515 "PKCS11: Open and close PKCS#11 sessions");
516
517 /*
518 * Helpers for tests where we must log into the token.
519 * These define the genuine PINs and label to be used with the test token.
520 */
521 static CK_UTF8CHAR test_token_so_pin[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 , 9, 10, };
522 static CK_UTF8CHAR test_token_user_pin[] = {
523 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
524 };
525 static CK_UTF8CHAR test_token_label[] = "PKCS11 TA test token";
526
init_test_token(CK_SLOT_ID slot)527 static CK_RV init_test_token(CK_SLOT_ID slot)
528 {
529 return C_InitToken(slot, test_token_so_pin, sizeof(test_token_so_pin),
530 test_token_label);
531 }
532
533 /* Login as user, eventually reset user PIN if needed */
init_user_test_token(CK_SLOT_ID slot)534 static CK_RV init_user_test_token(CK_SLOT_ID slot)
535 {
536 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
537 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
538 CK_RV rv = CKR_GENERAL_ERROR;
539
540 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
541 if (rv)
542 return rv;
543
544 rv = C_Login(session, CKU_USER, test_token_user_pin,
545 sizeof(test_token_user_pin));
546 if (rv == CKR_OK) {
547 C_Logout(session);
548 C_CloseSession(session);
549 return rv;
550 }
551
552 rv = C_Login(session, CKU_SO, test_token_so_pin,
553 sizeof(test_token_so_pin));
554 if (rv) {
555 C_CloseSession(session);
556
557 rv = init_test_token(slot);
558 if (rv)
559 return rv;
560
561 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
562 if (rv)
563 return rv;
564
565 rv = C_Login(session, CKU_SO, test_token_so_pin,
566 sizeof(test_token_so_pin));
567 if (rv) {
568 C_CloseSession(session);
569 return rv;
570 }
571 }
572
573 rv = C_InitPIN(session, test_token_user_pin,
574 sizeof(test_token_user_pin));
575
576 C_Logout(session);
577 C_CloseSession(session);
578
579 return rv;
580 }
581
test_already_initialized_token(ADBG_Case_t * c,CK_SLOT_ID slot)582 static CK_RV test_already_initialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
583 {
584 CK_RV rv = CKR_GENERAL_ERROR;
585 CK_TOKEN_INFO token_info = { };
586 /* Same content as test_token_so_pin[] but 1 more byte */
587 CK_UTF8CHAR pin1[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, };
588 /* Same content as test_token_so_pin[] but 1 different byte */
589 CK_UTF8CHAR pin2[] = { 0, 1, 2, 3, 4, 5, 6, 6, 8, 9, 10, };
590 CK_FLAGS flags = 0;
591
592 Do_ADBG_BeginSubCase(c, "C_InitToken() on initialized token");
593
594 rv = C_GetTokenInfo(slot, &token_info);
595 if (!ADBG_EXPECT_CK_OK(c, rv))
596 goto out;
597
598 rv = C_InitToken(slot, test_token_so_pin,
599 sizeof(test_token_so_pin) - 1, test_token_label);
600 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
601 goto out;
602
603 rv = C_InitToken(slot, pin1, sizeof(pin1), test_token_label);
604 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
605 goto out;
606
607 rv = C_InitToken(slot, pin2, sizeof(pin2), test_token_label);
608 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK))
609 goto out;
610
611 rv = C_GetTokenInfo(slot, &token_info);
612 if (!ADBG_EXPECT_CK_OK(c, rv))
613 goto out;
614
615 flags = token_info.flags;
616
617 /* Token should have set CKF_SO_PIN_COUNT_LOW to 1 */
618 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_SO_PIN_COUNT_LOW))) {
619 rv = CKR_GENERAL_ERROR;
620 goto out;
621 }
622
623 rv = init_test_token(slot);
624 if (!ADBG_EXPECT_CK_OK(c, rv))
625 goto out;
626
627 rv = C_GetTokenInfo(slot, &token_info);
628 if (!ADBG_EXPECT_CK_OK(c, rv))
629 goto out;
630
631 flags = token_info.flags;
632
633 /*
634 * Token should have reset CKF_SO_PIN_COUNT_LOW to 0.
635 * Other flags should show a sane initialized state.
636 */
637 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_SO_PIN_COUNT_LOW)) ||
638 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
639 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
640 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
641 rv = CKR_GENERAL_ERROR;
642 goto out;
643 }
644
645 rv = init_user_test_token(slot);
646 if (!ADBG_EXPECT_CK_OK(c, rv))
647 goto out;
648
649 rv = C_GetTokenInfo(slot, &token_info);
650 if (!ADBG_EXPECT_CK_OK(c, rv))
651 goto out;
652
653 flags = token_info.flags;
654
655 if (!ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
656 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
657 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
658 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
659 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
660 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE))) {
661 rv = CKR_GENERAL_ERROR;
662 goto out;
663 }
664
665 out:
666 Do_ADBG_EndSubCase(c, "C_InitToken() on initialized token");
667
668 return rv;
669 }
670
test_uninitialized_token(ADBG_Case_t * c,CK_SLOT_ID slot)671 static CK_RV test_uninitialized_token(ADBG_Case_t *c, CK_SLOT_ID slot)
672 {
673 CK_RV rv = CKR_GENERAL_ERROR;
674 CK_TOKEN_INFO token_info = { };
675 CK_FLAGS flags = 0;
676
677 Do_ADBG_BeginSubCase(c, "C_InitToken() on uninitialized token");
678
679 rv = init_test_token(slot);
680 if (!ADBG_EXPECT_CK_OK(c, rv))
681 goto out;
682
683 rv = C_GetTokenInfo(slot, &token_info);
684 if (!ADBG_EXPECT_CK_OK(c, rv))
685 goto out;
686
687 flags = token_info.flags;
688
689 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
690 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)) ||
691 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_INITIALIZED))) {
692 rv = CKR_GENERAL_ERROR;
693 goto out;
694 }
695
696 rv = init_user_test_token(slot);
697 if (!ADBG_EXPECT_CK_OK(c, rv))
698 goto out;
699
700 rv = C_GetTokenInfo(slot, &token_info);
701 if (!ADBG_EXPECT_CK_OK(c, rv))
702 goto out;
703
704 flags = token_info.flags;
705
706 if (!ADBG_EXPECT_TRUE(c, !!(flags & CKF_TOKEN_INITIALIZED)) ||
707 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_COUNT_LOW)) ||
708 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_FINAL_TRY)) ||
709 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_LOCKED)) ||
710 !ADBG_EXPECT_TRUE(c, !(flags & CKF_USER_PIN_TO_BE_CHANGED)) ||
711 !ADBG_EXPECT_TRUE(c, !!(flags & CKF_USER_PIN_INITIALIZED)) ||
712 !ADBG_EXPECT_TRUE(c, !(flags & CKF_ERROR_STATE)))
713 rv = CKR_GENERAL_ERROR;
714
715 out:
716 Do_ADBG_EndSubCase(c, "C_InitToken() on uninitialized token");
717
718 return rv;
719 }
720
test_login_logout(ADBG_Case_t * c,CK_SLOT_ID slot)721 static CK_RV test_login_logout(ADBG_Case_t *c, CK_SLOT_ID slot)
722 {
723 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
724 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
725 CK_RV rv = CKR_GENERAL_ERROR;
726
727 Do_ADBG_BeginSubCase(c, "Test C_Login()/C_Logout()");
728
729 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
730 if (!ADBG_EXPECT_CK_OK(c, rv))
731 goto out;
732
733 /* Logout: should fail as we did not log in yet */
734 rv = C_Logout(session);
735 ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv);
736
737 /* Login/re-log/logout user */
738 rv = C_Login(session, CKU_USER, test_token_user_pin,
739 sizeof(test_token_user_pin));
740 if (!ADBG_EXPECT_CK_OK(c, rv))
741 goto out;
742
743 rv = C_Login(session, CKU_USER, test_token_user_pin,
744 sizeof(test_token_user_pin));
745 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
746
747 rv = C_Logout(session);
748 if (!ADBG_EXPECT_CK_OK(c, rv))
749 goto out;
750
751 /* Login/re-log/logout security officer */
752 rv = C_Login(session, CKU_SO, test_token_so_pin,
753 sizeof(test_token_so_pin));
754 if (!ADBG_EXPECT_CK_OK(c, rv))
755 goto out;
756
757 rv = C_Login(session, CKU_SO, test_token_so_pin,
758 sizeof(test_token_so_pin));
759 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ALREADY_LOGGED_IN, rv);
760
761 rv = C_Logout(session);
762 if (!ADBG_EXPECT_CK_OK(c, rv))
763 goto out;
764
765 /* Login user then SO and reverse */
766 rv = C_Login(session, CKU_SO, test_token_so_pin,
767 sizeof(test_token_so_pin));
768 ADBG_EXPECT_CK_OK(c, rv);
769
770 rv = C_Login(session, CKU_USER, test_token_user_pin,
771 sizeof(test_token_user_pin));
772 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
773
774 rv = C_Logout(session);
775 if (!ADBG_EXPECT_CK_OK(c, rv))
776 goto out;
777
778 rv = C_Login(session, CKU_USER, test_token_user_pin,
779 sizeof(test_token_user_pin));
780 ADBG_EXPECT_CK_OK(c, rv);
781
782 rv = C_Login(session, CKU_SO, test_token_so_pin,
783 sizeof(test_token_so_pin));
784 ADBG_EXPECT_CK_RESULT(c, CKR_USER_ANOTHER_ALREADY_LOGGED_IN, rv);
785
786 rv = C_Logout(session);
787 ADBG_EXPECT_CK_OK(c, rv);
788
789 /* Login context specifc, in an invalid case (need an operation) */
790 rv = C_Login(session, CKU_CONTEXT_SPECIFIC, test_token_user_pin,
791 sizeof(test_token_user_pin));
792 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
793
794 rv = C_CloseSession(session);
795 ADBG_EXPECT_CK_OK(c, rv);
796
797 out:
798 Do_ADBG_EndSubCase(c, "Test C_Login()/C_Logout()");
799 return rv;
800 }
801
test_set_pin(ADBG_Case_t * c,CK_SLOT_ID slot,CK_USER_TYPE user_type)802 static CK_RV test_set_pin(ADBG_Case_t *c, CK_SLOT_ID slot,
803 CK_USER_TYPE user_type)
804 {
805 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
806 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
807 CK_UTF8CHAR some_pin[] = { 7, 6, 5, 4, 3, 2, 1, 2, 3, 4, 5, 6, 7 };
808 CK_UTF8CHAR_PTR old_pin = NULL;
809 CK_USER_TYPE ut = user_type;
810 size_t old_pin_sz = 0;
811 CK_RV rv2 = CKR_OK;
812 CK_RV rv = CKR_OK;
813
814 Do_ADBG_BeginSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
815
816 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
817 if (!ADBG_EXPECT_CK_OK(c, rv))
818 goto out;
819
820 if (user_type == CKU_SO) {
821 old_pin = (CK_UTF8CHAR_PTR)test_token_so_pin;
822 old_pin_sz = sizeof(test_token_so_pin);
823 } else {
824 old_pin = (CK_UTF8CHAR_PTR)test_token_user_pin;
825 old_pin_sz = sizeof(test_token_user_pin);
826 ut = CKU_USER;
827 }
828
829 if (ut == user_type) {
830 rv = C_Login(session, ut, old_pin, old_pin_sz);
831 if (!ADBG_EXPECT_CK_OK(c, rv))
832 goto out_session;
833 }
834
835 rv = C_SetPIN(session, old_pin, old_pin_sz, some_pin, sizeof(some_pin));
836 if (!ADBG_EXPECT_CK_OK(c, rv)) {
837 if (ut == user_type)
838 goto out_logout;
839 else
840 goto out_session;
841 }
842
843 if (ut == user_type) {
844 rv = C_Logout(session);
845 if (!ADBG_EXPECT_CK_OK(c, rv))
846 goto out_session;
847 }
848
849 rv = C_Login(session, ut, some_pin, sizeof(some_pin));
850 if (!ADBG_EXPECT_CK_OK(c, rv))
851 goto out_session;
852
853 rv = C_SetPIN(session, some_pin, sizeof(some_pin), old_pin, old_pin_sz);
854 ADBG_EXPECT_CK_OK(c, rv);
855
856 out_logout:
857 rv2 = C_Logout(session);
858 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
859 rv = rv2;
860 out_session:
861 rv2 = C_CloseSession(session);
862 if (!ADBG_EXPECT_CK_OK(c, rv2) && !rv)
863 rv = rv2;
864 out:
865 Do_ADBG_EndSubCase(c, "Test C_SetPIN() user_type %lu", user_type);
866
867 return rv;
868 }
869
xtest_pkcs11_test_1003(ADBG_Case_t * c)870 static void xtest_pkcs11_test_1003(ADBG_Case_t *c)
871 {
872 CK_RV rv = CKR_GENERAL_ERROR;
873 CK_FUNCTION_LIST_PTR ckfunc_list = NULL;
874 CK_SLOT_ID slot = 0;
875 CK_TOKEN_INFO token_info = { };
876
877 rv = C_GetFunctionList(&ckfunc_list);
878 if (!ADBG_EXPECT_CK_OK(c, rv) ||
879 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitToken) ||
880 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_InitPIN) ||
881 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_SetPIN) ||
882 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Login) ||
883 !ADBG_EXPECT_NOT_NULL(c, ckfunc_list->C_Logout))
884 goto out;
885
886 rv = init_lib_and_find_token_slot(&slot);
887 if (!ADBG_EXPECT_CK_OK(c, rv))
888 return;
889
890 rv = C_GetTokenInfo(slot, &token_info);
891 if (!ADBG_EXPECT_CK_OK(c, rv))
892 goto out;
893
894 /* Abort test if token is about to lock */
895 if (!ADBG_EXPECT_TRUE(c, !(token_info.flags & CKF_SO_PIN_FINAL_TRY)))
896 goto out;
897
898 if (!(token_info.flags & CKF_TOKEN_INITIALIZED)) {
899 rv = test_uninitialized_token(c, slot);
900 if (rv != CKR_OK)
901 goto out;
902 }
903
904 rv = test_already_initialized_token(c, slot);
905 if (rv != CKR_OK)
906 goto out;
907
908 rv = test_login_logout(c, slot);
909 if (rv != CKR_OK)
910 goto out;
911
912 rv = test_set_pin(c, slot, CKU_USER);
913 if (rv != CKR_OK)
914 goto out;
915
916 rv = test_set_pin(c, slot, CKU_SO);
917 if (rv != CKR_OK)
918 goto out;
919
920 /*
921 * CKU_CONTEXT_SPECIFIC is anything not CKU_USER or CKU_SO in order
922 * to skip the initial login.
923 */
924 test_set_pin(c, slot, CKU_CONTEXT_SPECIFIC);
925 out:
926 rv = close_lib();
927 ADBG_EXPECT_CK_OK(c, rv);
928 }
929
930 ADBG_CASE_DEFINE(pkcs11, 1003, xtest_pkcs11_test_1003,
931 "PKCS11: Login to PKCS#11 token");
932
933 static CK_ATTRIBUTE cktest_token_object[] = {
934 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
935 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
936 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
937 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
938 sizeof(CK_OBJECT_CLASS) },
939 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
940 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
941 };
942
943 static CK_ATTRIBUTE cktest_session_object[] = {
944 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
945 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
946 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
947 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
948 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
949 sizeof(CK_OBJECT_CLASS) },
950 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
951 };
952
953 /* Create session object and token object from a session */
test_create_destroy_single_object(ADBG_Case_t * c,bool persistent)954 static void test_create_destroy_single_object(ADBG_Case_t *c, bool persistent)
955 {
956 CK_RV rv = CKR_GENERAL_ERROR;
957 CK_SLOT_ID slot = 0;
958 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
959 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
960 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
961
962 rv = init_lib_and_find_token_slot(&slot);
963 if (!ADBG_EXPECT_CK_OK(c, rv))
964 return;
965
966 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
967 if (!ADBG_EXPECT_CK_OK(c, rv))
968 goto out;
969
970 if (persistent) {
971 rv = C_CreateObject(session, cktest_token_object,
972 ARRAY_SIZE(cktest_token_object),
973 &obj_hdl);
974 } else {
975 rv = C_CreateObject(session, cktest_session_object,
976 ARRAY_SIZE(cktest_session_object),
977 &obj_hdl);
978 }
979
980 if (!ADBG_EXPECT_CK_OK(c, rv))
981 goto out;
982
983 rv = C_DestroyObject(session, obj_hdl);
984 ADBG_EXPECT_CK_OK(c, rv);
985 out:
986 rv = C_CloseSession(session);
987 ADBG_EXPECT_CK_OK(c, rv);
988
989 rv = close_lib();
990 ADBG_EXPECT_CK_OK(c, rv);
991 }
992
test_create_destroy_session_objects(ADBG_Case_t * c)993 static void test_create_destroy_session_objects(ADBG_Case_t *c)
994 {
995 CK_RV rv = CKR_GENERAL_ERROR;
996 CK_SLOT_ID slot = 0;
997 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
998 CK_OBJECT_HANDLE obj_hdl[512] = { 0 };
999 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
1000 size_t n = 0;
1001
1002 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
1003 obj_hdl[n] = CK_INVALID_HANDLE;
1004
1005 rv = init_lib_and_find_token_slot(&slot);
1006 if (!ADBG_EXPECT_CK_OK(c, rv))
1007 return;
1008
1009 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1010 if (!ADBG_EXPECT_CK_OK(c, rv))
1011 goto out;
1012
1013 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++) {
1014 rv = C_CreateObject(session, cktest_session_object,
1015 ARRAY_SIZE(cktest_session_object),
1016 obj_hdl + n);
1017
1018 if (rv == CKR_DEVICE_MEMORY || !ADBG_EXPECT_CK_OK(c, rv))
1019 break;
1020 }
1021
1022 Do_ADBG_Log(" created object count: %zu", n);
1023
1024 rv = C_CloseSession(session);
1025 ADBG_EXPECT_CK_OK(c, rv);
1026
1027 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1028 if (!ADBG_EXPECT_CK_OK(c, rv))
1029 goto out;
1030
1031 rv = C_CreateObject(session, cktest_session_object,
1032 ARRAY_SIZE(cktest_session_object),
1033 obj_hdl);
1034
1035 ADBG_EXPECT_CK_OK(c, rv);
1036
1037 out:
1038 rv = C_CloseSession(session);
1039 ADBG_EXPECT_CK_OK(c, rv);
1040
1041 rv = close_lib();
1042 ADBG_EXPECT_CK_OK(c, rv);
1043 }
1044
1045 /* Create session object and token object from a session */
test_create_objects_in_session(ADBG_Case_t * c,bool readwrite)1046 static void test_create_objects_in_session(ADBG_Case_t *c, bool readwrite)
1047 {
1048 CK_RV rv = CKR_GENERAL_ERROR;
1049 CK_SLOT_ID slot = 0;
1050 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1051 CK_OBJECT_HANDLE token_obj_hld = CK_INVALID_HANDLE;
1052 CK_OBJECT_HANDLE session_obj_hld = CK_INVALID_HANDLE;
1053 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1054
1055 rv = init_lib_and_find_token_slot(&slot);
1056 if (!ADBG_EXPECT_CK_OK(c, rv))
1057 return;
1058
1059 if (readwrite)
1060 session_flags |= CKF_RW_SESSION;
1061
1062 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1063 if (!ADBG_EXPECT_CK_OK(c, rv))
1064 goto out;
1065
1066 rv = C_CreateObject(session, cktest_token_object,
1067 ARRAY_SIZE(cktest_token_object),
1068 &token_obj_hld);
1069
1070 if (readwrite) {
1071 if (!ADBG_EXPECT_CK_OK(c, rv))
1072 goto out;
1073 } else {
1074 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
1075 goto out;
1076 }
1077
1078 rv = C_CreateObject(session, cktest_session_object,
1079 ARRAY_SIZE(cktest_session_object),
1080 &session_obj_hld);
1081
1082 if (!ADBG_EXPECT_CK_OK(c, rv))
1083 goto out_tobj;
1084
1085 rv = C_DestroyObject(session, session_obj_hld);
1086 ADBG_EXPECT_CK_OK(c, rv);
1087
1088 out_tobj:
1089 if (readwrite) {
1090 rv = C_DestroyObject(session, token_obj_hld);
1091 ADBG_EXPECT_CK_OK(c, rv);
1092 }
1093 out:
1094 rv = C_CloseSession(session);
1095 ADBG_EXPECT_CK_OK(c, rv);
1096
1097 rv = close_lib();
1098 ADBG_EXPECT_CK_OK(c, rv);
1099 }
1100
xtest_pkcs11_test_1004(ADBG_Case_t * c)1101 static void xtest_pkcs11_test_1004(ADBG_Case_t *c)
1102 {
1103 Do_ADBG_BeginSubCase(c, "Create and destroy a volatile object");
1104 test_create_destroy_single_object(c, false /*!persistent*/);
1105 Do_ADBG_EndSubCase(c, "Create and destroy a volatile object");
1106
1107 Do_ADBG_BeginSubCase(c, "Create and destroy a persistent object");
1108 test_create_destroy_single_object(c, true /*persistent*/);
1109 Do_ADBG_EndSubCase(c, "Create and destroy a persistent object");
1110
1111 Do_ADBG_BeginSubCase(c, "Create and destroy many session objects");
1112 test_create_destroy_session_objects(c);
1113 Do_ADBG_EndSubCase(c, "Create and destroy many session objects");
1114
1115 Do_ADBG_BeginSubCase(c, "Create objects in a read-only session");
1116 test_create_objects_in_session(c, false /*!readwrite*/);
1117 Do_ADBG_EndSubCase(c, "Create objects in a read-only session");
1118
1119 Do_ADBG_BeginSubCase(c, "Create objects in a read/write session");
1120 test_create_objects_in_session(c, true /*readwrite*/);
1121 Do_ADBG_EndSubCase(c, "Create objects in a read/write session");
1122 }
1123
1124 ADBG_CASE_DEFINE(pkcs11, 1004, xtest_pkcs11_test_1004,
1125 "PKCS11: create/destroy PKCS#11 simple objects");
1126
1127
1128 static const CK_MECHANISM_TYPE allowed_only_aes_ecb[] = {
1129 CKM_AES_ECB,
1130 };
1131 static const CK_MECHANISM_TYPE allowed_not_aes_ecb[] = {
1132 CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1133 CKM_AES_GCM, CKM_AES_CCM,
1134 };
1135 static const CK_MECHANISM_TYPE allowed_only_aes_cbcnopad[] = {
1136 CKM_AES_CBC,
1137 };
1138 static const CK_MECHANISM_TYPE allowed_not_aes_cbcnopad[] = {
1139 CKM_AES_ECB, CKM_AES_CBC_PAD, CKM_AES_CTR, CKM_AES_CTS,
1140 CKM_AES_GCM, CKM_AES_CCM,
1141 };
1142 static const CK_MECHANISM_TYPE allowed_only_aes_ctr[] = {
1143 CKM_AES_CTR,
1144 };
1145 static const CK_MECHANISM_TYPE allowed_not_aes_ctr[] = {
1146 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTS,
1147 CKM_AES_GCM, CKM_AES_CCM,
1148 };
1149 static const CK_MECHANISM_TYPE allowed_only_aes_cts[] = {
1150 CKM_AES_CTS,
1151 };
1152 static const CK_MECHANISM_TYPE allowed_not_aes_cts[] = {
1153 CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_CTR,
1154 CKM_AES_GCM, CKM_AES_CCM,
1155 };
1156
1157 #define CKTEST_AES_KEY \
1158 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1159 sizeof(CK_OBJECT_CLASS) }, \
1160 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, \
1161 sizeof(CK_KEY_TYPE) }, \
1162 { CKA_VALUE, (void *)cktest_aes128_key, \
1163 sizeof(cktest_aes128_key) }
1164
1165 #define CKTEST_AES_ALLOWED_KEY(_allowed) \
1166 { CKA_ALLOWED_MECHANISMS, (void *)_allowed, sizeof(_allowed), }
1167
1168 #define CK_KEY_ALLOWED_AES_TEST(_label, _allowed) \
1169 static CK_ATTRIBUTE _label[] = { \
1170 CKTEST_AES_KEY, \
1171 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1172 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1173 CKTEST_AES_ALLOWED_KEY(_allowed), \
1174 }
1175
1176 #define CK_KEY_ALLOWED_AES_ENC_TEST(_label, _allowed) \
1177 static CK_ATTRIBUTE _label[] = { \
1178 CKTEST_AES_KEY, \
1179 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1180 CKTEST_AES_ALLOWED_KEY(_allowed), \
1181 }
1182 #define CK_KEY_ALLOWED_AES_DEC_TEST(_label, _allowed) \
1183 static CK_ATTRIBUTE _label[] = { \
1184 CKTEST_AES_KEY, \
1185 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) }, \
1186 CKTEST_AES_ALLOWED_KEY(_allowed), \
1187 }
1188
1189 CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ecb, allowed_only_aes_ecb);
1190 CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ecb, allowed_not_aes_ecb);
1191 CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cbcnopad, allowed_only_aes_cbcnopad);
1192 CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cbcnopad, allowed_not_aes_cbcnopad);
1193 CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_cts, allowed_only_aes_cts);
1194 CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_cts, allowed_not_aes_cts);
1195 CK_KEY_ALLOWED_AES_TEST(cktest_aes_only_ctr, allowed_only_aes_ctr);
1196 CK_KEY_ALLOWED_AES_TEST(cktest_aes_not_ctr, allowed_not_aes_ctr);
1197
1198 struct cktest_allowed_test {
1199 CK_ATTRIBUTE_PTR attr_key;
1200 CK_ULONG attr_count;
1201 CK_MECHANISM_PTR mechanism;
1202 };
1203
1204 #define CKTEST_KEY_MECHA(key, mecha) { \
1205 .attr_key = key, \
1206 .attr_count = ARRAY_SIZE(key), \
1207 .mechanism = mecha, \
1208 }
1209
1210 static const struct cktest_allowed_test cktest_allowed_valid[] = {
1211 CKTEST_KEY_MECHA(cktest_aes_only_ecb, &cktest_aes_ecb_mechanism),
1212 CKTEST_KEY_MECHA(cktest_aes_only_cbcnopad, &cktest_aes_cbc_mechanism),
1213 CKTEST_KEY_MECHA(cktest_aes_only_cts, &cktest_aes_cts_mechanism),
1214 CKTEST_KEY_MECHA(cktest_aes_only_ctr, &cktest_aes_ctr_mechanism),
1215 };
1216
1217 static const struct cktest_allowed_test cktest_allowed_invalid[] = {
1218 CKTEST_KEY_MECHA(cktest_aes_not_ecb, &cktest_aes_ecb_mechanism),
1219 CKTEST_KEY_MECHA(cktest_aes_not_cbcnopad, &cktest_aes_cbc_mechanism),
1220 CKTEST_KEY_MECHA(cktest_aes_not_cts, &cktest_aes_cts_mechanism),
1221 CKTEST_KEY_MECHA(cktest_aes_not_ctr, &cktest_aes_ctr_mechanism),
1222 };
1223
1224 /* Create session object and token object from a session */
cipher_init_final(ADBG_Case_t * c,CK_SESSION_HANDLE session,CK_ATTRIBUTE_PTR attr_key,CK_ULONG attr_count,CK_MECHANISM_PTR mechanism,uint32_t mode,CK_RV expected_rc)1225 static CK_RV cipher_init_final(ADBG_Case_t *c, CK_SESSION_HANDLE session,
1226 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1227 CK_MECHANISM_PTR mechanism, uint32_t mode,
1228 CK_RV expected_rc)
1229 {
1230 CK_RV rv2 = CKR_GENERAL_ERROR;
1231 CK_RV rv = CKR_GENERAL_ERROR;
1232 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1233
1234 switch (mode) {
1235 case TEE_MODE_ENCRYPT:
1236 case TEE_MODE_DECRYPT:
1237 break;
1238 default:
1239 ADBG_EXPECT_TRUE(c, false);
1240 }
1241
1242 rv = C_CreateObject(session, attr_key, attr_count, &object);
1243 if (!ADBG_EXPECT_CK_OK(c, rv))
1244 return rv;
1245
1246 if (mode == TEE_MODE_ENCRYPT)
1247 rv = C_EncryptInit(session, mechanism, object);
1248 if (mode == TEE_MODE_DECRYPT)
1249 rv = C_DecryptInit(session, mechanism, object);
1250
1251 if (!ADBG_EXPECT_CK_RESULT(c, expected_rc, rv)) {
1252 rv = CKR_GENERAL_ERROR;
1253 goto out;
1254 }
1255
1256 if (rv) {
1257 /*
1258 * If we're here it was the expected error code above and
1259 * we're supposed to return OK below.
1260 */
1261 rv = CKR_OK;
1262 } else {
1263 if (mode == TEE_MODE_ENCRYPT)
1264 rv = C_EncryptFinal(session, NULL, NULL);
1265 if (mode == TEE_MODE_DECRYPT)
1266 rv = C_DecryptFinal(session, NULL, NULL);
1267
1268 /* Only check that the operation is no more active */
1269 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
1270 rv = CKR_GENERAL_ERROR;
1271 }
1272
1273 out:
1274 rv2 = C_DestroyObject(session, object);
1275 ADBG_EXPECT_CK_OK(c, rv2);
1276
1277 if (rv)
1278 return rv;
1279 else
1280 return rv2;
1281 }
1282
1283 CK_KEY_ALLOWED_AES_ENC_TEST(cktest_aes_enc_only_cts, allowed_only_aes_cts);
1284
1285 CK_KEY_ALLOWED_AES_DEC_TEST(cktest_aes_dec_only_ctr, allowed_only_aes_ctr);
1286
xtest_pkcs11_test_1005(ADBG_Case_t * c)1287 static void xtest_pkcs11_test_1005(ADBG_Case_t *c)
1288 {
1289 CK_RV rv = CKR_GENERAL_ERROR;
1290 CK_SLOT_ID slot = 0;
1291 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1292 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1293 size_t n = 0;
1294
1295 rv = init_lib_and_find_token_slot(&slot);
1296 if (!ADBG_EXPECT_CK_OK(c, rv))
1297 return;
1298
1299 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1300 if (!ADBG_EXPECT_CK_OK(c, rv))
1301 goto out;
1302
1303 for (n = 0; n < ARRAY_SIZE(cktest_allowed_valid); n++) {
1304
1305 Do_ADBG_BeginSubCase(c, "valid usage #%zu", n);
1306
1307 rv = cipher_init_final(c, session,
1308 cktest_allowed_valid[n].attr_key,
1309 cktest_allowed_valid[n].attr_count,
1310 cktest_allowed_valid[n].mechanism,
1311 TEE_MODE_ENCRYPT,
1312 CKR_OK);
1313
1314 ADBG_EXPECT_CK_OK(c, rv);
1315
1316 Do_ADBG_EndSubCase(c, NULL);
1317 if (rv)
1318 goto out;
1319
1320 }
1321
1322 for (n = 0; n < ARRAY_SIZE(cktest_allowed_invalid); n++) {
1323 Do_ADBG_BeginSubCase(c, "invalid usage #%zu", n);
1324
1325 rv = cipher_init_final(c, session,
1326 cktest_allowed_invalid[n].attr_key,
1327 cktest_allowed_invalid[n].attr_count,
1328 cktest_allowed_invalid[n].mechanism,
1329 TEE_MODE_ENCRYPT,
1330 CKR_KEY_FUNCTION_NOT_PERMITTED);
1331
1332 ADBG_EXPECT_CK_OK(c, rv);
1333
1334 Do_ADBG_EndSubCase(c, NULL);
1335 if (rv)
1336 goto out;
1337
1338 }
1339
1340 out:
1341 rv = C_CloseSession(session);
1342 ADBG_EXPECT_CK_OK(c, rv);
1343
1344 rv = close_lib();
1345 ADBG_EXPECT_CK_OK(c, rv);
1346 }
1347
1348
1349 ADBG_CASE_DEFINE(pkcs11, 1005, xtest_pkcs11_test_1005,
1350 "PKCS11: Check ciphering with valid and invalid keys #1");
1351
xtest_pkcs11_test_1006(ADBG_Case_t * c)1352 static void xtest_pkcs11_test_1006(ADBG_Case_t *c)
1353 {
1354 CK_RV rv = CKR_GENERAL_ERROR;
1355 CK_SLOT_ID slot = 0;
1356 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1357 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1358
1359 rv = init_lib_and_find_token_slot(&slot);
1360 if (!ADBG_EXPECT_CK_OK(c, rv))
1361 return;
1362
1363 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1364 if (!ADBG_EXPECT_CK_OK(c, rv))
1365 goto out;
1366
1367 /* Encrypt only AES CTS key */
1368 rv = cipher_init_final(c, session,
1369 cktest_aes_enc_only_cts,
1370 ARRAY_SIZE(cktest_aes_enc_only_cts),
1371 &cktest_aes_cts_mechanism,
1372 TEE_MODE_ENCRYPT,
1373 CKR_OK);
1374 if (!ADBG_EXPECT_CK_OK(c, rv))
1375 goto out;
1376
1377 rv = cipher_init_final(c, session,
1378 cktest_aes_enc_only_cts,
1379 ARRAY_SIZE(cktest_aes_enc_only_cts),
1380 &cktest_aes_cts_mechanism,
1381 TEE_MODE_DECRYPT,
1382 CKR_KEY_FUNCTION_NOT_PERMITTED);
1383 if (!ADBG_EXPECT_CK_OK(c, rv))
1384 goto out;
1385
1386 /* Decrypt only AES CTR key */
1387 rv = cipher_init_final(c, session,
1388 cktest_aes_dec_only_ctr,
1389 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1390 &cktest_aes_ctr_mechanism,
1391 TEE_MODE_ENCRYPT,
1392 CKR_KEY_FUNCTION_NOT_PERMITTED);
1393 if (!ADBG_EXPECT_CK_OK(c, rv))
1394 goto out;
1395
1396 rv = cipher_init_final(c, session,
1397 cktest_aes_dec_only_ctr,
1398 ARRAY_SIZE(cktest_aes_dec_only_ctr),
1399 &cktest_aes_ctr_mechanism,
1400 TEE_MODE_ENCRYPT,
1401 CKR_KEY_FUNCTION_NOT_PERMITTED);
1402 if (!ADBG_EXPECT_CK_OK(c, rv))
1403 goto out;
1404
1405 out:
1406 rv = C_CloseSession(session);
1407 ADBG_EXPECT_CK_OK(c, rv);
1408
1409 rv = close_lib();
1410 ADBG_EXPECT_CK_OK(c, rv);
1411 }
1412 ADBG_CASE_DEFINE(pkcs11, 1006, xtest_pkcs11_test_1006,
1413 "PKCS11: Check ciphering with valid and invalid keys #2");
1414
open_cipher_session(ADBG_Case_t * c,CK_SLOT_ID slot,CK_SESSION_HANDLE_PTR session,CK_ATTRIBUTE_PTR attr_key,CK_ULONG attr_count,CK_MECHANISM_PTR mechanism,uint32_t mode)1415 static CK_RV open_cipher_session(ADBG_Case_t *c,
1416 CK_SLOT_ID slot, CK_SESSION_HANDLE_PTR session,
1417 CK_ATTRIBUTE_PTR attr_key, CK_ULONG attr_count,
1418 CK_MECHANISM_PTR mechanism, uint32_t mode)
1419 {
1420 CK_RV rv = CKR_GENERAL_ERROR;
1421 CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
1422 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1423
1424 switch (mode) {
1425 case TEE_MODE_ENCRYPT:
1426 case TEE_MODE_DECRYPT:
1427 break;
1428 default:
1429 ADBG_EXPECT_TRUE(c, false);
1430 return CKR_GENERAL_ERROR;
1431 }
1432
1433 rv = C_OpenSession(slot, session_flags, NULL, 0, session);
1434 if (rv == CKR_DEVICE_MEMORY)
1435 return rv;
1436 if (!ADBG_EXPECT_CK_OK(c, rv))
1437 return rv;
1438
1439 rv = C_CreateObject(*session, attr_key, attr_count, &object);
1440 if (rv == CKR_DEVICE_MEMORY)
1441 return rv;
1442 if (!ADBG_EXPECT_CK_OK(c, rv))
1443 return rv;
1444
1445 if (mode == TEE_MODE_ENCRYPT)
1446 rv = C_EncryptInit(*session, mechanism, object);
1447 if (mode == TEE_MODE_DECRYPT)
1448 rv = C_DecryptInit(*session, mechanism, object);
1449
1450 if (rv == CKR_DEVICE_MEMORY)
1451 return rv;
1452 if (!ADBG_EXPECT_CK_OK(c, rv))
1453 return CKR_GENERAL_ERROR;
1454
1455 return rv;
1456 }
1457
xtest_pkcs11_test_1007(ADBG_Case_t * c)1458 static void xtest_pkcs11_test_1007(ADBG_Case_t *c)
1459 {
1460 CK_RV rv = CKR_GENERAL_ERROR;
1461 CK_SLOT_ID slot = 0;
1462 CK_SESSION_HANDLE sessions[128];
1463 size_t n = 0;
1464
1465 for (n = 0; n < ARRAY_SIZE(sessions); n++)
1466 sessions[n] = CK_INVALID_HANDLE;
1467
1468 rv = init_lib_and_find_token_slot(&slot);
1469 if (!ADBG_EXPECT_CK_OK(c, rv))
1470 return;
1471
1472 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1473
1474 rv = open_cipher_session(c, slot, &sessions[n],
1475 cktest_allowed_valid[0].attr_key,
1476 cktest_allowed_valid[0].attr_count,
1477 cktest_allowed_valid[0].mechanism,
1478 TEE_MODE_ENCRYPT);
1479
1480 /* Failure due to memory allocation is not a error case */
1481 if (rv == CKR_DEVICE_MEMORY)
1482 break;
1483
1484 if (!ADBG_EXPECT_CK_OK(c, rv))
1485 goto out;
1486 }
1487
1488 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, >, 0))
1489 goto out;
1490
1491 Do_ADBG_Log(" created sessions count: %zu", n);
1492
1493 /* Closing session with out bound and invalid IDs (or negative ID) */
1494 rv = C_CloseSession(sessions[n - 1] + 1024);
1495 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1496 rv = C_CloseSession(CK_INVALID_HANDLE);
1497 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1498 rv = C_CloseSession(~0);
1499 ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
1500
1501 /* Closing each session: all related resources shall be free */
1502 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1503 if (sessions[n] == CK_INVALID_HANDLE)
1504 continue;
1505
1506 rv = C_CloseSession(sessions[n]);
1507 ADBG_EXPECT_CK_OK(c, rv);
1508 sessions[n] = CK_INVALID_HANDLE;
1509 }
1510
1511 /* Open and close another session */
1512 rv = open_cipher_session(c, slot, &sessions[0],
1513 cktest_allowed_valid[0].attr_key,
1514 cktest_allowed_valid[0].attr_count,
1515 cktest_allowed_valid[0].mechanism,
1516 TEE_MODE_ENCRYPT);
1517
1518 if (!ADBG_EXPECT_CK_OK(c, rv))
1519 goto out;
1520
1521 rv = C_CloseSession(sessions[0]);
1522 ADBG_EXPECT_CK_OK(c, rv);
1523 sessions[0] = CK_INVALID_HANDLE;
1524
1525 out:
1526 for (n = 0; n < ARRAY_SIZE(sessions); n++) {
1527 if (sessions[n] == CK_INVALID_HANDLE)
1528 continue;
1529
1530 rv = C_CloseSession(sessions[n]);
1531 ADBG_EXPECT_CK_OK(c, rv);
1532 }
1533
1534 rv = close_lib();
1535 ADBG_EXPECT_CK_OK(c, rv);
1536 }
1537 ADBG_CASE_DEFINE(pkcs11, 1007, xtest_pkcs11_test_1007,
1538 "PKCS11: Check operations release at session closure");
1539
1540 #define CK_MAC_KEY_HMAC(_type, _key_array) \
1541 { \
1542 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, \
1543 sizeof(CK_BBOOL) }, \
1544 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, \
1545 sizeof(CK_BBOOL) }, \
1546 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY}, \
1547 sizeof(CK_OBJECT_CLASS) }, \
1548 { CKA_KEY_TYPE, &(CK_KEY_TYPE){_type}, \
1549 sizeof(CK_KEY_TYPE) }, \
1550 { CKA_VALUE, (void *)(_key_array), \
1551 sizeof(_key_array) } \
1552 }
1553
1554 static CK_ATTRIBUTE cktest_hmac_md5_key[] =
1555 CK_MAC_KEY_HMAC(CKK_MD5_HMAC, mac_data_md5_key1);
1556
1557 static CK_ATTRIBUTE cktest_hmac_sha1_key[] =
1558 CK_MAC_KEY_HMAC(CKK_SHA_1_HMAC, mac_data_sha1_key1);
1559
1560 static CK_ATTRIBUTE cktest_hmac_sha224_key[] =
1561 CK_MAC_KEY_HMAC(CKK_SHA224_HMAC, mac_data_sha224_key1);
1562
1563 static CK_ATTRIBUTE cktest_hmac_sha256_key1[] =
1564 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key1);
1565
1566 static CK_ATTRIBUTE cktest_hmac_sha256_key2[] =
1567 CK_MAC_KEY_HMAC(CKK_SHA256_HMAC, mac_data_sha256_key2);
1568
1569 static CK_ATTRIBUTE cktest_hmac_sha384_key[] =
1570 CK_MAC_KEY_HMAC(CKK_SHA384_HMAC, mac_data_sha384_key1);
1571
1572 static CK_ATTRIBUTE cktest_hmac_sha512_key[] =
1573 CK_MAC_KEY_HMAC(CKK_SHA512_HMAC, mac_data_sha512_key1);
1574
1575 struct mac_test {
1576 CK_ATTRIBUTE_PTR attr_key;
1577 CK_ULONG attr_count;
1578 CK_MECHANISM_PTR mechanism;
1579 size_t in_incr;
1580 const uint8_t *in;
1581 size_t in_len;
1582 const uint8_t *out;
1583 size_t out_len;
1584 bool multiple_incr;
1585 };
1586
1587 #define CKTEST_MAC_TEST(key, mecha, input_incr, input, output, incr) { \
1588 .attr_key = key, \
1589 .attr_count = ARRAY_SIZE(key), \
1590 .mechanism = mecha, \
1591 .in_incr = input_incr, \
1592 .in = input, \
1593 .in_len = ARRAY_SIZE(input), \
1594 .out = output, \
1595 .out_len = ARRAY_SIZE(output), \
1596 .multiple_incr = incr \
1597 }
1598
1599 static const struct mac_test cktest_mac_cases[] = {
1600 CKTEST_MAC_TEST(cktest_hmac_md5_key, &cktest_hmac_md5_mechanism,
1601 4, mac_data_md5_in1, mac_data_md5_out1, false),
1602 CKTEST_MAC_TEST(cktest_hmac_sha1_key, &cktest_hmac_sha1_mechanism,
1603 5, mac_data_sha1_in1, mac_data_sha1_out1, false),
1604 CKTEST_MAC_TEST(cktest_hmac_sha224_key, &cktest_hmac_sha224_mechanism,
1605 8, mac_data_sha224_in1, mac_data_sha224_out1, false),
1606 CKTEST_MAC_TEST(cktest_hmac_sha256_key1, &cktest_hmac_sha256_mechanism,
1607 1, mac_data_sha256_in1, mac_data_sha256_out1, false),
1608 CKTEST_MAC_TEST(cktest_hmac_sha256_key2, &cktest_hmac_sha256_mechanism,
1609 7, mac_data_sha256_in2, mac_data_sha256_out2, false),
1610 CKTEST_MAC_TEST(cktest_hmac_sha384_key, &cktest_hmac_sha384_mechanism,
1611 11, mac_data_sha384_in1, mac_data_sha384_out1, false),
1612 CKTEST_MAC_TEST(cktest_hmac_sha512_key, &cktest_hmac_sha512_mechanism,
1613 13, mac_data_sha512_in1, mac_data_sha512_out1, false),
1614 };
1615
xtest_pkcs11_test_1008(ADBG_Case_t * c)1616 static void xtest_pkcs11_test_1008(ADBG_Case_t *c)
1617 {
1618 CK_RV rv = CKR_GENERAL_ERROR;
1619 CK_SLOT_ID slot = 0;
1620 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1621 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1622 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1623 uint8_t out[512] = { 0 };
1624 CK_ULONG out_size = 0;
1625 struct mac_test const *test = NULL;
1626 size_t n = 0;
1627
1628 rv = init_lib_and_find_token_slot(&slot);
1629 if (!ADBG_EXPECT_CK_OK(c, rv))
1630 return;
1631
1632 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1633 if (!ADBG_EXPECT_CK_OK(c, rv))
1634 goto err_close_lib;
1635
1636 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1637
1638 test = &cktest_mac_cases[n];
1639 Do_ADBG_BeginSubCase(c, "Sign case %zu algo (%s)", n,
1640 ckm2str(test->mechanism->mechanism));
1641
1642 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1643 &key_handle);
1644 if (!ADBG_EXPECT_CK_OK(c, rv))
1645 goto err;
1646
1647 /* Test signature in 1 step */
1648 if (test->in != NULL) {
1649 rv = C_SignInit(session, test->mechanism, key_handle);
1650 if (!ADBG_EXPECT_CK_OK(c, rv))
1651 goto err_destr_obj;
1652
1653 /* Pass input buffer of size 0 */
1654 rv = C_SignUpdate(session,
1655 (void *)test->in, 0);
1656 if (!ADBG_EXPECT_CK_OK(c, rv))
1657 goto err_destr_obj;
1658
1659 rv = C_SignUpdate(session,
1660 (void *)test->in, test->in_len);
1661 if (!ADBG_EXPECT_CK_OK(c, rv))
1662 goto err_destr_obj;
1663
1664 /* Test too short buffer case */
1665 out_size = 1;
1666 rv = C_SignFinal(session, out, &out_size);
1667 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1668 goto err_destr_obj;
1669
1670 /*
1671 * Test NULL buffer case with size as 0
1672 * to get the out_size
1673 */
1674 out_size = 0;
1675 rv = C_SignFinal(session, NULL, &out_size);
1676 if (!ADBG_EXPECT_CK_OK(c, rv))
1677 goto err_destr_obj;
1678
1679 /* Get to full output */
1680 memset(out, 0, out_size);
1681 rv = C_SignFinal(session, out, &out_size);
1682 if (!ADBG_EXPECT_CK_OK(c, rv))
1683 goto err_destr_obj;
1684
1685 (void)ADBG_EXPECT_BUFFER(c, test->out,
1686 test->out_len,
1687 out, out_size);
1688 }
1689
1690 /* Test 2 step update signature */
1691 rv = C_SignInit(session, test->mechanism, key_handle);
1692 if (!ADBG_EXPECT_CK_OK(c, rv))
1693 goto err_destr_obj;
1694
1695 if (test->in != NULL) {
1696 rv = C_SignUpdate(session,
1697 (void *)test->in, test->in_incr);
1698 if (!ADBG_EXPECT_CK_OK(c, rv))
1699 goto err_destr_obj;
1700
1701 rv = C_SignUpdate(session,
1702 (void *)(test->in + test->in_incr),
1703 test->in_len - test->in_incr);
1704 if (!ADBG_EXPECT_CK_OK(c, rv))
1705 goto err_destr_obj;
1706 }
1707
1708 out_size = sizeof(out);
1709 memset(out, 0, sizeof(out));
1710
1711 rv = C_SignFinal(session, out, &out_size);
1712 if (!ADBG_EXPECT_CK_OK(c, rv))
1713 goto err_destr_obj;
1714
1715 (void)ADBG_EXPECT_BUFFER(c, test->out,
1716 test->out_len, out, out_size);
1717
1718 /* Test 3 signature in one shot */
1719 if (test->in != NULL) {
1720 rv = C_SignInit(session, test->mechanism, key_handle);
1721 if (!ADBG_EXPECT_CK_OK(c, rv))
1722 goto err_destr_obj;
1723
1724 /* Test too short buffer case */
1725 out_size = 1;
1726 rv = C_Sign(session,(void *)test->in, test->in_len,
1727 out, &out_size);
1728 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
1729 goto err_destr_obj;
1730
1731 /*
1732 * Test NULL buffer case with size as 0
1733 * to get the out_size
1734 */
1735 out_size = 0;
1736 rv = C_Sign(session, (void *)test->in, test->in_len,
1737 NULL, &out_size);
1738 if (!ADBG_EXPECT_CK_OK(c, rv))
1739 goto err_destr_obj;
1740
1741 /* Get to full output */
1742 memset(out, 0, out_size);
1743 rv = C_Sign(session,(void *)test->in, test->in_len,
1744 out, &out_size);
1745 if (!ADBG_EXPECT_CK_OK(c, rv))
1746 goto err_destr_obj;
1747
1748 (void)ADBG_EXPECT_BUFFER(c, test->out,
1749 test->out_len,
1750 out, out_size);
1751 }
1752
1753 rv = C_DestroyObject(session, key_handle);
1754 if (!ADBG_EXPECT_CK_OK(c, rv))
1755 goto err;
1756
1757 Do_ADBG_EndSubCase(c, NULL);
1758 }
1759 goto out;
1760
1761 err_destr_obj:
1762 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1763 err:
1764 Do_ADBG_EndSubCase(c, NULL);
1765 out:
1766 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1767 err_close_lib:
1768 ADBG_EXPECT_CK_OK(c, close_lib());
1769 }
1770 ADBG_CASE_DEFINE(pkcs11, 1008, xtest_pkcs11_test_1008,
1771 "PKCS11: Check Compliance of C_Sign - HMAC algorithms");
1772
xtest_pkcs11_test_1009(ADBG_Case_t * c)1773 static void xtest_pkcs11_test_1009(ADBG_Case_t *c)
1774 {
1775 CK_RV rv = CKR_GENERAL_ERROR;
1776 CK_SLOT_ID slot = 0;
1777 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1778 CK_FLAGS session_flags = CKF_SERIAL_SESSION;
1779 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
1780 struct mac_test const *test = NULL;
1781 size_t n = 0;
1782
1783 rv = init_lib_and_find_token_slot(&slot);
1784 if (!ADBG_EXPECT_CK_OK(c, rv))
1785 return;
1786
1787 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
1788 if (!ADBG_EXPECT_CK_OK(c, rv))
1789 goto err_close_lib;
1790
1791 for (n = 0; n < ARRAY_SIZE(cktest_mac_cases); n++) {
1792
1793 test = &cktest_mac_cases[n];
1794 Do_ADBG_BeginSubCase(c, "Verify case %zu algo (%s)", n,
1795 ckm2str(test->mechanism->mechanism));
1796
1797 rv = C_CreateObject(session, test->attr_key, test->attr_count,
1798 &key_handle);
1799 if (!ADBG_EXPECT_CK_OK(c, rv))
1800 goto err;
1801
1802 /* Test Verification in 1 step */
1803 if (test->in != NULL) {
1804 rv = C_VerifyInit(session, test->mechanism, key_handle);
1805 if (!ADBG_EXPECT_CK_OK(c, rv))
1806 goto err_destr_obj;
1807
1808 /* Pass input buffer with size 0 - No affect */
1809 rv = C_VerifyUpdate(session, (void *)test->in, 0);
1810 if (!ADBG_EXPECT_CK_OK(c, rv))
1811 goto err_destr_obj;
1812
1813 rv = C_VerifyUpdate(session, (void *)test->in,
1814 test->in_len);
1815 if (!ADBG_EXPECT_CK_OK(c, rv))
1816 goto err_destr_obj;
1817
1818 rv = C_VerifyFinal(session,
1819 (void *)test->out, test->out_len);
1820 if (!ADBG_EXPECT_CK_OK(c, rv))
1821 goto err_destr_obj;
1822
1823 }
1824
1825 /* Test 2 step update verification*/
1826 rv = C_VerifyInit(session, test->mechanism, key_handle);
1827 if (!ADBG_EXPECT_CK_OK(c, rv))
1828 goto err_destr_obj;
1829
1830 if (test->in != NULL) {
1831 rv = C_VerifyUpdate(session,
1832 (void *)test->in, test->in_incr);
1833 if (!ADBG_EXPECT_CK_OK(c, rv))
1834 goto err_destr_obj;
1835
1836 rv = C_VerifyUpdate(session,
1837 (void *)(test->in + test->in_incr),
1838 test->in_len - test->in_incr);
1839 if (!ADBG_EXPECT_CK_OK(c, rv))
1840 goto err_destr_obj;
1841 }
1842
1843 rv = C_VerifyFinal(session, (void *)test->out, test->out_len);
1844 if (!ADBG_EXPECT_CK_OK(c, rv))
1845 goto err_destr_obj;
1846
1847 /* Error as Operation has already completed */
1848 rv = C_Verify(session,
1849 (void *)test->in, test->in_len,
1850 (void *)test->out, test->out_len);
1851 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED,
1852 rv))
1853 goto err_destr_obj;
1854
1855 /* Test 3 verification in one shot */
1856 if (test->in != NULL) {
1857 rv = C_VerifyInit(session, test->mechanism, key_handle);
1858 if (!ADBG_EXPECT_CK_OK(c, rv))
1859 goto err_destr_obj;
1860
1861 rv = C_Verify(session,
1862 (void *)test->in, test->in_len,
1863 (void *)test->out, test->out_len);
1864 if (!ADBG_EXPECT_CK_OK(c, rv))
1865 goto err_destr_obj;
1866
1867 /* Try calling Verify again */
1868 rv = C_Verify(session,
1869 (void *)test->in, test->in_len,
1870 (void *)test->out, test->out_len);
1871 if (!ADBG_EXPECT_CK_RESULT(c,
1872 CKR_OPERATION_NOT_INITIALIZED,
1873 rv))
1874 goto err_destr_obj;
1875 }
1876
1877 /*
1878 * Test 4 verification
1879 * Error - Signature Length Range with C_VerifyFinal
1880 */
1881 if (test->in != NULL) {
1882 rv = C_VerifyInit(session, test->mechanism, key_handle);
1883 if (!ADBG_EXPECT_CK_OK(c, rv))
1884 goto err_destr_obj;
1885
1886 rv = C_VerifyUpdate(session, (void *)test->in,
1887 test->in_len);
1888 if (!ADBG_EXPECT_CK_OK(c, rv))
1889 goto err_destr_obj;
1890
1891 rv = C_VerifyFinal(session, (void *)test->out, 3);
1892 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1893 rv))
1894 goto err_destr_obj;
1895 }
1896
1897 /*
1898 * Test 5 verification
1899 * Error - Signature Length Range with C_Verify
1900 */
1901 if (test->in != NULL) {
1902 rv = C_VerifyInit(session, test->mechanism, key_handle);
1903 if (!ADBG_EXPECT_CK_OK(c, rv))
1904 goto err_destr_obj;
1905
1906 rv = C_Verify(session,
1907 (void *)test->in, test->in_len,
1908 (void *)test->out, 0);
1909 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SIGNATURE_LEN_RANGE,
1910 rv))
1911 goto err_destr_obj;
1912 }
1913
1914 /* Test 6 verification - Invalid Operation sequence */
1915 if (test->in != NULL) {
1916 rv = C_VerifyInit(session, test->mechanism, key_handle);
1917 if (!ADBG_EXPECT_CK_OK(c, rv))
1918 goto err_destr_obj;
1919
1920 rv = C_Verify(session,
1921 (void *)test->in, test->in_len,
1922 (void *)test->out, test->out_len);
1923 if (!ADBG_EXPECT_CK_OK(c, rv))
1924 goto err_destr_obj;
1925
1926 /* Init session has already terminated with C_Verify */
1927 rv = C_VerifyUpdate(session, (void *)test->in,
1928 test->in_len);
1929 if (!ADBG_EXPECT_CK_RESULT(c,
1930 CKR_OPERATION_NOT_INITIALIZED,
1931 rv))
1932 goto err_destr_obj;
1933 }
1934
1935 rv = C_DestroyObject(session, key_handle);
1936 if (!ADBG_EXPECT_CK_OK(c, rv))
1937 goto err;
1938
1939 Do_ADBG_EndSubCase(c, NULL);
1940 }
1941 goto out;
1942
1943 err_destr_obj:
1944 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
1945 err:
1946 Do_ADBG_EndSubCase(c, NULL);
1947 out:
1948 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
1949 err_close_lib:
1950 ADBG_EXPECT_CK_OK(c, close_lib());
1951 }
1952 ADBG_CASE_DEFINE(pkcs11, 1009, xtest_pkcs11_test_1009,
1953 "PKCS11: Check Compliance of C_Verify - HMAC Algorithms");
1954
1955 /* Bad key type */
1956 static CK_ATTRIBUTE cktest_generate_gensecret_object_error1[] = {
1957 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1958 sizeof(CK_OBJECT_CLASS) },
1959 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
1960 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
1961 };
1962
1963 /* Missing VALUE_LEN */
1964 static CK_ATTRIBUTE cktest_generate_gensecret_object_error2[] = {
1965 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1966 sizeof(CK_OBJECT_CLASS) },
1967 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1968 sizeof(CK_KEY_TYPE) },
1969 };
1970
1971 /* Bad object class */
1972 static CK_ATTRIBUTE cktest_generate_gensecret_object_error3[] = {
1973 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA}, sizeof(CK_OBJECT_CLASS) },
1974 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1975 sizeof(CK_KEY_TYPE) },
1976 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
1977 };
1978
1979 /* Invalid template with CKA_LOCAL */
1980 static CK_ATTRIBUTE cktest_generate_gensecret_object_error4[] = {
1981 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
1982 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1983 };
1984
1985 /* Valid template to generate a generic secret */
1986 static CK_ATTRIBUTE cktest_generate_gensecret_object_valid1[] = {
1987 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
1988 sizeof(CK_OBJECT_CLASS) },
1989 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
1990 sizeof(CK_KEY_TYPE) },
1991 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1992 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
1993 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
1994 };
1995
1996 /* Valid template to generate a generic secret with only VALUE_LEN */
1997 static CK_ATTRIBUTE cktest_generate_gensecret_object_valid2[] = {
1998 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
1999 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2000 };
2001
2002
2003 /* Valid template to generate an all AES purpose key */
2004 static CK_ATTRIBUTE cktest_generate_aes_object[] = {
2005 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
2006 sizeof(CK_OBJECT_CLASS) },
2007 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
2008 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2009 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2010 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
2011 };
2012
xtest_pkcs11_test_1010(ADBG_Case_t * c)2013 static void xtest_pkcs11_test_1010(ADBG_Case_t *c)
2014 {
2015 CK_RV rv = CKR_GENERAL_ERROR;
2016 CK_SLOT_ID slot = 0;
2017 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2018 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2019 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
2020 struct mac_test const *test = &cktest_mac_cases[0];
2021 uint8_t out[512] = { 0 };
2022 CK_ULONG out_len = 512;
2023
2024 rv = init_lib_and_find_token_slot(&slot);
2025 if (!ADBG_EXPECT_CK_OK(c, rv))
2026 return;
2027
2028 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2029 if (!ADBG_EXPECT_CK_OK(c, rv))
2030 goto close_lib;
2031
2032 /*
2033 * Generate Generic Secret key using invalid templates
2034 */
2035 Do_ADBG_BeginSubCase(c, "Generate Secret Key with Invalid Templates");
2036
2037 /* NULL Template with !null template length */
2038 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism, NULL,
2039 3, &key_handle);
2040 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
2041 goto err;
2042
2043 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2044 cktest_generate_gensecret_object_error1,
2045 ARRAY_SIZE(cktest_generate_gensecret_object_error1),
2046 &key_handle);
2047 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2048 goto err;
2049
2050 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2051 cktest_generate_gensecret_object_error2,
2052 ARRAY_SIZE(cktest_generate_gensecret_object_error2),
2053 &key_handle);
2054 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCOMPLETE, rv))
2055 goto err;
2056
2057 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2058 cktest_generate_gensecret_object_error3,
2059 ARRAY_SIZE(cktest_generate_gensecret_object_error3),
2060 &key_handle);
2061 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2062 goto err;
2063
2064 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2065 cktest_generate_gensecret_object_error4,
2066 ARRAY_SIZE(cktest_generate_gensecret_object_error4),
2067 &key_handle);
2068 if (!ADBG_EXPECT_CK_RESULT(c, CKR_TEMPLATE_INCONSISTENT, rv))
2069 goto err;
2070
2071 Do_ADBG_EndSubCase(c, NULL);
2072
2073 /*
2074 * Generate a Generic Secret object.
2075 * Try to encrypt with, it should fail...
2076 */
2077 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Encrypting");
2078
2079 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2080 cktest_generate_gensecret_object_valid1,
2081 ARRAY_SIZE(cktest_generate_gensecret_object_valid1),
2082 &key_handle);
2083 if (!ADBG_EXPECT_CK_OK(c, rv))
2084 goto err;
2085
2086 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2087 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_FUNCTION_NOT_PERMITTED, rv))
2088 goto err_destr_obj;
2089
2090 rv = C_DestroyObject(session, key_handle);
2091 if (!ADBG_EXPECT_CK_OK(c, rv))
2092 goto err;
2093
2094 Do_ADBG_EndSubCase(c, NULL);
2095
2096 /*
2097 * Generate a Generic Secret object.
2098 * Try to sign with it, it should pass...
2099 */
2100 Do_ADBG_BeginSubCase(c, "Generate Generic Secret Key - Try Signing");
2101 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2102 cktest_generate_gensecret_object_valid2,
2103 ARRAY_SIZE(cktest_generate_gensecret_object_valid2),
2104 &key_handle);
2105 if (!ADBG_EXPECT_CK_OK(c, rv))
2106 goto err;
2107
2108 rv = C_SignInit(session, test->mechanism, key_handle);
2109 if (!ADBG_EXPECT_CK_OK(c, rv))
2110 goto err_destr_obj;
2111
2112 rv = C_Sign(session, (void *)test->in, test->in_len,
2113 (void *)out, &out_len);
2114 if (!ADBG_EXPECT_CK_OK(c, rv))
2115 goto err_destr_obj;
2116
2117 rv = C_DestroyObject(session, key_handle);
2118 if (!ADBG_EXPECT_CK_OK(c, rv))
2119 goto err;
2120
2121 Do_ADBG_EndSubCase(c, NULL);
2122
2123 /*
2124 * Generate a 128 bit AES Secret Key.
2125 * Try to encrypt with, it should pass...
2126 */
2127 Do_ADBG_BeginSubCase(c, "Generate AES Key - Try Encrypting");
2128
2129 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
2130 cktest_generate_aes_object,
2131 ARRAY_SIZE(cktest_generate_aes_object),
2132 &key_handle);
2133 if (!ADBG_EXPECT_CK_OK(c, rv))
2134 goto err;
2135
2136 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, key_handle);
2137 if (!ADBG_EXPECT_CK_OK(c, rv))
2138 goto err_destr_obj;
2139
2140 rv = C_EncryptFinal(session, NULL, NULL);
2141 /* Only check that the operation is no more active */
2142 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
2143 goto err;
2144
2145 rv = C_DestroyObject(session, key_handle);
2146 if (!ADBG_EXPECT_CK_OK(c, rv))
2147 goto err;
2148
2149 Do_ADBG_EndSubCase(c, NULL);
2150
2151 goto out;
2152
2153 err_destr_obj:
2154 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
2155 err:
2156 Do_ADBG_EndSubCase(c, NULL);
2157 out:
2158 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2159 close_lib:
2160 ADBG_EXPECT_CK_OK(c, close_lib());
2161 }
2162 ADBG_CASE_DEFINE(pkcs11, 1010, xtest_pkcs11_test_1010,
2163 "PKCS11: Key Generation");
2164
create_data_object(CK_SESSION_HANDLE session,CK_OBJECT_HANDLE * obj_handle,CK_BBOOL token,CK_BBOOL private,const char * label)2165 static CK_RV create_data_object(CK_SESSION_HANDLE session,
2166 CK_OBJECT_HANDLE *obj_handle,
2167 CK_BBOOL token, CK_BBOOL private,
2168 const char *label)
2169 {
2170 CK_OBJECT_CLASS class = CKO_DATA;
2171 CK_ATTRIBUTE object_template[] = {
2172 { CKA_CLASS, &class, sizeof(CK_OBJECT_CLASS) },
2173 { CKA_TOKEN, &token, sizeof(CK_BBOOL) },
2174 { CKA_PRIVATE, &private, sizeof(CK_BBOOL) },
2175 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2176 };
2177
2178 return C_CreateObject(session, object_template,
2179 ARRAY_SIZE(object_template), obj_handle);
2180 }
2181
test_find_objects(ADBG_Case_t * c,CK_SESSION_HANDLE session,CK_ATTRIBUTE_PTR find_template,CK_ULONG attr_count,CK_OBJECT_HANDLE_PTR obj_found,CK_ULONG obj_count,CK_ULONG expected_cnt)2182 static CK_RV test_find_objects(ADBG_Case_t *c, CK_SESSION_HANDLE session,
2183 CK_ATTRIBUTE_PTR find_template,
2184 CK_ULONG attr_count,
2185 CK_OBJECT_HANDLE_PTR obj_found,
2186 CK_ULONG obj_count,
2187 CK_ULONG expected_cnt)
2188 {
2189 CK_RV rv = CKR_GENERAL_ERROR;
2190 CK_ULONG hdl_count = 0;
2191
2192 rv = C_FindObjectsInit(session, find_template, attr_count);
2193 if (!ADBG_EXPECT_CK_OK(c, rv))
2194 return rv;
2195
2196 rv = C_FindObjects(session, obj_found, obj_count, &hdl_count);
2197 if (!ADBG_EXPECT_CK_OK(c, rv))
2198 return rv;
2199 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, expected_cnt))
2200 return CKR_GENERAL_ERROR;
2201
2202 rv = C_FindObjectsFinal(session);
2203 if (!ADBG_EXPECT_CK_OK(c, rv))
2204 return rv;
2205
2206 return rv;
2207 }
2208
destroy_persistent_objects(ADBG_Case_t * c,CK_SLOT_ID slot)2209 static void destroy_persistent_objects(ADBG_Case_t *c, CK_SLOT_ID slot)
2210 {
2211 uint32_t rv = CKR_GENERAL_ERROR;
2212 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2213 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2214 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2215 CK_ULONG count = 1;
2216 CK_ATTRIBUTE cktest_find_all_token_objs[] = {
2217 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2218 };
2219
2220 rv = init_user_test_token(slot);
2221 if (!ADBG_EXPECT_CK_OK(c, rv))
2222 return;
2223
2224 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2225 if (!ADBG_EXPECT_CK_OK(c, rv))
2226 return;
2227
2228 /* Login to destroy private objects */
2229 rv = C_Login(session, CKU_USER, test_token_user_pin,
2230 sizeof(test_token_user_pin));
2231 if (!ADBG_EXPECT_CK_OK(c, rv))
2232 goto bail;
2233
2234 rv = C_FindObjectsInit(session, cktest_find_all_token_objs,
2235 ARRAY_SIZE(cktest_find_all_token_objs));
2236 if (!ADBG_EXPECT_CK_OK(c, rv))
2237 goto bail;
2238
2239 while (1) {
2240 rv = C_FindObjects(session, &obj_hdl, 1, &count);
2241 if (!ADBG_EXPECT_CK_OK(c, rv))
2242 goto bail;
2243 if (!count)
2244 break;
2245
2246 rv = C_DestroyObject(session, obj_hdl);
2247 ADBG_EXPECT_CK_OK(c, rv);
2248 }
2249
2250 rv = C_FindObjectsFinal(session);
2251 ADBG_EXPECT_CK_OK(c, rv);
2252
2253 rv = C_Logout(session);
2254 ADBG_EXPECT_CK_OK(c, rv);
2255
2256 bail:
2257 rv = C_CloseSession(session);
2258 ADBG_EXPECT_CK_OK(c, rv);
2259 }
2260
xtest_pkcs11_test_1011(ADBG_Case_t * c)2261 static void xtest_pkcs11_test_1011(ADBG_Case_t *c)
2262 {
2263 CK_RV rv = CKR_GENERAL_ERROR;
2264 CK_SLOT_ID slot = 0;
2265 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2266 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2267 CK_OBJECT_HANDLE obj_hdl[10] = { };
2268 CK_OBJECT_HANDLE obj_found[10] = { };
2269 const char *label = "Common Label";
2270 CK_ULONG hdl_count = 0;
2271 size_t n = 0;
2272 uint32_t i = 0;
2273 uint32_t object_id = 0;
2274 bool logged_in = false;
2275 CK_ATTRIBUTE find_template[] = {
2276 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2277 };
2278 CK_ATTRIBUTE find_token_template[] = {
2279 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2280 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
2281 };
2282 CK_ATTRIBUTE find_session_template[] = {
2283 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
2284 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
2285 };
2286 CK_BBOOL bToken = CK_FALSE;
2287 CK_ATTRIBUTE get_attr_template[] = {
2288 { CKA_TOKEN, &bToken, sizeof(bToken) },
2289 };
2290
2291 for (n = 0; n < ARRAY_SIZE(obj_hdl); n++)
2292 obj_hdl[n] = CK_INVALID_HANDLE;
2293 for (n = 0; n < ARRAY_SIZE(obj_found); n++)
2294 obj_found[n] = CK_INVALID_HANDLE;
2295
2296 rv = init_lib_and_find_token_slot(&slot);
2297 if (!ADBG_EXPECT_CK_OK(c, rv))
2298 return;
2299
2300 rv = init_test_token(slot);
2301 if (!ADBG_EXPECT_CK_OK(c, rv))
2302 return;
2303
2304 rv = init_user_test_token(slot);
2305 if (!ADBG_EXPECT_CK_OK(c, rv))
2306 return;
2307
2308 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2309 if (!ADBG_EXPECT_CK_OK(c, rv))
2310 goto close_lib;
2311
2312 /*
2313 * Sub test: Create Session Public/Private,
2314 * Token Public/Private objects and find them
2315 */
2316 Do_ADBG_BeginSubCase(c, "Find created Data objects when logged in");
2317
2318 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2319 rv = create_data_object(session, &obj_hdl[object_id++], CK_FALSE,
2320 CK_FALSE, label);
2321 if (!ADBG_EXPECT_CK_OK(c, rv))
2322 goto out;
2323
2324 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2325 rv = create_data_object(session, &obj_hdl[object_id++], CK_TRUE,
2326 CK_FALSE, label);
2327 if (!ADBG_EXPECT_CK_OK(c, rv))
2328 goto out;
2329
2330 /*
2331 * Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE
2332 * Expected error as User not logged in
2333 */
2334 rv = create_data_object(session, &obj_hdl[object_id], CK_TRUE,
2335 CK_TRUE, label);
2336 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2337 goto out;
2338
2339 /* Login to Test Token */
2340 rv = C_Login(session, CKU_USER, test_token_user_pin,
2341 sizeof(test_token_user_pin));
2342 if (!ADBG_EXPECT_CK_OK(c, rv))
2343 goto out;
2344
2345 logged_in = true;
2346
2347 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
2348 rv = create_data_object(session, &obj_hdl[object_id++], CK_TRUE,
2349 CK_TRUE, label);
2350 if (!ADBG_EXPECT_CK_OK(c, rv))
2351 goto out;
2352
2353 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2354 rv = create_data_object(session, &obj_hdl[object_id++], CK_FALSE,
2355 CK_TRUE, label);
2356 if (!ADBG_EXPECT_CK_OK(c, rv))
2357 goto out;
2358
2359 rv = test_find_objects(c, session, find_template,
2360 ARRAY_SIZE(find_template),
2361 obj_found, ARRAY_SIZE(obj_found), 4);
2362 if (!ADBG_EXPECT_CK_OK(c, rv))
2363 goto out;
2364
2365 /*
2366 * Check if object handles returned when creating objects with this
2367 * session are still valid
2368 */
2369 for (i = 0; i < object_id; i++) {
2370 rv = C_GetAttributeValue(session, obj_hdl[i], get_attr_template,
2371 ARRAY_SIZE(get_attr_template));
2372 if (!ADBG_EXPECT_CK_OK(c, rv))
2373 goto out;
2374 }
2375
2376 Do_ADBG_EndSubCase(c, NULL);
2377
2378 /*
2379 * Sub test: Pass NULL template with count as 0. All objects should
2380 * get returned
2381 */
2382 Do_ADBG_BeginSubCase(c, "Find all objects by passing NULL template");
2383
2384 rv = test_find_objects(c, session, NULL, 0, obj_found,
2385 ARRAY_SIZE(obj_found), 4);
2386 if (!ADBG_EXPECT_CK_OK(c, rv))
2387 goto out;
2388
2389 Do_ADBG_EndSubCase(c, NULL);
2390
2391 /*
2392 * Sub test: finalize search without getting the handles found
2393 */
2394 Do_ADBG_BeginSubCase(c, "Initiate and finalize straight a search");
2395
2396 rv = C_FindObjectsInit(session, find_template,
2397 ARRAY_SIZE(find_template));
2398 if (!ADBG_EXPECT_CK_OK(c, rv))
2399 goto out;
2400
2401 rv = C_FindObjectsFinal(session);
2402 if (!ADBG_EXPECT_CK_OK(c, rv))
2403 goto out;
2404
2405 /*
2406 * Check if object handles returned when creating objects with this
2407 * session are still valid
2408 */
2409 for (i = 0; i < object_id; i++) {
2410 rv = C_GetAttributeValue(session, obj_hdl[i], get_attr_template,
2411 ARRAY_SIZE(get_attr_template));
2412 if (!ADBG_EXPECT_CK_OK(c, rv))
2413 goto out;
2414 }
2415 Do_ADBG_EndSubCase(c, NULL);
2416
2417 /*
2418 * Sub test: Logout and find objects. We will find only public
2419 * objects (2)
2420 */
2421 Do_ADBG_BeginSubCase(c, "Find created Data objects when logged out");
2422
2423 rv = C_Logout(session);
2424 ADBG_EXPECT_CK_OK(c, rv);
2425
2426 logged_in = false;
2427
2428 rv = test_find_objects(c, session, find_template,
2429 ARRAY_SIZE(find_template),
2430 obj_found, ARRAY_SIZE(obj_found), 2);
2431 if (!ADBG_EXPECT_CK_OK(c, rv))
2432 goto out;
2433
2434 Do_ADBG_EndSubCase(c, NULL);
2435
2436 /*
2437 * Sub test
2438 */
2439 Do_ADBG_BeginSubCase(c, "Find objects 1 by 1 and match handles");
2440
2441 for (n = 0; n < ARRAY_SIZE(obj_found); n++)
2442 obj_found[n] = CK_INVALID_HANDLE;
2443
2444 rv = C_FindObjectsInit(session, find_template,
2445 ARRAY_SIZE(find_template));
2446 if (!ADBG_EXPECT_CK_OK(c, rv))
2447 goto out;
2448
2449 rv = C_FindObjects(session, obj_found, 1, &hdl_count);
2450 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2451 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 1) ||
2452 !ADBG_EXPECT_TRUE(c, (obj_found[0] == obj_hdl[0]) ||
2453 (obj_found[0] == obj_hdl[1])))
2454 goto out;
2455
2456 rv = C_FindObjects(session, &obj_found[1], 1, &hdl_count);
2457 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2458 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 1) ||
2459 !ADBG_EXPECT_TRUE(c, (obj_found[1] == obj_hdl[0]) ||
2460 (obj_found[1] == obj_hdl[1])) ||
2461 !ADBG_EXPECT_TRUE(c, (obj_found[1] != obj_found[0])))
2462 goto out;
2463
2464 rv = C_FindObjects(session, obj_found, 1, &hdl_count);
2465 if (!ADBG_EXPECT_CK_OK(c, rv) ||
2466 !ADBG_EXPECT_COMPARE_UNSIGNED(c, hdl_count, ==, 0))
2467 goto out;
2468
2469 rv = C_FindObjectsFinal(session);
2470 if (!ADBG_EXPECT_CK_OK(c, rv))
2471 goto out;
2472
2473 Do_ADBG_EndSubCase(c, NULL);
2474
2475 /*
2476 * Sub test: Find objects with CKA_TOKEN=TRUE
2477 */
2478 Do_ADBG_BeginSubCase(c, "Find persistent objects");
2479
2480 rv = test_find_objects(c, session, find_token_template,
2481 ARRAY_SIZE(find_token_template),
2482 obj_found, ARRAY_SIZE(obj_found), 1);
2483 if (!ADBG_EXPECT_CK_OK(c, rv))
2484 goto out;
2485
2486 Do_ADBG_EndSubCase(c, NULL);
2487
2488 /*
2489 * Sub test: Find only session objects
2490 */
2491 Do_ADBG_BeginSubCase(c, "Find session objects");
2492
2493 rv = test_find_objects(c, session, find_session_template,
2494 ARRAY_SIZE(find_session_template),
2495 obj_found, ARRAY_SIZE(obj_found), 1);
2496 if (!ADBG_EXPECT_CK_OK(c, rv))
2497 goto out;
2498
2499 Do_ADBG_EndSubCase(c, NULL);
2500
2501 /*
2502 * Sub test:
2503 */
2504 Do_ADBG_BeginSubCase(c, "Login again and find Data objects");
2505
2506 /* Login to Test Token */
2507 rv = C_Login(session, CKU_USER, test_token_user_pin,
2508 sizeof(test_token_user_pin));
2509 if (!ADBG_EXPECT_CK_OK(c, rv))
2510 goto out;
2511
2512 logged_in = true;
2513
2514 rv = test_find_objects(c, session, find_template,
2515 ARRAY_SIZE(find_template),
2516 obj_found, ARRAY_SIZE(obj_found), 3);
2517 if (!ADBG_EXPECT_CK_OK(c, rv))
2518 goto out;
2519
2520 rv = C_Logout(session);
2521 ADBG_EXPECT_CK_OK(c, rv);
2522
2523 logged_in = false;
2524
2525 Do_ADBG_EndSubCase(c, NULL);
2526
2527 /*
2528 * Sub test: Close session and open new session, find objects
2529 * without logging and after logging
2530 */
2531 Do_ADBG_BeginSubCase(c, "Find objects from brand new session");
2532
2533 rv = C_CloseSession(session);
2534 if (!ADBG_EXPECT_CK_OK(c, rv))
2535 goto destr_obj;
2536
2537 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2538 if (!ADBG_EXPECT_CK_OK(c, rv))
2539 goto destr_obj;
2540
2541 rv = test_find_objects(c, session, find_template,
2542 ARRAY_SIZE(find_template),
2543 obj_found, ARRAY_SIZE(obj_found), 1);
2544 if (!ADBG_EXPECT_CK_OK(c, rv))
2545 goto out;
2546
2547 /* Login to Test Token */
2548 rv = C_Login(session, CKU_USER, test_token_user_pin,
2549 sizeof(test_token_user_pin));
2550 if (!ADBG_EXPECT_CK_OK(c, rv))
2551 goto out;
2552
2553 logged_in = true;
2554
2555 rv = test_find_objects(c, session, find_template,
2556 ARRAY_SIZE(find_template),
2557 obj_found, ARRAY_SIZE(obj_found), 2);
2558 if (!ADBG_EXPECT_CK_OK(c, rv))
2559 goto out;
2560
2561 rv = C_Logout(session);
2562 ADBG_EXPECT_CK_OK(c, rv);
2563
2564 logged_in = false;
2565
2566 Do_ADBG_EndSubCase(c, NULL);
2567
2568 /*
2569 * Sub test: invalid call cases
2570 */
2571 Do_ADBG_BeginSubCase(c, "Invalid cases");
2572
2573 rv = C_FindObjectsFinal(session);
2574 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
2575
2576 rv = C_FindObjects(session,
2577 obj_found, ARRAY_SIZE(obj_found), &hdl_count);
2578 ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv);
2579
2580 rv = C_FindObjectsInit(session, find_template,
2581 ARRAY_SIZE(find_template));
2582 if (!ADBG_EXPECT_CK_OK(c, rv))
2583 goto out;
2584
2585 rv = C_FindObjectsInit(session, find_template,
2586 ARRAY_SIZE(find_template));
2587 ADBG_EXPECT_COMPARE_UNSIGNED(c, rv, !=, CKR_OK);
2588
2589 rv = C_FindObjectsFinal(session);
2590 ADBG_EXPECT_CK_OK(c, rv);
2591
2592 rv = C_FindObjectsInit(session, find_template,
2593 ARRAY_SIZE(find_template));
2594 ADBG_EXPECT_CK_OK(c, rv);
2595
2596 /*
2597 * Intentionally do not finalize the active object search. It should be
2598 * released together with the session closure.
2599 */
2600 Do_ADBG_EndSubCase(c, NULL);
2601
2602 out:
2603 if (logged_in)
2604 ADBG_EXPECT_CK_OK(c, C_Logout(session));
2605
2606 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2607
2608 destr_obj:
2609 destroy_persistent_objects(c, slot);
2610 close_lib:
2611 ADBG_EXPECT_CK_OK(c, close_lib());
2612 }
2613 ADBG_CASE_DEFINE(pkcs11, 1011, xtest_pkcs11_test_1011,
2614 "PKCS11: Test Find Objects");
2615
xtest_pkcs11_test_1012(ADBG_Case_t * c)2616 static void xtest_pkcs11_test_1012(ADBG_Case_t *c)
2617 {
2618 CK_RV rv = CKR_GENERAL_ERROR;
2619 CK_SLOT_ID slot = 0;
2620 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
2621 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2622 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2623 CK_OBJECT_HANDLE key_hdl = CK_INVALID_HANDLE;
2624 size_t i = 0;
2625
2626 CK_OBJECT_CLASS obj_class = CKO_DATA;
2627 CK_BBOOL obj_token = CK_FALSE;
2628 CK_BBOOL obj_private = CK_FALSE;
2629 uint8_t obj_value[5] = { 1, 2, 3, 4, 5 };
2630 const char *obj_label = "Label";
2631
2632 CK_ATTRIBUTE object_template[] = {
2633 { CKA_CLASS, &obj_class, sizeof(obj_class) },
2634 { CKA_TOKEN, &obj_token, sizeof(obj_token) },
2635 { CKA_PRIVATE, &obj_private, sizeof(obj_private) },
2636 { CKA_VALUE, obj_value, sizeof(obj_value) },
2637 { CKA_LABEL, (CK_UTF8CHAR_PTR)obj_label, strlen(obj_label) },
2638 };
2639
2640 CK_OBJECT_CLASS secret_class = CKO_SECRET_KEY;
2641 CK_BBOOL secret_token = CK_FALSE;
2642 CK_BBOOL secret_private = CK_FALSE;
2643 CK_KEY_TYPE secret_key_type = CKK_GENERIC_SECRET;
2644 CK_ULONG secret_len = 32;
2645 CK_MECHANISM_TYPE secret_allowed_mecha[] = { CKM_SHA_1_HMAC,
2646 CKM_SHA224_HMAC,
2647 CKM_SHA256_HMAC };
2648
2649 CK_ATTRIBUTE secret_template[] = {
2650 { CKA_CLASS, &secret_class, sizeof(secret_class) },
2651 { CKA_TOKEN, &secret_token, sizeof(secret_token) },
2652 { CKA_PRIVATE, &secret_private, sizeof(secret_private) },
2653 { CKA_KEY_TYPE, &secret_key_type, sizeof(secret_key_type) },
2654 { CKA_VALUE_LEN, &secret_len, sizeof(secret_len) },
2655 { CKA_ALLOWED_MECHANISMS, secret_allowed_mecha,
2656 sizeof(secret_allowed_mecha) }
2657 };
2658
2659 CK_BBOOL g_token = CK_TRUE;
2660 CK_BBOOL g_private = CK_TRUE;
2661 CK_OBJECT_CLASS g_class = ~0;
2662 uint8_t g_value[128] = { 0 };
2663 CK_MECHANISM_TYPE g_mecha_list[10] = { 0 };
2664
2665 uint8_t *data_ptr = NULL;
2666
2667 CK_ATTRIBUTE get_attr_template_bc[] = {
2668 { CKA_TOKEN, &g_token, sizeof(g_token) },
2669 { CKA_CLASS, &g_class, sizeof(g_class) },
2670 };
2671
2672 CK_ATTRIBUTE get_attr_template_cb[] = {
2673 { CKA_CLASS, &g_class, sizeof(g_class) },
2674 { CKA_TOKEN, &g_token, sizeof(g_token) },
2675 };
2676
2677 CK_ATTRIBUTE get_attr_template_ve[] = {
2678 { CKA_VALUE, &g_value, sizeof(obj_value) },
2679 };
2680
2681 CK_ATTRIBUTE get_attr_template_vl[] = {
2682 { CKA_VALUE, &g_value, sizeof(g_value) },
2683 };
2684
2685 CK_ATTRIBUTE get_attr_template_bvecb[] = {
2686 { CKA_TOKEN, &g_token, sizeof(g_token) },
2687 { CKA_VALUE, &g_value, sizeof(obj_value) },
2688 { CKA_CLASS, &g_class, sizeof(g_class) },
2689 { CKA_TOKEN, &g_private, sizeof(g_private) },
2690 };
2691
2692 CK_ATTRIBUTE get_attr_template_bvlcb[] = {
2693 { CKA_TOKEN, &g_token, sizeof(g_token) },
2694 { CKA_VALUE, &g_value, sizeof(g_value) },
2695 { CKA_CLASS, &g_class, sizeof(g_class) },
2696 { CKA_TOKEN, &g_private, sizeof(g_private) },
2697 };
2698
2699 CK_ATTRIBUTE get_attr_template_am[] = {
2700 { CKA_ALLOWED_MECHANISMS, &g_mecha_list, sizeof(g_mecha_list) },
2701 };
2702
2703 rv = init_lib_and_find_token_slot(&slot);
2704 if (!ADBG_EXPECT_CK_OK(c, rv))
2705 return;
2706
2707 rv = init_test_token(slot);
2708 if (!ADBG_EXPECT_CK_OK(c, rv))
2709 goto close_lib;
2710
2711 rv = init_user_test_token(slot);
2712 if (!ADBG_EXPECT_CK_OK(c, rv))
2713 goto close_lib;
2714
2715 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
2716 if (!ADBG_EXPECT_CK_OK(c, rv))
2717 goto close_lib;
2718
2719 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2720 rv = C_CreateObject(session, object_template,
2721 ARRAY_SIZE(object_template), &obj_hdl);
2722 if (!ADBG_EXPECT_CK_OK(c, rv))
2723 goto out;
2724
2725 /*
2726 * Sub test: Test Boolean (1 byte) + object class (CK_ULONG)
2727 */
2728 Do_ADBG_BeginSubCase(c, "Get Attribute - boolean + class");
2729 g_token = CK_TRUE;
2730 g_class = ~0;
2731
2732 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bc,
2733 ARRAY_SIZE(get_attr_template_bc));
2734 if (!ADBG_EXPECT_CK_OK(c, rv))
2735 goto out;
2736
2737 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2738 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2739
2740 Do_ADBG_EndSubCase(c, NULL);
2741
2742 /*
2743 * Sub test: object class (CK_ULONG) + Test Boolean (1 byte)
2744 */
2745 Do_ADBG_BeginSubCase(c, "Get Attribute - class + boolean");
2746 g_token = CK_TRUE;
2747 g_class = ~0;
2748
2749 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_cb,
2750 ARRAY_SIZE(get_attr_template_cb));
2751 if (!ADBG_EXPECT_CK_OK(c, rv))
2752 goto out;
2753
2754 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2755 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2756
2757 Do_ADBG_EndSubCase(c, NULL);
2758
2759 /*
2760 * Sub test: value with exact size
2761 */
2762 Do_ADBG_BeginSubCase(c, "Get Attribute - value with exact size buffer");
2763 memset(g_value, 0xCC, sizeof(g_value));
2764
2765 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_ve,
2766 ARRAY_SIZE(get_attr_template_ve));
2767 if (!ADBG_EXPECT_CK_OK(c, rv))
2768 goto out;
2769
2770 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_ve[0].ulValueLen, ==, sizeof(obj_value));
2771 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2772 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2773 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2774 break;
2775
2776 Do_ADBG_EndSubCase(c, NULL);
2777
2778 /*
2779 * Sub test: value with larger buffer
2780 */
2781 Do_ADBG_BeginSubCase(c, "Get Attribute - value with larger buffer");
2782 memset(g_value, 0xCC, sizeof(g_value));
2783
2784 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_vl,
2785 ARRAY_SIZE(get_attr_template_vl));
2786 if (!ADBG_EXPECT_CK_OK(c, rv))
2787 goto out;
2788
2789 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_vl[0].ulValueLen, ==, sizeof(obj_value));
2790 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2791 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2792 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2793 break;
2794
2795 Do_ADBG_EndSubCase(c, NULL);
2796
2797 /*
2798 * Sub test: bool + value with exact size + class + bool
2799 */
2800 Do_ADBG_BeginSubCase(c, "Get Attribute - bool + value with exact size + class + bool");
2801 memset(g_value, 0xCC, sizeof(g_value));
2802 g_token = CK_TRUE;
2803 g_private = CK_TRUE;
2804 g_class = ~0;
2805
2806 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bvecb,
2807 ARRAY_SIZE(get_attr_template_bvecb));
2808 if (!ADBG_EXPECT_CK_OK(c, rv))
2809 goto out;
2810
2811 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_bvecb[1].ulValueLen,
2812 ==, sizeof(obj_value));
2813 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2814 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2815 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2816 break;
2817
2818 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2819 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2820 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE);
2821
2822 Do_ADBG_EndSubCase(c, NULL);
2823
2824 /*
2825 * Sub test: bool + value with larger buffer + class + bool
2826 */
2827 Do_ADBG_BeginSubCase(c, "Get Attribute - bool + value with larger buffer + class + bool");
2828 memset(g_value, 0xCC, sizeof(g_value));
2829 g_token = CK_TRUE;
2830 g_private = CK_TRUE;
2831 g_class = ~0;
2832
2833 rv = C_GetAttributeValue(session, obj_hdl, get_attr_template_bvlcb,
2834 ARRAY_SIZE(get_attr_template_bvlcb));
2835 if (!ADBG_EXPECT_CK_OK(c, rv))
2836 goto out;
2837
2838 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_bvlcb[1].ulValueLen,
2839 ==, sizeof(obj_value));
2840 ADBG_EXPECT_EQUAL(c, g_value, obj_value, sizeof(obj_value));
2841 for (i = sizeof(obj_value); i < sizeof(g_value); i++)
2842 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_value[i], ==, 0xCC))
2843 break;
2844
2845 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_DATA);
2846 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE);
2847 ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE);
2848
2849 Do_ADBG_EndSubCase(c, NULL);
2850
2851 /*
2852 * Sub test: allowed mechanism list
2853 */
2854 Do_ADBG_BeginSubCase(c, "Get Attribute - allowed mechanism list");
2855 memset(g_mecha_list, 0xCC, sizeof(g_mecha_list));
2856
2857 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
2858 secret_template, ARRAY_SIZE(secret_template),
2859 &key_hdl);
2860 if (!ADBG_EXPECT_CK_OK(c, rv))
2861 goto out;
2862
2863 rv = C_GetAttributeValue(session, key_hdl, get_attr_template_am,
2864 ARRAY_SIZE(get_attr_template_am));
2865 if (!ADBG_EXPECT_CK_OK(c, rv))
2866 goto out;
2867
2868 ADBG_EXPECT_COMPARE_UNSIGNED(c, get_attr_template_am[0].ulValueLen, ==,
2869 sizeof(secret_allowed_mecha));
2870
2871 for (i = 0; i < sizeof(secret_allowed_mecha) / sizeof(*secret_allowed_mecha); i++)
2872 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, g_mecha_list[i], ==, secret_allowed_mecha[i]))
2873 break;
2874
2875 data_ptr = (uint8_t *)g_mecha_list;
2876 for (i = sizeof(secret_allowed_mecha); i < sizeof(g_mecha_list); i++)
2877 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, data_ptr[i], ==, 0xCC))
2878 break;
2879
2880 Do_ADBG_EndSubCase(c, NULL);
2881
2882 out:
2883 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
2884
2885 close_lib:
2886 ADBG_EXPECT_CK_OK(c, close_lib());
2887 }
2888 ADBG_CASE_DEFINE(pkcs11, 1012, xtest_pkcs11_test_1012,
2889 "PKCS11: Serializer tests");
2890
xtest_pkcs11_test_1013(ADBG_Case_t * c)2891 static void xtest_pkcs11_test_1013(ADBG_Case_t *c)
2892 {
2893 CK_RV rv = CKR_GENERAL_ERROR;
2894 CK_SLOT_ID slot = 0;
2895 CK_SESSION_HANDLE rw_session = CK_INVALID_HANDLE;
2896 CK_SESSION_HANDLE ro_session = CK_INVALID_HANDLE;
2897 CK_FLAGS rw_session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
2898 CK_FLAGS ro_session_flags = CKF_SERIAL_SESSION;
2899 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
2900 const char *label = "Dummy Objects";
2901 bool ro_logged_in = false;
2902
2903 rv = init_lib_and_find_token_slot(&slot);
2904 if (!ADBG_EXPECT_CK_OK(c, rv))
2905 return;
2906
2907 rv = init_test_token(slot);
2908 if (!ADBG_EXPECT_CK_OK(c, rv))
2909 goto close_lib;
2910
2911 rv = init_user_test_token(slot);
2912 if (!ADBG_EXPECT_CK_OK(c, rv))
2913 goto close_lib;
2914
2915 /* Open a RW session */
2916 rv = C_OpenSession(slot, rw_session_flags, NULL, 0, &rw_session);
2917 if (!ADBG_EXPECT_CK_OK(c, rv))
2918 goto close_lib;
2919
2920 /* Open a RO session */
2921 rv = C_OpenSession(slot, ro_session_flags, NULL, 0, &ro_session);
2922 if (!ADBG_EXPECT_CK_OK(c, rv))
2923 goto close_lib;
2924
2925 /*
2926 * Sub test: Check object creation from a R/O Public session
2927 */
2928 Do_ADBG_BeginSubCase(c, "Create objects in R/O Public Session");
2929
2930 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2931 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
2932 CK_FALSE, label);
2933 if (!ADBG_EXPECT_CK_OK(c, rv))
2934 goto out;
2935
2936 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2937 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
2938 CK_TRUE, label);
2939 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2940 goto out;
2941
2942 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2943 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
2944 CK_FALSE, label);
2945 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
2946 goto out;
2947
2948 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
2949 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
2950 CK_TRUE, label);
2951 /* For Token object creation, SESSION_READ_ONLY will take priority */
2952 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
2953 goto out;
2954
2955 Do_ADBG_EndSubCase(c, NULL);
2956
2957 /*
2958 * Sub test: Check access for a R/W Public session
2959 */
2960 Do_ADBG_BeginSubCase(c, "Create objects in R/O Public Session");
2961
2962 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
2963 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
2964 CK_FALSE, label);
2965 if (!ADBG_EXPECT_CK_OK(c, rv))
2966 goto out;
2967
2968 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
2969 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
2970 CK_TRUE, label);
2971 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2972 goto out;
2973
2974 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
2975 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
2976 CK_FALSE, label);
2977 if (!ADBG_EXPECT_CK_OK(c, rv))
2978 goto out;
2979
2980 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
2981 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
2982 CK_TRUE, label);
2983 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
2984 goto out;
2985
2986 Do_ADBG_EndSubCase(c, NULL);
2987
2988 /*
2989 * Sub test: Check access for a R/O User session
2990 */
2991 Do_ADBG_BeginSubCase(c, "Create objects in R/O User Session");
2992
2993 /* Login to Test Token */
2994 rv = C_Login(ro_session, CKU_USER, test_token_user_pin,
2995 sizeof(test_token_user_pin));
2996 if (!ADBG_EXPECT_CK_OK(c, rv))
2997 goto out;
2998
2999 ro_logged_in = true;
3000
3001 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3002 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3003 CK_FALSE, label);
3004 if (!ADBG_EXPECT_CK_OK(c, rv))
3005 goto out;
3006
3007 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3008 rv = create_data_object(ro_session, &obj_hdl, CK_FALSE,
3009 CK_TRUE, label);
3010 if (!ADBG_EXPECT_CK_OK(c, rv))
3011 goto out;
3012
3013 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3014 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3015 CK_FALSE, label);
3016 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3017 goto out;
3018
3019 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3020 rv = create_data_object(ro_session, &obj_hdl, CK_TRUE,
3021 CK_TRUE, label);
3022 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3023 goto out;
3024
3025 Do_ADBG_EndSubCase(c, NULL);
3026
3027 /*
3028 * Sub test: Check access for a R/W User session
3029 */
3030 Do_ADBG_BeginSubCase(c, "Create objects in R/W User Session");
3031
3032 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3033 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3034 CK_FALSE, label);
3035 if (!ADBG_EXPECT_CK_OK(c, rv))
3036 goto out;
3037
3038 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3039 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3040 CK_TRUE, label);
3041 if (!ADBG_EXPECT_CK_OK(c, rv))
3042 goto out;
3043
3044 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3045 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3046 CK_FALSE, label);
3047 if (!ADBG_EXPECT_CK_OK(c, rv))
3048 goto out;
3049
3050 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3051 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3052 CK_TRUE, label);
3053 if (!ADBG_EXPECT_CK_OK(c, rv))
3054 goto out;
3055
3056 /* Log out */
3057 ADBG_EXPECT_CK_OK(c, C_Logout(ro_session));
3058 ro_logged_in = false;
3059
3060 /* Close RO session */
3061 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3062 ro_session = CK_INVALID_HANDLE;
3063
3064 Do_ADBG_EndSubCase(c, NULL);
3065
3066 /*
3067 * Sub test: Check access for a R/W SO session
3068 */
3069 Do_ADBG_BeginSubCase(c, "Create objects in R/W SO Session");
3070
3071 /* Login as security officer in RW session */
3072 rv = C_Login(rw_session, CKU_SO, test_token_so_pin,
3073 sizeof(test_token_so_pin));
3074 if (!ADBG_EXPECT_CK_OK(c, rv))
3075 goto out;
3076
3077 /* Session Public Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_FALSE */
3078 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3079 CK_FALSE, label);
3080 if (!ADBG_EXPECT_CK_OK(c, rv))
3081 goto logout;
3082
3083 /* Session Private Obj CKA_TOKEN = CK_FALSE, CKA_PRIVATE = CK_TRUE */
3084 rv = create_data_object(rw_session, &obj_hdl, CK_FALSE,
3085 CK_TRUE, label);
3086 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3087 goto logout;
3088
3089 /* Token Public Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_FALSE */
3090 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3091 CK_FALSE, label);
3092 if (!ADBG_EXPECT_CK_OK(c, rv))
3093 goto logout;
3094
3095 /* Token Private Obj CKA_TOKEN = CK_TRUE, CKA_PRIVATE = CK_TRUE */
3096 rv = create_data_object(rw_session, &obj_hdl, CK_TRUE,
3097 CK_TRUE, label);
3098 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3099 goto logout;
3100
3101 logout:
3102 ADBG_EXPECT_CK_OK(c, C_Logout(rw_session));
3103 out:
3104 if (ro_logged_in)
3105 ADBG_EXPECT_CK_OK(c, C_Logout(ro_session));
3106
3107 if (ro_session != CK_INVALID_HANDLE)
3108 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3109
3110 ADBG_EXPECT_CK_OK(c, C_CloseSession(rw_session));
3111
3112 Do_ADBG_EndSubCase(c, NULL);
3113
3114 destroy_persistent_objects(c, slot);
3115 close_lib:
3116 ADBG_EXPECT_CK_OK(c, close_lib());
3117
3118 }
3119 ADBG_CASE_DEFINE(pkcs11, 1013, xtest_pkcs11_test_1013,
3120 "PKCS11: Object creation upon session type");
3121
xtest_pkcs11_test_1014(ADBG_Case_t * c)3122 static void xtest_pkcs11_test_1014(ADBG_Case_t *c)
3123 {
3124 CK_RV rv = CKR_GENERAL_ERROR;
3125 CK_SLOT_ID slot = 0;
3126 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3127 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3128 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
3129 const char *id = "1";
3130 const char *label = "Dummy Objects";
3131 const char *new_label = "New Object lable";
3132 size_t n = 0;
3133 char *g_label[100] = { };
3134 char *g_id[100] = { };
3135 CK_MECHANISM_TYPE secret_allowed_mecha[] = { CKM_SHA_1_HMAC,
3136 CKM_SHA224_HMAC,
3137 CKM_SHA256_HMAC };
3138 CK_ATTRIBUTE secret_key_template[] = {
3139 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3140 sizeof(CK_OBJECT_CLASS) },
3141 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3142 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3143 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3144 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3145 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3146 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3147 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_GENERIC_SECRET},
3148 sizeof(CK_KEY_TYPE) },
3149 { CKA_LABEL, (CK_UTF8CHAR_PTR)label, strlen(label) },
3150 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
3151 { CKA_SIGN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3152 { CKA_VERIFY, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3153 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3154 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3155 { CKA_ALLOWED_MECHANISMS, secret_allowed_mecha,
3156 sizeof(secret_allowed_mecha) },
3157 };
3158 CK_BBOOL g_derive = CK_FALSE;
3159 CK_BBOOL g_sign = CK_FALSE;
3160 CK_BBOOL g_verify = CK_FALSE;
3161 CK_BBOOL g_encrypt = CK_FALSE;
3162 CK_BBOOL g_decrypt = CK_FALSE;
3163 CK_BBOOL g_wrap = CK_FALSE;
3164 CK_BBOOL g_unwrap = CK_FALSE;
3165 uint32_t g_len = 0;
3166 CK_ATTRIBUTE get_template[] = {
3167 { CKA_LABEL, (CK_UTF8CHAR_PTR)g_label, sizeof(g_label) },
3168 { CKA_ID, (CK_BYTE_PTR)g_id, sizeof(g_id) },
3169 { CKA_DERIVE, &g_derive, sizeof(CK_BBOOL) },
3170 { CKA_SIGN, &g_sign, sizeof(CK_BBOOL) },
3171 { CKA_VERIFY, &g_verify, sizeof(CK_BBOOL) },
3172 { CKA_ENCRYPT, &g_encrypt, sizeof(CK_BBOOL) },
3173 { CKA_DECRYPT, &g_decrypt, sizeof(CK_BBOOL) },
3174 { CKA_WRAP, &g_wrap, sizeof(CK_BBOOL) },
3175 { CKA_UNWRAP, &g_unwrap, sizeof(CK_BBOOL) },
3176 { CKA_VALUE_LEN, &g_len, sizeof(CK_ULONG) },
3177 };
3178 CK_ATTRIBUTE set_template[] = {
3179 { CKA_LABEL, (CK_UTF8CHAR_PTR)new_label, strlen(new_label) },
3180 { CKA_ID, (CK_BYTE_PTR)id, strlen(id) },
3181 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3182 { CKA_WRAP, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3183 { CKA_UNWRAP, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3184 { CKA_SIGN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3185 { CKA_VERIFY, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3186 { CKA_ENCRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3187 { CKA_DECRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3188 /* CKA_SENSITIVE -> CK_FALSE to CK_TRUE is allowed */
3189 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3190 /* CKA_EXTRACTABLE -> CK_TRUE to CK_FALSE is allowed */
3191 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3192 /* CKA_COPYABLE -> CK_TRUE to CK_FALSE is allowed */
3193 { CKA_COPYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3194 };
3195 CK_ATTRIBUTE set_inv_template1[] = {
3196 /* Attributes Not Modifiable */
3197 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_DATA},
3198 sizeof(CK_OBJECT_CLASS) },
3199 { CKA_LOCAL, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3200 { CKA_ALWAYS_SENSITIVE, &(CK_BBOOL){CK_FALSE},
3201 sizeof(CK_BBOOL) },
3202 { CKA_NEVER_EXTRACTABLE, &(CK_BBOOL){CK_FALSE},
3203 sizeof(CK_BBOOL) },
3204 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3205 { CKA_PRIVATE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3206 { CKA_MODIFIABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3207 { CKA_DESTROYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3208 /* Change not allowed from CK_TRUE -> CK_FALSE */
3209 { CKA_SENSITIVE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3210 /* Change not allowed from CK_FALSE -> CK_TRUE */
3211 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3212 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3213 };
3214 CK_ATTRIBUTE set_inv_template2[] = {
3215 { CKA_APPLICATION, (CK_UTF8CHAR_PTR)label, sizeof(label) },
3216 };
3217 CK_ATTRIBUTE set_trusted_template[] = {
3218 { CKA_TRUSTED, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3219 };
3220
3221 rv = init_lib_and_find_token_slot(&slot);
3222 if (!ADBG_EXPECT_CK_OK(c, rv))
3223 return;
3224
3225 rv = init_test_token(slot);
3226 if (!ADBG_EXPECT_CK_OK(c, rv))
3227 goto close_lib;
3228
3229 rv = init_user_test_token(slot);
3230 if (!ADBG_EXPECT_CK_OK(c, rv))
3231 goto close_lib;
3232
3233 /* Open a RW session */
3234 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3235 if (!ADBG_EXPECT_CK_OK(c, rv))
3236 goto close_lib;
3237
3238 /* Create a secret key object */
3239 rv = C_CreateObject(session, secret_key_template,
3240 ARRAY_SIZE(secret_key_template), &obj_hdl);
3241 if (!ADBG_EXPECT_CK_OK(c, rv))
3242 goto close_session;
3243
3244 Do_ADBG_BeginSubCase(c, "Set attributes on secret key object");
3245
3246 rv = C_GetAttributeValue(session, obj_hdl, get_template,
3247 ARRAY_SIZE(get_template));
3248 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3249 !ADBG_EXPECT_BUFFER(c, label, strlen(label), g_label,
3250 get_template[0].ulValueLen) ||
3251 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_FALSE) ||
3252 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_FALSE) ||
3253 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_FALSE) ||
3254 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_TRUE) ||
3255 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_TRUE) ||
3256 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_TRUE) ||
3257 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_TRUE) ||
3258 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_len, ==, 16) ||
3259 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_template[1].ulValueLen, ==, 0))
3260 goto out;
3261
3262 rv = C_SetAttributeValue(session, obj_hdl, set_template,
3263 ARRAY_SIZE(set_template));
3264 if (!ADBG_EXPECT_CK_OK(c, rv))
3265 goto out;
3266
3267 get_template[0].ulValueLen = sizeof(g_label);
3268 get_template[1].ulValueLen = sizeof(g_id);
3269 rv = C_GetAttributeValue(session, obj_hdl, get_template,
3270 ARRAY_SIZE(get_template));
3271 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3272 !ADBG_EXPECT_BUFFER(c, new_label, strlen(new_label), g_label,
3273 get_template[0].ulValueLen) ||
3274 !ADBG_EXPECT_BUFFER(c, id, strlen(id), g_id,
3275 get_template[1].ulValueLen) ||
3276 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_derive, ==, CK_TRUE) ||
3277 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_wrap, ==, CK_TRUE) ||
3278 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_unwrap, ==, CK_TRUE) ||
3279 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_encrypt, ==, CK_FALSE) ||
3280 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_decrypt, ==, CK_FALSE) ||
3281 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sign, ==, CK_FALSE) ||
3282 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_verify, ==, CK_FALSE))
3283 goto out;
3284
3285 Do_ADBG_EndSubCase(c, NULL);
3286
3287 Do_ADBG_BeginSubCase(c, "Test Invalid template with R/O Attributes");
3288
3289 for (n = 0; n < ARRAY_SIZE(set_inv_template1); n++) {
3290 rv = C_SetAttributeValue(session, obj_hdl,
3291 &set_inv_template1[n], 1);
3292 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_READ_ONLY, rv))
3293 goto out;
3294 }
3295
3296 Do_ADBG_EndSubCase(c, NULL);
3297
3298 Do_ADBG_BeginSubCase(c, "Test Invalid template with Invalid Attribute");
3299
3300 rv = C_SetAttributeValue(session, obj_hdl, set_inv_template2,
3301 ARRAY_SIZE(set_inv_template2));
3302 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_TYPE_INVALID, rv))
3303 goto out;
3304
3305 Do_ADBG_EndSubCase(c, NULL);
3306
3307 Do_ADBG_BeginSubCase(c, "Set CKA_TRUSTED with and w/o SO Login");
3308
3309 rv = C_SetAttributeValue(session, obj_hdl, set_trusted_template,
3310 ARRAY_SIZE(set_trusted_template));
3311 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_READ_ONLY, rv))
3312 goto out;
3313
3314 /* Login as SO in RW session */
3315 rv = C_Login(session, CKU_SO, test_token_so_pin,
3316 sizeof(test_token_so_pin));
3317 if (!ADBG_EXPECT_CK_OK(c, rv))
3318 goto out;
3319
3320 rv = C_SetAttributeValue(session, obj_hdl, set_trusted_template,
3321 ARRAY_SIZE(set_trusted_template));
3322 ADBG_EXPECT_CK_OK(c, rv);
3323
3324 ADBG_EXPECT_CK_OK(c, C_Logout(session));
3325 out:
3326 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, obj_hdl));
3327
3328 Do_ADBG_EndSubCase(c, NULL);
3329
3330 close_session:
3331 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
3332
3333 close_lib:
3334 ADBG_EXPECT_CK_OK(c, close_lib());
3335 }
3336 ADBG_CASE_DEFINE(pkcs11, 1014, xtest_pkcs11_test_1014,
3337 "PKCS11: Test C_SetAttributeValue()");
3338
xtest_pkcs11_test_1015(ADBG_Case_t * c)3339 static void xtest_pkcs11_test_1015(ADBG_Case_t *c)
3340 {
3341 CK_RV rv = CKR_GENERAL_ERROR;
3342 CK_SLOT_ID slot = 0;
3343 CK_SESSION_HANDLE rw_session = CK_INVALID_HANDLE;
3344 CK_SESSION_HANDLE ro_session = CK_INVALID_HANDLE;
3345 CK_FLAGS rw_session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3346 CK_FLAGS ro_session_flags = CKF_SERIAL_SESSION;
3347 CK_OBJECT_HANDLE obj_hdl = CK_INVALID_HANDLE;
3348 CK_OBJECT_HANDLE obj_hdl_ro = CK_INVALID_HANDLE;
3349 CK_OBJECT_HANDLE obj_hdl_cp = CK_INVALID_HANDLE;
3350 const char *label = "Dummy Objects";
3351 CK_ATTRIBUTE secret_key_create_template[] = {
3352 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3353 sizeof(CK_OBJECT_CLASS) },
3354 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
3355 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3356 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3357 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3358 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3359 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3360 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3361 { CKA_VALUE, (void *)cktest_aes128_key, sizeof(cktest_aes128_key) },
3362 };
3363 CK_ATTRIBUTE secret_key_template[] = {
3364 { CKA_CLASS, &(CK_OBJECT_CLASS){CKO_SECRET_KEY},
3365 sizeof(CK_OBJECT_CLASS) },
3366 { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_AES}, sizeof(CK_KEY_TYPE) },
3367 { CKA_TOKEN, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3368 { CKA_PRIVATE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3369 { CKA_MODIFIABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3370 { CKA_COPYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3371 { CKA_DESTROYABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3372 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3373 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3374 };
3375 CK_BBOOL g_token = CK_FALSE;
3376 CK_BBOOL g_private = CK_FALSE;
3377 CK_BBOOL g_modify = CK_FALSE;
3378 CK_BBOOL g_copy = CK_FALSE;
3379 CK_BBOOL g_destroy = CK_FALSE;
3380 CK_BBOOL g_extract = CK_FALSE;
3381 CK_BBOOL g_sensitive = CK_FALSE;
3382 CK_BBOOL g_nextract = CK_FALSE;
3383 CK_BBOOL g_asensitive = CK_FALSE;
3384 CK_BBOOL g_local = CK_FALSE;
3385 CK_ATTRIBUTE get_template[] = {
3386 { CKA_TOKEN, &g_token, sizeof(CK_BBOOL) },
3387 { CKA_PRIVATE, &g_private, sizeof(CK_BBOOL) },
3388 { CKA_MODIFIABLE, &g_modify, sizeof(CK_BBOOL) },
3389 { CKA_COPYABLE, &g_copy, sizeof(CK_BBOOL) },
3390 { CKA_DESTROYABLE, &g_destroy, sizeof(CK_BBOOL) },
3391 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
3392 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
3393 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
3394 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
3395 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
3396 };
3397 CK_ATTRIBUTE copy_template[] = {
3398 { CKA_TOKEN, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3399 { CKA_MODIFIABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3400 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3401 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3402 };
3403 CK_ATTRIBUTE copy_template_inv[] = {
3404 { CKA_APPLICATION, (CK_UTF8CHAR_PTR)label, sizeof(label) },
3405 };
3406 CK_ATTRIBUTE copy_template_priv[] = {
3407 { CKA_PRIVATE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3408 };
3409 CK_ATTRIBUTE set_template[] = {
3410 { CKA_COPYABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3411 };
3412
3413 rv = init_lib_and_find_token_slot(&slot);
3414 if (!ADBG_EXPECT_CK_OK(c, rv))
3415 return;
3416
3417 rv = init_test_token(slot);
3418 if (!ADBG_EXPECT_CK_OK(c, rv))
3419 goto close_lib;
3420
3421 rv = init_user_test_token(slot);
3422 if (!ADBG_EXPECT_CK_OK(c, rv))
3423 goto close_lib;
3424
3425 /* Open a RW session */
3426 rv = C_OpenSession(slot, rw_session_flags, NULL, 0, &rw_session);
3427 if (!ADBG_EXPECT_CK_OK(c, rv))
3428 goto close_lib;
3429
3430 /* Open a RO session */
3431 rv = C_OpenSession(slot, ro_session_flags, NULL, 0, &ro_session);
3432 if (!ADBG_EXPECT_CK_OK(c, rv))
3433 goto close_session;
3434
3435 /* Generate a secret key object in rw session */
3436 rv = C_GenerateKey(rw_session, &cktest_aes_keygen_mechanism,
3437 secret_key_template,
3438 ARRAY_SIZE(secret_key_template), &obj_hdl);
3439 if (!ADBG_EXPECT_CK_OK(c, rv))
3440 goto close_session;
3441
3442 /* Check its attribute values */
3443 rv = C_GetAttributeValue(rw_session, obj_hdl, get_template,
3444 ARRAY_SIZE(get_template));
3445 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3446 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3447 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3448 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3449 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3450 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3451 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
3452 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3453 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3454 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3455 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3456 goto close_session;
3457
3458 /* Create a secret key object in ro session*/
3459 rv = C_CreateObject(ro_session, secret_key_create_template,
3460 ARRAY_SIZE(secret_key_create_template), &obj_hdl_ro);
3461 if (!ADBG_EXPECT_CK_OK(c, rv))
3462 goto close_session;
3463
3464 /*
3465 * Duplicate the object generated in RW session using C_GenerateKey() to
3466 * another object. Pass Template as NULL and test the attributes of
3467 * new created object.
3468 */
3469 Do_ADBG_BeginSubCase(c, "Copy Local Obj with NULL Template");
3470 rv = C_CopyObject(rw_session, obj_hdl, NULL, 0, &obj_hdl_cp);
3471 if (!ADBG_EXPECT_CK_OK(c, rv))
3472 goto out;
3473
3474 /*
3475 * Check its attribute values, should match the original object.
3476 * CKA_LOCAL shall be TRUE even in copied object as original object
3477 * was generated using C_GenerateKey()
3478 */
3479 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_template,
3480 ARRAY_SIZE(get_template));
3481 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3482 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3483 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3484 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3485 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3486 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3487 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_TRUE) ||
3488 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3489 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3490 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3491 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3492 goto out;
3493
3494 rv = C_DestroyObject(rw_session, obj_hdl_cp);
3495 if (!ADBG_EXPECT_CK_OK(c, rv))
3496 goto out;
3497
3498 obj_hdl_cp = CK_INVALID_HANDLE;
3499
3500 Do_ADBG_EndSubCase(c, NULL);
3501
3502 /*
3503 * Duplicate the object generated in RO session using C_CreateObject()
3504 * to another object. Pass Template as NULL and test the attributes of
3505 * new created object.
3506 */
3507 Do_ADBG_BeginSubCase(c, "Copy a non-local object with NULL Template");
3508
3509 /* Copy ro session object */
3510 rv = C_CopyObject(ro_session, obj_hdl_ro, NULL, 0, &obj_hdl_cp);
3511 if (!ADBG_EXPECT_CK_OK(c, rv))
3512 goto out;
3513
3514 /*
3515 * Check its attribute values, should match the original object.
3516 * CKA_LOCAL shall be FALSE even in copied object as original object
3517 * was generated using C_CreateObject()
3518 */
3519 rv = C_GetAttributeValue(ro_session, obj_hdl_cp, get_template,
3520 ARRAY_SIZE(get_template));
3521 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3522 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_FALSE) ||
3523 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_private, ==, CK_FALSE) ||
3524 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_TRUE) ||
3525 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_copy, ==, CK_TRUE) ||
3526 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_destroy, ==, CK_TRUE) ||
3527 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
3528 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
3529 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3530 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
3531 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3532 goto out;
3533
3534 rv = C_DestroyObject(ro_session, obj_hdl_cp);
3535 if (!ADBG_EXPECT_CK_OK(c, rv))
3536 goto out;
3537
3538 obj_hdl_cp = CK_INVALID_HANDLE;
3539
3540 Do_ADBG_EndSubCase(c, NULL);
3541
3542 /*
3543 * Test copying object with a valid template and check if attributes
3544 * get modified as indicated in the template. Checks modification of
3545 * attributes like CKA_TOKEN, CKA_MODIFIABLE which were not modifiable
3546 * via C_SetAttributeValue(). Also modifies the CKA_SENSITIVE,
3547 * CKA_EXTRACTABLE and checks corresponding values of RO attributes
3548 * CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE.
3549 */
3550 Do_ADBG_BeginSubCase(c, "Copy Object with Valid Template");
3551
3552 /*
3553 * Copy Session Object as a Token object
3554 * Properties CKA_MODIFIABLE turned to FALSE
3555 * CKA_EXTRACTABLE changed from TRUE to FALSE
3556 * CKA_NEVER_EXTRACTABLE should be FALSE.
3557 * CKA_SENSITIVE set to TRUE
3558 * However CKA_ALWAYS_SENSITIVE should be FALSE
3559 */
3560 rv = C_CopyObject(rw_session, obj_hdl, copy_template,
3561 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3562 if (!ADBG_EXPECT_CK_OK(c, rv))
3563 goto out;
3564
3565 /* Check the changed attribute values */
3566 rv = C_GetAttributeValue(rw_session, obj_hdl_cp, get_template,
3567 ARRAY_SIZE(get_template));
3568 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3569 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_token, ==, CK_TRUE) ||
3570 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_modify, ==, CK_FALSE) ||
3571 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
3572 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE) ||
3573 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
3574 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE))
3575 goto out;
3576
3577 /*
3578 * The copied object has CKA_MODIFIABLE set to FALSE. Check if
3579 * call to C_SetAttributeValue() returns CKR_ACTION_PROHIBITED
3580 */
3581 rv = C_SetAttributeValue(rw_session, obj_hdl_cp, set_template,
3582 ARRAY_SIZE(set_template));
3583 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ACTION_PROHIBITED, rv))
3584 goto out;
3585
3586 rv = C_DestroyObject(rw_session, obj_hdl_cp);
3587 if (!ADBG_EXPECT_CK_OK(c, rv))
3588 goto out;
3589
3590 obj_hdl_cp = CK_INVALID_HANDLE;
3591
3592 Do_ADBG_EndSubCase(c, NULL);
3593
3594 /*
3595 * Test changing the CKA_PRIVATE to TRUE when copying object.
3596 * Fails when user is not logged in. Passes after user logs in
3597 */
3598 Do_ADBG_BeginSubCase(c, "Copy Object as a Private Object");
3599
3600 /* The first attempt will fail as user is not logged in */
3601 rv = C_CopyObject(rw_session, obj_hdl, copy_template_priv,
3602 ARRAY_SIZE(copy_template_priv), &obj_hdl_cp);
3603 if (!ADBG_EXPECT_CK_RESULT(c, CKR_USER_NOT_LOGGED_IN, rv))
3604 goto out;
3605
3606 /* Login to Test Token and repeat*/
3607 rv = C_Login(rw_session, CKU_USER, test_token_user_pin,
3608 sizeof(test_token_user_pin));
3609 if (!ADBG_EXPECT_CK_OK(c, rv))
3610 goto out;
3611
3612 /* Try copying a public object to a private object - should pass */
3613 rv = C_CopyObject(rw_session, obj_hdl, copy_template_priv,
3614 ARRAY_SIZE(copy_template_priv), &obj_hdl_cp);
3615 if (!ADBG_EXPECT_CK_OK(c, rv)) {
3616 ADBG_EXPECT_CK_OK(c, C_Logout(rw_session));
3617 goto out;
3618 }
3619
3620 if (!ADBG_EXPECT_CK_OK(c, C_Logout(rw_session)))
3621 goto out;
3622
3623 Do_ADBG_EndSubCase(c, NULL);
3624
3625 Do_ADBG_BeginSubCase(c, "Copy Object with Invalid Template");
3626
3627 rv = C_CopyObject(rw_session, obj_hdl, copy_template_inv,
3628 ARRAY_SIZE(copy_template_inv), &obj_hdl_cp);
3629 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ATTRIBUTE_TYPE_INVALID, rv))
3630 goto out;
3631
3632 Do_ADBG_EndSubCase(c, NULL);
3633
3634 Do_ADBG_BeginSubCase(c, "Copy Object with COPYABLE false");
3635
3636 rv = C_SetAttributeValue(rw_session, obj_hdl, set_template,
3637 ARRAY_SIZE(set_template));
3638 if (!ADBG_EXPECT_CK_OK(c, rv))
3639 goto out;
3640
3641 rv = C_CopyObject(rw_session, obj_hdl, copy_template,
3642 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3643 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ACTION_PROHIBITED, rv))
3644 goto out;
3645
3646 Do_ADBG_EndSubCase(c, NULL);
3647
3648 Do_ADBG_BeginSubCase(c, "Copy session object to token in RO session");
3649
3650 rv = C_CopyObject(ro_session, obj_hdl_ro, copy_template,
3651 ARRAY_SIZE(copy_template), &obj_hdl_cp);
3652 if (!ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_READ_ONLY, rv))
3653 goto out;
3654
3655 out:
3656 Do_ADBG_EndSubCase(c, NULL);
3657
3658 /* Destroy any token objects which may have been created */
3659 destroy_persistent_objects(c, slot);
3660
3661 close_session:
3662 /* Closing session will also destroy all session objects */
3663 if (ro_session != CK_INVALID_HANDLE)
3664 ADBG_EXPECT_CK_OK(c, C_CloseSession(ro_session));
3665
3666 ADBG_EXPECT_CK_OK(c, C_CloseSession(rw_session));
3667
3668 close_lib:
3669 ADBG_EXPECT_CK_OK(c, close_lib());
3670 }
3671 ADBG_CASE_DEFINE(pkcs11, 1015, xtest_pkcs11_test_1015,
3672 "PKCS11: Test C_CopyObject()");
3673
xtest_pkcs11_test_1016(ADBG_Case_t * c)3674 static void xtest_pkcs11_test_1016(ADBG_Case_t *c)
3675 {
3676 CK_RV rv = CKR_GENERAL_ERROR;
3677 CK_SLOT_ID slot = 0;
3678 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3679 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3680 uint8_t buffer[64] = { 0 };
3681 size_t i = 0;
3682
3683 rv = init_lib_and_find_token_slot(&slot);
3684 if (!ADBG_EXPECT_CK_OK(c, rv))
3685 return;
3686
3687 rv = init_test_token(slot);
3688 if (!ADBG_EXPECT_CK_OK(c, rv))
3689 goto close_lib;
3690
3691 rv = init_user_test_token(slot);
3692 if (!ADBG_EXPECT_CK_OK(c, rv))
3693 goto close_lib;
3694
3695 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3696 if (!ADBG_EXPECT_CK_OK(c, rv))
3697 goto close_lib;
3698
3699 Do_ADBG_BeginSubCase(c, "Seed random bytes");
3700
3701 memset(buffer, 0xCC, sizeof(buffer));
3702
3703 rv = C_SeedRandom(session, buffer, sizeof(buffer));
3704 if (!ADBG_EXPECT_CK_OK(c, rv))
3705 goto out;
3706
3707 Do_ADBG_EndSubCase(c, NULL);
3708
3709 Do_ADBG_BeginSubCase(c, "Seed random bytes with zero length buffer");
3710
3711 rv = C_SeedRandom(session, buffer, 0);
3712 if (!ADBG_EXPECT_CK_OK(c, rv))
3713 goto out;
3714
3715 rv = C_SeedRandom(session, NULL, 0);
3716 if (!ADBG_EXPECT_CK_OK(c, rv))
3717 goto out;
3718
3719 Do_ADBG_EndSubCase(c, NULL);
3720
3721 Do_ADBG_BeginSubCase(c, "Generate random bytes");
3722
3723 memset(buffer, 0xCC, sizeof(buffer));
3724
3725 rv = C_GenerateRandom(session, buffer, 61);
3726 if (!ADBG_EXPECT_CK_OK(c, rv))
3727 goto out;
3728
3729 /* Verify that end of buffer is still 0xCC */
3730 for (i = 61; i < sizeof(buffer); i++)
3731 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, buffer[i], ==, 0xCC))
3732 break;
3733
3734 Do_ADBG_EndSubCase(c, NULL);
3735
3736 Do_ADBG_BeginSubCase(c, "Generate random bytes with zero length buffer");
3737
3738 memset(buffer, 0xCC, sizeof(buffer));
3739
3740 rv = C_GenerateRandom(session, buffer, 0);
3741 if (!ADBG_EXPECT_CK_OK(c, rv))
3742 goto out;
3743
3744 /* Verify that whole buffer is still 0xCC */
3745 for (i = 0; i < sizeof(buffer); i++)
3746 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, buffer[i], ==, 0xCC))
3747 break;
3748
3749 rv = C_GenerateRandom(session, NULL, 0);
3750 ADBG_EXPECT_CK_OK(c, rv);
3751
3752 out:
3753 Do_ADBG_EndSubCase(c, NULL);
3754
3755 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
3756
3757 close_lib:
3758 ADBG_EXPECT_CK_OK(c, close_lib());
3759 }
3760 ADBG_CASE_DEFINE(pkcs11, 1016, xtest_pkcs11_test_1016,
3761 "PKCS11: Random number generator tests");
3762
derive_sym_key(CK_SESSION_HANDLE session,CK_OBJECT_HANDLE parent_key,CK_MECHANISM_TYPE mechanism,size_t data_len,CK_OBJECT_HANDLE_PTR derv_key_hdl,size_t key_len,CK_OBJECT_CLASS key_class,CK_KEY_TYPE key_type,CK_BBOOL sensitive,CK_BBOOL extble)3763 static CK_RV derive_sym_key(CK_SESSION_HANDLE session,
3764 CK_OBJECT_HANDLE parent_key,
3765 CK_MECHANISM_TYPE mechanism, size_t data_len,
3766 CK_OBJECT_HANDLE_PTR derv_key_hdl, size_t key_len,
3767 CK_OBJECT_CLASS key_class, CK_KEY_TYPE key_type,
3768 CK_BBOOL sensitive, CK_BBOOL extble)
3769 {
3770 CK_RV rv = CKR_GENERAL_ERROR;
3771 uint8_t buffer[512] = { 0 };
3772 uint8_t iv[16] = { 0 };
3773 CK_MECHANISM mech_derive = { 0 };
3774 CK_KEY_DERIVATION_STRING_DATA key_derv_param = { 0 };
3775 CK_AES_CBC_ENCRYPT_DATA_PARAMS aes_cbc_param = { 0 };
3776 CK_ATTRIBUTE derived_key_template[] = {
3777 { CKA_CLASS, &key_class, sizeof(key_class) },
3778 { CKA_KEY_TYPE, &key_type, sizeof(key_type) },
3779 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3780 { CKA_DECRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3781 { CKA_SENSITIVE, &sensitive, sizeof(sensitive) },
3782 { CKA_EXTRACTABLE, &extble, sizeof(extble) },
3783 { CKA_VALUE_LEN, &key_len, sizeof(key_len) }
3784 };
3785
3786 if (data_len > sizeof(buffer))
3787 return rv;
3788
3789 switch (mechanism) {
3790 case CKM_AES_ECB_ENCRYPT_DATA:
3791 key_derv_param.pData = buffer;
3792 key_derv_param.ulLen = data_len;
3793 mech_derive.mechanism = mechanism;
3794 mech_derive.pParameter = &key_derv_param;
3795 mech_derive.ulParameterLen = sizeof(key_derv_param);
3796 break;
3797 case CKM_AES_CBC_ENCRYPT_DATA:
3798 memcpy(aes_cbc_param.iv, iv, 16);
3799 aes_cbc_param.pData = buffer;
3800 aes_cbc_param.length = data_len;
3801 mech_derive.mechanism = mechanism;
3802 mech_derive.pParameter = &aes_cbc_param;
3803 mech_derive.ulParameterLen = sizeof(aes_cbc_param);
3804 break;
3805 case CKM_AES_ECB:
3806 /* Not a derivation algorithm */
3807 mech_derive.mechanism = mechanism;
3808 mech_derive.pParameter = NULL;
3809 mech_derive.ulParameterLen = 0;
3810 break;
3811 default:
3812 return rv;
3813 }
3814
3815 /* Don't use VALUE_LEN parameter if key_len passed is 0 */
3816 if (key_len)
3817 rv = C_DeriveKey(session, &mech_derive, parent_key,
3818 derived_key_template,
3819 ARRAY_SIZE(derived_key_template),
3820 derv_key_hdl);
3821 else
3822 /* last attribute in template is the derived key size */
3823 rv = C_DeriveKey(session, &mech_derive, parent_key,
3824 derived_key_template,
3825 ARRAY_SIZE(derived_key_template) - 1,
3826 derv_key_hdl);
3827 return rv;
3828 }
3829
xtest_pkcs11_test_1017(ADBG_Case_t * c)3830 static void xtest_pkcs11_test_1017(ADBG_Case_t *c)
3831 {
3832 CK_RV rv = CKR_GENERAL_ERROR;
3833 CK_SLOT_ID slot = 0;
3834 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
3835 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
3836 CK_OBJECT_HANDLE derv_key_hdl = CK_INVALID_HANDLE;
3837 CK_OBJECT_HANDLE aes_key1 = CK_INVALID_HANDLE;
3838 CK_OBJECT_HANDLE aes_key2 = CK_INVALID_HANDLE;
3839 CK_OBJECT_HANDLE aes_key_enc = CK_INVALID_HANDLE;
3840 size_t data_len = 0;
3841 size_t key_len = 0;
3842 CK_BBOOL g_extract = CK_FALSE;
3843 CK_BBOOL g_sensitive = CK_FALSE;
3844 CK_BBOOL g_nextract = CK_FALSE;
3845 CK_BBOOL g_asensitive = CK_FALSE;
3846 CK_BBOOL g_local = CK_FALSE;
3847 CK_OBJECT_CLASS g_class = CKO_VENDOR_DEFINED;
3848 CK_KEY_TYPE g_key_type = CKK_VENDOR_DEFINED;
3849 uint8_t g_val[516] = { 0 };
3850 CK_ULONG secret_len = 0;
3851 CK_ATTRIBUTE get_template[] = {
3852 { CKA_CLASS, &g_class, sizeof(CK_OBJECT_CLASS) },
3853 { CKA_KEY_TYPE, &g_key_type, sizeof(CK_KEY_TYPE) },
3854 { CKA_EXTRACTABLE, &g_extract, sizeof(CK_BBOOL) },
3855 { CKA_SENSITIVE, &g_sensitive, sizeof(CK_BBOOL) },
3856 { CKA_NEVER_EXTRACTABLE, &g_nextract, sizeof(CK_BBOOL) },
3857 { CKA_ALWAYS_SENSITIVE, &g_asensitive, sizeof(CK_BBOOL) },
3858 { CKA_LOCAL, &g_local, sizeof(CK_BBOOL) },
3859 { CKA_VALUE_LEN, &secret_len, sizeof(secret_len) },
3860 /*
3861 * CKA_VALUE should remain last attribute in template,
3862 * in this test case as we check the length returned
3863 * from last index of the get_template in this test.
3864 */
3865 { CKA_VALUE, g_val, sizeof(g_val) },
3866 };
3867 uint32_t idx = ARRAY_SIZE(get_template) - 1;
3868 CK_ATTRIBUTE parent_template1[] = {
3869 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3870 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3871 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3872 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3873 };
3874 CK_ATTRIBUTE parent_template2[] = {
3875 { CKA_SENSITIVE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3876 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3877 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3878 { CKA_ENCRYPT, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3879 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3880 };
3881 CK_ATTRIBUTE parent_template_wo_derive[] = {
3882 { CKA_SENSITIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3883 { CKA_EXTRACTABLE, &(CK_BBOOL){CK_FALSE}, sizeof(CK_BBOOL) },
3884 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3885 };
3886 CK_ATTRIBUTE parent_template_w_enc_der[] = {
3887 { CKA_VALUE_LEN, &(CK_ULONG){16}, sizeof(CK_ULONG) },
3888 { CKA_ENCRYPT, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3889 { CKA_DERIVE, &(CK_BBOOL){CK_TRUE}, sizeof(CK_BBOOL) },
3890 };
3891
3892 rv = init_lib_and_find_token_slot(&slot);
3893 if (!ADBG_EXPECT_CK_OK(c, rv))
3894 return;
3895
3896 rv = init_test_token(slot);
3897 if (!ADBG_EXPECT_CK_OK(c, rv))
3898 goto close_lib;
3899
3900 rv = init_user_test_token(slot);
3901 if (!ADBG_EXPECT_CK_OK(c, rv))
3902 goto close_lib;
3903
3904 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
3905 if (!ADBG_EXPECT_CK_OK(c, rv))
3906 goto close_lib;
3907
3908 /*
3909 * Parent AES Key 1
3910 * SENSITIVE = TRUE, EXTRACTABLE = FALSE
3911 * ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
3912 */
3913 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
3914 parent_template1, ARRAY_SIZE(parent_template1),
3915 &aes_key1);
3916 if (!ADBG_EXPECT_CK_OK(c, rv))
3917 goto close_session;
3918
3919 /*
3920 * Parent AES Key 2
3921 * SENSITIVE = FALSE, EXTRACTABLE = TRUE
3922 * ALWAYS_SENSITIVE = FALSE, NEVER_EXTRACTABLE = FALSE
3923 */
3924 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
3925 parent_template2, ARRAY_SIZE(parent_template2),
3926 &aes_key2);
3927 if (!ADBG_EXPECT_CK_OK(c, rv))
3928 goto close_session;
3929
3930 Do_ADBG_BeginSubCase(c, "Derive Generic secret - AES-ECB Mechanism");
3931
3932 /*
3933 * Use AES key 1 as Parent key
3934 * 1. VALUE_LEN attribute not given in derivation template. Length
3935 * of key should be same as that of data length.
3936 * 2. Derivation template has SENSITIVE = TRUE, EXTRACTABLE = FALSE
3937 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
3938 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
3939 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
3940 * 3. LOCAL should be false
3941 */
3942 data_len = 512;
3943 key_len = 0;
3944 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
3945 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
3946 CKK_GENERIC_SECRET, CK_TRUE, CK_FALSE);
3947 if (!ADBG_EXPECT_CK_OK(c, rv))
3948 goto out;
3949
3950 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
3951 ARRAY_SIZE(get_template) - 1);
3952 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3953 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, data_len) ||
3954 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
3955 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==,
3956 CKK_GENERIC_SECRET) ||
3957 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
3958 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
3959 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
3960 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_TRUE) ||
3961 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE))
3962 goto out;
3963
3964 rv = C_DestroyObject(session, derv_key_hdl);
3965 if (!ADBG_EXPECT_CK_OK(c, rv))
3966 goto out;
3967
3968 Do_ADBG_EndSubCase(c, NULL);
3969
3970 Do_ADBG_BeginSubCase(c, "Derive AES key using AES-EBC");
3971
3972 /*
3973 * Use AES key 2 as Parent key
3974 * 1. VALUE_LEN < DATA_LEN, Derived key should have VALUE_LEN key size
3975 * 2. Derivation template has SENSITIVE = TRUE, EXTRACTABLE = FALSE
3976 * Parent key has ALWAYS_SENSITIVE = FALSE, NEVER_EXTRACTABLE = FALSE
3977 * So derived key, ALWAYS_SENSITIVE will be FALSE and
3978 * NEVER_EXTRACTABLE will be FALSE
3979 * 3. LOCAL should be false
3980 */
3981 data_len = 32;
3982 key_len = 16;
3983 rv = derive_sym_key(session, aes_key2, CKM_AES_ECB_ENCRYPT_DATA,
3984 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
3985 CKK_AES, CK_TRUE, CK_FALSE);
3986 if (!ADBG_EXPECT_CK_OK(c, rv))
3987 goto out;
3988
3989 /* This being a SENSITIVE object, we can't get the VALUE */
3990 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
3991 ARRAY_SIZE(get_template) - 1);
3992 if (!ADBG_EXPECT_CK_OK(c, rv) ||
3993 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
3994 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
3995 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
3996 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
3997 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_TRUE) ||
3998 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
3999 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4000 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
4001 goto out;
4002
4003 rv = C_DestroyObject(session, derv_key_hdl);
4004 if (!ADBG_EXPECT_CK_OK(c, rv))
4005 goto out;
4006
4007 Do_ADBG_EndSubCase(c, NULL);
4008
4009 Do_ADBG_BeginSubCase(c, "Derive AES key using AES-CBC");
4010
4011 /*
4012 * Use AES key 1 as Parent key
4013 * 1. VALUE_LEN = DATA_LEN, Derived key should have VALUE_LEN key size
4014 * 2. Derivation template has SENSITIVE = FALSE, EXTRACTABLE = FALSE
4015 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4016 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4017 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4018 * 3. LOCAL should be false
4019 */
4020 data_len = 32;
4021 key_len = 32;
4022 rv = derive_sym_key(session, aes_key1, CKM_AES_CBC_ENCRYPT_DATA,
4023 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4024 CKK_AES, CK_FALSE, CK_FALSE);
4025 if (!ADBG_EXPECT_CK_OK(c, rv))
4026 goto out;
4027
4028 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4029 ARRAY_SIZE(get_template) - 1);
4030 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4031 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4032 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4033 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==, CKK_AES) ||
4034 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4035 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
4036 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_FALSE) ||
4037 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4038 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_TRUE))
4039 goto out;
4040
4041 rv = C_DestroyObject(session, derv_key_hdl);
4042 if (!ADBG_EXPECT_CK_OK(c, rv))
4043 goto out;
4044
4045 Do_ADBG_EndSubCase(c, NULL);
4046
4047 Do_ADBG_BeginSubCase(c, "Derive Generic secret key using AES-CBC");
4048 /*
4049 * Use AES key 2 as Parent key
4050 * 1. VALUE_LEN < DATA_LEN, Derived key should have VALUE_LEN key size
4051 * 2. Derivation template has SENSITIVE = FALSE, EXTRACTABLE = TRUE
4052 * Parent key has ALWAYS_SENSITIVE = TRUE, NEVER_EXTRACTABLE = TRUE
4053 * So derived key, ALWAYS_SENSITIVE will be same as SENSITIVE and
4054 * NEVER_EXTRACTABLE will be opposite of EXTRACTABLE
4055 * 3. LOCAL should be false
4056 */
4057 data_len = 512;
4058 key_len = 256;
4059 rv = derive_sym_key(session, aes_key2, CKM_AES_CBC_ENCRYPT_DATA,
4060 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4061 CKK_GENERIC_SECRET, CK_FALSE, CK_TRUE);
4062 if (!ADBG_EXPECT_CK_OK(c, rv))
4063 goto out;
4064
4065 rv = C_GetAttributeValue(session, derv_key_hdl, get_template,
4066 ARRAY_SIZE(get_template));
4067 if (!ADBG_EXPECT_CK_OK(c, rv) ||
4068 !ADBG_EXPECT_COMPARE_UNSIGNED(c, get_template[idx].ulValueLen, ==,
4069 key_len) ||
4070 !ADBG_EXPECT_COMPARE_UNSIGNED(c, secret_len, ==, key_len) ||
4071 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_class, ==, CKO_SECRET_KEY) ||
4072 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_key_type, ==,
4073 CKK_GENERIC_SECRET) ||
4074 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_local, ==, CK_FALSE) ||
4075 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_sensitive, ==, CK_FALSE) ||
4076 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_extract, ==, CK_TRUE) ||
4077 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_asensitive, ==, CK_FALSE) ||
4078 !ADBG_EXPECT_COMPARE_UNSIGNED(c, g_nextract, ==, CK_FALSE))
4079 goto out;
4080
4081 rv = C_DestroyObject(session, derv_key_hdl);
4082 if (!ADBG_EXPECT_CK_OK(c, rv))
4083 goto out;
4084
4085 Do_ADBG_EndSubCase(c, NULL);
4086
4087 Do_ADBG_BeginSubCase(c, "Invalid parameters during derivation");
4088
4089 /* Length of data used for derivation < key length */
4090 data_len = 16;
4091 key_len = 32;
4092 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4093 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4094 CKK_AES, CK_FALSE, CK_TRUE);
4095 if (!ADBG_EXPECT_CK_RESULT(c, CKR_DATA_LEN_RANGE, rv))
4096 goto out;
4097
4098 /* Data is not multiple of 16 */
4099 data_len = 18;
4100 key_len = 32;
4101 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4102 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4103 CKK_AES, CK_FALSE, CK_TRUE);
4104 if (!ADBG_EXPECT_CK_RESULT(c, CKR_DATA_LEN_RANGE, rv))
4105 goto out;
4106
4107 /* Wrong Mechanism */
4108 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB,
4109 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4110 CKK_AES, CK_FALSE, CK_TRUE);
4111 if (!ADBG_EXPECT_CK_RESULT(c, CKR_MECHANISM_INVALID, rv))
4112 goto out;
4113
4114 Do_ADBG_EndSubCase(c, NULL);
4115
4116 Do_ADBG_BeginSubCase(c, "Failure if operation already active");
4117
4118 /* Generate an AES key which can perform Encryption */
4119 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4120 parent_template_w_enc_der,
4121 ARRAY_SIZE(parent_template_w_enc_der),
4122 &aes_key_enc);
4123 if (!ADBG_EXPECT_CK_OK(c, rv))
4124 goto out;
4125
4126 rv = C_EncryptInit(session, &cktest_aes_cbc_mechanism, aes_key_enc);
4127 if (!ADBG_EXPECT_CK_OK(c, rv))
4128 goto out;
4129
4130 data_len = 32;
4131 key_len = 32;
4132 rv = derive_sym_key(session, aes_key2, CKM_AES_ECB_ENCRYPT_DATA,
4133 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4134 CKK_AES, CK_FALSE, CK_TRUE);
4135 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_ACTIVE, rv))
4136 goto out;
4137
4138 rv = C_EncryptFinal(session, NULL, NULL);
4139 /* Only check that the operation is no more active */
4140 if (!ADBG_EXPECT_TRUE(c, rv != CKR_BUFFER_TOO_SMALL))
4141 goto out;
4142
4143 Do_ADBG_EndSubCase(c, NULL);
4144
4145 Do_ADBG_BeginSubCase(c, "Failure if parent key CKA_ENCRYPT is TRUE");
4146
4147 data_len = 32;
4148 key_len = 32;
4149 rv = derive_sym_key(session, aes_key_enc, CKM_AES_ECB_ENCRYPT_DATA,
4150 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4151 CKK_AES, CK_FALSE, CK_TRUE);
4152 /*
4153 * Not strictly expecting FUNCTION_FAILED but expecting a failure
4154 * as we have added a restriction that keys with attribute CKA_ENCRYPT
4155 * set can't be used for derivation.
4156 */
4157 if (!ADBG_EXPECT_CK_RESULT(c, CKR_FUNCTION_FAILED, rv))
4158 goto out;
4159
4160 Do_ADBG_EndSubCase(c, NULL);
4161
4162 Do_ADBG_BeginSubCase(c, "Failure if parent key CKA_DERIVE is FALSE");
4163
4164 rv = C_DestroyObject(session, aes_key1);
4165 if (!ADBG_EXPECT_CK_OK(c, rv))
4166 goto out;
4167
4168 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4169 parent_template_wo_derive,
4170 ARRAY_SIZE(parent_template_wo_derive),
4171 &aes_key1);
4172 if (!ADBG_EXPECT_CK_OK(c, rv))
4173 goto out;
4174
4175 data_len = 32;
4176 key_len = 32;
4177 rv = derive_sym_key(session, aes_key1, CKM_AES_ECB_ENCRYPT_DATA,
4178 data_len, &derv_key_hdl, key_len, CKO_SECRET_KEY,
4179 CKK_AES, CK_FALSE, CK_TRUE);
4180 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_TYPE_INCONSISTENT, rv))
4181 goto out;
4182
4183 out:
4184 Do_ADBG_EndSubCase(c, NULL);
4185
4186 close_session:
4187 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
4188
4189 close_lib:
4190 ADBG_EXPECT_CK_OK(c, close_lib());
4191 }
4192 ADBG_CASE_DEFINE(pkcs11, 1017, xtest_pkcs11_test_1017,
4193 "PKCS11: AES Key Derivation tests");
4194
4195 /* Digest test patterns */
4196 static const char digest_test_pattern[] = "The quick brown fox jumps over the lazy dog";
4197 static const char digest_test_pattern_empty[] = "";
4198
4199 /* MD5 checksums for digest test patterns */
4200 static const uint8_t digest_test_pattern_md5[] = {
4201 0x9e, 0x10, 0x7d, 0x9d, 0x37, 0x2b, 0xb6, 0x82, 0x6b, 0xd8, 0x1d, 0x35,
4202 0x42, 0xa4, 0x19, 0xd6
4203 };
4204 static const uint8_t digest_test_pattern_empty_md5[] = {
4205 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, 0xe9, 0x80, 0x09, 0x98,
4206 0xec, 0xf8, 0x42, 0x7e
4207 };
4208
4209 /* SHA-1 checksums for digest test patterns */
4210 static const uint8_t digest_test_pattern_sha1[] = {
4211 0x2f, 0xd4, 0xe1, 0xc6, 0x7a, 0x2d, 0x28, 0xfc, 0xed, 0x84, 0x9e, 0xe1,
4212 0xbb, 0x76, 0xe7, 0x39, 0x1b, 0x93, 0xeb, 0x12
4213 };
4214 static const uint8_t digest_test_pattern_empty_sha1[] = {
4215 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55, 0xbf, 0xef,
4216 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09
4217 };
4218
4219 /* SHA-224 checksums for digest test patterns */
4220 static const uint8_t digest_test_pattern_sha224[] = {
4221 0x73, 0x0e, 0x10, 0x9b, 0xd7, 0xa8, 0xa3, 0x2b, 0x1c, 0xb9, 0xd9, 0xa0,
4222 0x9a, 0xa2, 0x32, 0x5d, 0x24, 0x30, 0x58, 0x7d, 0xdb, 0xc0, 0xc3, 0x8b,
4223 0xad, 0x91, 0x15, 0x25
4224 };
4225 static const uint8_t digest_test_pattern_empty_sha224[] = {
4226 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47, 0x61, 0x02, 0xbb,
4227 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
4228 0xc5, 0xb3, 0xe4, 0x2f
4229 };
4230
4231 /* SHA-256 checksums for digest test patterns */
4232 static const uint8_t digest_test_pattern_sha256[] = {
4233 0xd7, 0xa8, 0xfb, 0xb3, 0x07, 0xd7, 0x80, 0x94, 0x69, 0xca, 0x9a, 0xbc,
4234 0xb0, 0x08, 0x2e, 0x4f, 0x8d, 0x56, 0x51, 0xe4, 0x6d, 0x3c, 0xdb, 0x76,
4235 0x2d, 0x02, 0xd0, 0xbf, 0x37, 0xc9, 0xe5, 0x92
4236 };
4237 static const uint8_t digest_test_pattern_empty_sha256[] = {
4238 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
4239 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
4240 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
4241 };
4242
4243 /* SHA-384 checksums for digest test patterns */
4244 static const uint8_t digest_test_pattern_sha384[] = {
4245 0xca, 0x73, 0x7f, 0x10, 0x14, 0xa4, 0x8f, 0x4c, 0x0b, 0x6d, 0xd4, 0x3c,
4246 0xb1, 0x77, 0xb0, 0xaf, 0xd9, 0xe5, 0x16, 0x93, 0x67, 0x54, 0x4c, 0x49,
4247 0x40, 0x11, 0xe3, 0x31, 0x7d, 0xbf, 0x9a, 0x50, 0x9c, 0xb1, 0xe5, 0xdc,
4248 0x1e, 0x85, 0xa9, 0x41, 0xbb, 0xee, 0x3d, 0x7f, 0x2a, 0xfb, 0xc9, 0xb1
4249 };
4250 static const uint8_t digest_test_pattern_empty_sha384[] = {
4251 0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e,
4252 0xb1, 0xb1, 0xe3, 0x6a, 0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43,
4253 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, 0x27, 0x4e, 0xde, 0xbf,
4254 0xe7, 0x6f, 0x65, 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b
4255 };
4256
4257 /* SHA-512 checksums for digest test patterns */
4258 static const uint8_t digest_test_pattern_sha512[] = {
4259 0x07, 0xe5, 0x47, 0xd9, 0x58, 0x6f, 0x6a, 0x73, 0xf7, 0x3f, 0xba, 0xc0,
4260 0x43, 0x5e, 0xd7, 0x69, 0x51, 0x21, 0x8f, 0xb7, 0xd0, 0xc8, 0xd7, 0x88,
4261 0xa3, 0x09, 0xd7, 0x85, 0x43, 0x6b, 0xbb, 0x64, 0x2e, 0x93, 0xa2, 0x52,
4262 0xa9, 0x54, 0xf2, 0x39, 0x12, 0x54, 0x7d, 0x1e, 0x8a, 0x3b, 0x5e, 0xd6,
4263 0xe1, 0xbf, 0xd7, 0x09, 0x78, 0x21, 0x23, 0x3f, 0xa0, 0x53, 0x8f, 0x3d,
4264 0xb8, 0x54, 0xfe, 0xe6
4265 };
4266 static const uint8_t digest_test_pattern_empty_sha512[] = {
4267 0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, 0xf1, 0x54, 0x28, 0x50,
4268 0xd6, 0x6d, 0x80, 0x07, 0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
4269 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, 0x47, 0xd0, 0xd1, 0x3c,
4270 0x5d, 0x85, 0xf2, 0xb0, 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
4271 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, 0xa5, 0x38, 0x32, 0x7a,
4272 0xf9, 0x27, 0xda, 0x3e
4273 };
4274
4275 #define DIGEST_TEST(_test_name, _mecha, _data, _digest) \
4276 { \
4277 .test_name = _test_name, \
4278 .mecha = _mecha, \
4279 .data = _data, \
4280 .data_size = sizeof(_data) - 1, \
4281 .digest = _digest, \
4282 .digest_size = sizeof(_digest) \
4283 }
4284
4285 /* Digest simple test suite */
4286 static struct {
4287 const char *test_name;
4288 CK_MECHANISM_TYPE mecha;
4289 const void *data;
4290 CK_ULONG data_size;
4291 const uint8_t *digest;
4292 CK_ULONG digest_size;
4293 } digest_test_patterns[] = {
4294 DIGEST_TEST("CKM_MD5/empty", CKM_MD5, digest_test_pattern_empty,
4295 digest_test_pattern_empty_md5),
4296 DIGEST_TEST("CKM_MD5/test pattern", CKM_MD5, digest_test_pattern,
4297 digest_test_pattern_md5),
4298 DIGEST_TEST("CKM_SHA_1/empty", CKM_SHA_1, digest_test_pattern_empty,
4299 digest_test_pattern_empty_sha1),
4300 DIGEST_TEST("CKM_SHA_1/test pattern", CKM_SHA_1, digest_test_pattern,
4301 digest_test_pattern_sha1),
4302 DIGEST_TEST("CKM_SHA224/empty", CKM_SHA224, digest_test_pattern_empty,
4303 digest_test_pattern_empty_sha224),
4304 DIGEST_TEST("CKM_SHA224/test pattern", CKM_SHA224, digest_test_pattern,
4305 digest_test_pattern_sha224),
4306 DIGEST_TEST("CKM_SHA256/empty", CKM_SHA256, digest_test_pattern_empty,
4307 digest_test_pattern_empty_sha256),
4308 DIGEST_TEST("CKM_SHA256/test pattern", CKM_SHA256, digest_test_pattern,
4309 digest_test_pattern_sha256),
4310 DIGEST_TEST("CKM_SHA384/empty", CKM_SHA384, digest_test_pattern_empty,
4311 digest_test_pattern_empty_sha384),
4312 DIGEST_TEST("CKM_SHA384/test pattern", CKM_SHA384, digest_test_pattern,
4313 digest_test_pattern_sha384),
4314 DIGEST_TEST("CKM_SHA512/empty", CKM_SHA512, digest_test_pattern_empty,
4315 digest_test_pattern_empty_sha512),
4316 DIGEST_TEST("CKM_SHA512/test pattern", CKM_SHA512, digest_test_pattern,
4317 digest_test_pattern_sha512),
4318 };
4319
4320 static CK_ATTRIBUTE digest_generate_aes_object[] = {
4321 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
4322 sizeof(CK_OBJECT_CLASS) },
4323 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_AES }, sizeof(CK_KEY_TYPE) },
4324 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4325 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4326 { CKA_SENSITIVE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4327 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
4328 { CKA_VALUE_LEN, &(CK_ULONG){ 16 }, sizeof(CK_ULONG) },
4329 };
4330
4331 static CK_ATTRIBUTE digest_generate_gensecret_object[] = {
4332 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_SECRET_KEY },
4333 sizeof(CK_OBJECT_CLASS) },
4334 { CKA_KEY_TYPE, &(CK_KEY_TYPE){ CKK_GENERIC_SECRET },
4335 sizeof(CK_KEY_TYPE) },
4336 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4337 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4338 { CKA_SENSITIVE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4339 { CKA_EXTRACTABLE, &(CK_BBOOL){ CK_TRUE }, sizeof(CK_BBOOL) },
4340 { CKA_VALUE_LEN, &(CK_ULONG){ 32 }, sizeof(CK_ULONG) },
4341 };
4342
4343 static CK_ATTRIBUTE digest_data_object[] = {
4344 { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_DATA },
4345 sizeof(CK_OBJECT_CLASS) },
4346 { CKA_TOKEN, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4347 { CKA_PRIVATE, &(CK_BBOOL){ CK_FALSE }, sizeof(CK_BBOOL) },
4348 };
4349
xtest_pkcs11_test_1018(ADBG_Case_t * c)4350 static void xtest_pkcs11_test_1018(ADBG_Case_t *c)
4351 {
4352 CK_RV rv = CKR_GENERAL_ERROR;
4353 CK_SLOT_ID slot = 0;
4354 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
4355 CK_FLAGS session_flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
4356 bool logged_in = false;
4357 uint8_t data[128] = { 0 };
4358 CK_ULONG data_size = 0;
4359 uint8_t digest[64] = { 0 };
4360 CK_ULONG digest_size = 0;
4361 const uint8_t *expect_digest = NULL;
4362 CK_ULONG expect_digest_size = 0;
4363 CK_MECHANISM mechanism = { CKM_MD5, NULL, 0 };
4364 uint8_t secret_data[128] = { 0 };
4365 CK_ULONG secret_data_size __maybe_unused = 0;
4366 CK_ATTRIBUTE digest_get_secret_value[] = {
4367 { CKA_VALUE, &secret_data, sizeof(secret_data) },
4368 };
4369 CK_OBJECT_HANDLE key_handle = CK_INVALID_HANDLE;
4370 #ifdef OPENSSL_FOUND
4371 EVP_MD_CTX *mdctx = NULL;
4372 unsigned char hash[EVP_MAX_MD_SIZE] = { 0 };
4373 unsigned int md_len = 0;
4374 int ret = 0;
4375 #endif
4376 size_t i = 0;
4377
4378 rv = init_lib_and_find_token_slot(&slot);
4379 if (!ADBG_EXPECT_CK_OK(c, rv))
4380 return;
4381
4382 rv = init_test_token(slot);
4383 if (!ADBG_EXPECT_CK_OK(c, rv))
4384 goto close_lib;
4385
4386 rv = init_user_test_token(slot);
4387 if (!ADBG_EXPECT_CK_OK(c, rv))
4388 goto close_lib;
4389
4390 rv = C_OpenSession(slot, session_flags, NULL, 0, &session);
4391 if (!ADBG_EXPECT_CK_OK(c, rv))
4392 goto close_lib;
4393
4394 /* Test out simple successful cases with init+update+final*/
4395 for (i = 0; i < ARRAY_SIZE(digest_test_patterns); i++) {
4396 Do_ADBG_BeginSubCase(c, "Simple digest tests - update - %s",
4397 digest_test_patterns[i].test_name);
4398
4399 mechanism.mechanism = digest_test_patterns[i].mecha;
4400 memset(data, 0xCC, sizeof(data));
4401 memset(digest, 0xCC, sizeof(digest));
4402 digest_size = sizeof(digest);
4403
4404 memcpy(data, digest_test_patterns[i].data,
4405 digest_test_patterns[i].data_size);
4406 data_size = digest_test_patterns[i].data_size;
4407
4408 expect_digest = digest_test_patterns[i].digest;
4409 expect_digest_size = digest_test_patterns[i].digest_size;
4410
4411 rv = C_DigestInit(session, &mechanism);
4412 if (!ADBG_EXPECT_CK_OK(c, rv))
4413 goto out;
4414
4415 rv = C_DigestUpdate(session, data, data_size);
4416 if (!ADBG_EXPECT_CK_OK(c, rv))
4417 goto out;
4418
4419 rv = C_DigestFinal(session, digest, &digest_size);
4420 if (!ADBG_EXPECT_CK_OK(c, rv))
4421 goto out;
4422
4423 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4424 digest, digest_size))
4425 goto out;
4426
4427 /* Verify that end of buffer is still 0xCC */
4428 for (i = expect_digest_size; i < sizeof(digest); i++)
4429 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest[i], ==,
4430 0xCC))
4431 goto out;
4432
4433 Do_ADBG_EndSubCase(c, NULL);
4434 }
4435
4436 /* Test out simple successful cases */
4437 for (i = 0; i < ARRAY_SIZE(digest_test_patterns); i++) {
4438 Do_ADBG_BeginSubCase(c, "Simple digest tests - oneshot - %s",
4439 digest_test_patterns[i].test_name);
4440
4441 mechanism.mechanism = digest_test_patterns[i].mecha;
4442 memset(data, 0xCC, sizeof(data));
4443 memset(digest, 0xCC, sizeof(digest));
4444 digest_size = sizeof(digest);
4445
4446 memcpy(data, digest_test_patterns[i].data,
4447 digest_test_patterns[i].data_size);
4448 data_size = digest_test_patterns[i].data_size;
4449
4450 expect_digest = digest_test_patterns[i].digest;
4451 expect_digest_size = digest_test_patterns[i].digest_size;
4452
4453 rv = C_DigestInit(session, &mechanism);
4454 if (!ADBG_EXPECT_CK_OK(c, rv))
4455 goto out;
4456
4457 rv = C_Digest(session, data, data_size, digest, &digest_size);
4458 if (!ADBG_EXPECT_CK_OK(c, rv))
4459 goto out;
4460
4461 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4462 digest, digest_size))
4463 goto out;
4464
4465 /* Verify that end of buffer is still 0xCC */
4466 for (i = expect_digest_size; i < sizeof(digest); i++)
4467 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest[i], ==,
4468 0xCC))
4469 goto out;
4470
4471 Do_ADBG_EndSubCase(c, NULL);
4472 }
4473
4474 /* Test out key updates */
4475
4476 Do_ADBG_BeginSubCase(c, "Simple digest tests - AES key update - SHA-256");
4477
4478 /* Login to Test Token */
4479 rv = C_Login(session, CKU_USER, test_token_user_pin,
4480 sizeof(test_token_user_pin));
4481 if (!ADBG_EXPECT_CK_OK(c, rv))
4482 goto out;
4483
4484 logged_in = true;
4485
4486 /* Generate AES key */
4487 rv = C_GenerateKey(session, &cktest_aes_keygen_mechanism,
4488 digest_generate_aes_object,
4489 ARRAY_SIZE(digest_generate_aes_object),
4490 &key_handle);
4491 if (!ADBG_EXPECT_CK_OK(c, rv))
4492 goto out;
4493
4494 memset(secret_data, 0xCC, sizeof(data));
4495 digest_get_secret_value[0].ulValueLen = sizeof(secret_data);
4496
4497 /* Get value of generated secret for verification purposes */
4498 rv = C_GetAttributeValue(session, key_handle, digest_get_secret_value,
4499 ARRAY_SIZE(digest_get_secret_value));
4500 if (!ADBG_EXPECT_CK_OK(c, rv))
4501 goto out;
4502
4503 secret_data_size = digest_get_secret_value[0].ulValueLen;
4504
4505 /* Calculate digest with PKCS11 */
4506 mechanism.mechanism = CKM_SHA256;
4507
4508 memset(data, 0xCC, sizeof(data));
4509 memset(digest, 0xCC, sizeof(digest));
4510 digest_size = sizeof(digest);
4511
4512 memcpy(data, digest_test_patterns[0].data,
4513 digest_test_patterns[0].data_size);
4514 data_size = digest_test_patterns[0].data_size;
4515
4516 rv = C_DigestInit(session, &mechanism);
4517 if (!ADBG_EXPECT_CK_OK(c, rv))
4518 goto out;
4519
4520 rv = C_DigestUpdate(session, data, data_size);
4521 if (!ADBG_EXPECT_CK_OK(c, rv))
4522 goto out;
4523
4524 rv = C_DigestKey(session, key_handle);
4525 if (!ADBG_EXPECT_CK_OK(c, rv))
4526 goto out;
4527
4528 rv = C_DigestFinal(session, digest, &digest_size);
4529 if (!ADBG_EXPECT_CK_OK(c, rv))
4530 goto out;
4531
4532 /* Verify digest with openssl */
4533 #ifdef OPENSSL_FOUND
4534 mdctx = EVP_MD_CTX_create();
4535 if (!ADBG_EXPECT_NOT_NULL(c, mdctx))
4536 goto out;
4537 ret = EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
4538 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4539 goto out;
4540 ret = EVP_DigestUpdate(mdctx, data, data_size);
4541 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4542 goto out;
4543 ret = EVP_DigestUpdate(mdctx, secret_data, secret_data_size);
4544 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4545 goto out;
4546 ret = EVP_DigestFinal_ex(mdctx, hash, &md_len);
4547 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4548 goto out;
4549 EVP_MD_CTX_destroy(mdctx);
4550 mdctx = NULL;
4551
4552 if (!ADBG_EXPECT_BUFFER(c, hash, md_len, digest, digest_size))
4553 goto out;
4554 #else
4555 Do_ADBG_Log("OpenSSL not available, skipping C_DigestKey verification");
4556 #endif
4557
4558 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4559 key_handle = CK_INVALID_HANDLE;
4560
4561 Do_ADBG_EndSubCase(c, NULL);
4562
4563 Do_ADBG_BeginSubCase(c, "Simple digest tests - generic secret key update - SHA-256");
4564
4565 /* Generate generic secret key */
4566 rv = C_GenerateKey(session, &cktest_gensecret_keygen_mechanism,
4567 digest_generate_gensecret_object,
4568 ARRAY_SIZE(digest_generate_gensecret_object),
4569 &key_handle);
4570 if (!ADBG_EXPECT_CK_OK(c, rv))
4571 goto out;
4572
4573 memset(secret_data, 0xCC, sizeof(data));
4574 digest_get_secret_value[0].ulValueLen = sizeof(secret_data);
4575
4576 /* Get value of generated secret for verification purposes */
4577 rv = C_GetAttributeValue(session, key_handle, digest_get_secret_value,
4578 ARRAY_SIZE(digest_get_secret_value));
4579 if (!ADBG_EXPECT_CK_OK(c, rv))
4580 goto out;
4581
4582 secret_data_size = digest_get_secret_value[0].ulValueLen;
4583
4584 /* Calculate digest with PKCS11 */
4585 mechanism.mechanism = CKM_SHA256;
4586
4587 memset(data, 0xCC, sizeof(data));
4588 memset(digest, 0xCC, sizeof(digest));
4589 digest_size = sizeof(digest);
4590
4591 memcpy(data, digest_test_patterns[0].data,
4592 digest_test_patterns[0].data_size);
4593 data_size = digest_test_patterns[0].data_size;
4594
4595 rv = C_DigestInit(session, &mechanism);
4596 if (!ADBG_EXPECT_CK_OK(c, rv))
4597 goto out;
4598
4599 rv = C_DigestUpdate(session, data, data_size);
4600 if (!ADBG_EXPECT_CK_OK(c, rv))
4601 goto out;
4602
4603 rv = C_DigestKey(session, key_handle);
4604 if (!ADBG_EXPECT_CK_OK(c, rv))
4605 goto out;
4606
4607 rv = C_DigestFinal(session, digest, &digest_size);
4608 if (!ADBG_EXPECT_CK_OK(c, rv))
4609 goto out;
4610
4611 /* Verify digest with openssl */
4612 #ifdef OPENSSL_FOUND
4613 mdctx = EVP_MD_CTX_create();
4614 if (!ADBG_EXPECT_NOT_NULL(c, mdctx))
4615 goto out;
4616 ret = EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
4617 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4618 goto out;
4619 ret = EVP_DigestUpdate(mdctx, data, data_size);
4620 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4621 goto out;
4622 ret = EVP_DigestUpdate(mdctx, secret_data, secret_data_size);
4623 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4624 goto out;
4625 ret = EVP_DigestFinal_ex(mdctx, hash, &md_len);
4626 if (!ADBG_EXPECT_COMPARE_SIGNED(c, ret, ==, 1))
4627 goto out;
4628 EVP_MD_CTX_destroy(mdctx);
4629 mdctx = NULL;
4630
4631 if (!ADBG_EXPECT_BUFFER(c, hash, md_len, digest, digest_size))
4632 goto out;
4633 #else
4634 Do_ADBG_Log("OpenSSL not available, skipping C_DigestKey verification");
4635 #endif
4636
4637 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4638 key_handle = CK_INVALID_HANDLE;
4639
4640 Do_ADBG_EndSubCase(c, NULL);
4641
4642 Do_ADBG_BeginSubCase(c, "Query digest size - C_DigestFinal");
4643
4644 mechanism.mechanism = digest_test_patterns[0].mecha;
4645
4646 memset(data, 0xCC, sizeof(data));
4647 memset(digest, 0xCC, sizeof(digest));
4648 digest_size = 0;
4649
4650 memcpy(data, digest_test_patterns[0].data,
4651 digest_test_patterns[0].data_size);
4652 data_size = digest_test_patterns[0].data_size;
4653
4654 expect_digest = digest_test_patterns[0].digest;
4655 expect_digest_size = digest_test_patterns[0].digest_size;
4656
4657 rv = C_DigestInit(session, &mechanism);
4658 if (!ADBG_EXPECT_CK_OK(c, rv))
4659 goto out;
4660
4661 rv = C_DigestUpdate(session, data, data_size);
4662 if (!ADBG_EXPECT_CK_OK(c, rv))
4663 goto out;
4664
4665 rv = C_DigestFinal(session, NULL, &digest_size);
4666 if (!ADBG_EXPECT_CK_OK(c, rv))
4667 goto out;
4668
4669 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==,
4670 expect_digest_size))
4671 goto out;
4672
4673 rv = C_DigestFinal(session, digest, &digest_size);
4674 if (!ADBG_EXPECT_CK_OK(c, rv))
4675 goto out;
4676
4677 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4678 digest, digest_size))
4679 goto out;
4680
4681 Do_ADBG_EndSubCase(c, NULL);
4682
4683 Do_ADBG_BeginSubCase(c, "Query digest size - C_Digest");
4684
4685 mechanism.mechanism = digest_test_patterns[0].mecha;
4686
4687 memset(data, 0xCC, sizeof(data));
4688 memset(digest, 0xCC, sizeof(digest));
4689 digest_size = 0;
4690
4691 memcpy(data, digest_test_patterns[0].data,
4692 digest_test_patterns[0].data_size);
4693 data_size = digest_test_patterns[0].data_size;
4694
4695 expect_digest = digest_test_patterns[0].digest;
4696 expect_digest_size = digest_test_patterns[0].digest_size;
4697
4698 rv = C_DigestInit(session, &mechanism);
4699 if (!ADBG_EXPECT_CK_OK(c, rv))
4700 goto out;
4701
4702 rv = C_Digest(session, data, data_size, NULL, &digest_size);
4703 if (!ADBG_EXPECT_CK_OK(c, rv))
4704 goto out;
4705
4706 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==,
4707 expect_digest_size))
4708 goto out;
4709
4710 rv = C_Digest(session, data, data_size, digest, &digest_size);
4711 if (!ADBG_EXPECT_CK_OK(c, rv))
4712 goto out;
4713
4714 if (!ADBG_EXPECT_BUFFER(c, expect_digest, expect_digest_size,
4715 digest, digest_size))
4716 goto out;
4717
4718 Do_ADBG_EndSubCase(c, NULL);
4719
4720 Do_ADBG_BeginSubCase(c, "Query digest size - buffer too small");
4721
4722 mechanism.mechanism = CKM_SHA256;
4723
4724 memset(data, 0xCC, sizeof(data));
4725 memset(digest, 0xCC, sizeof(digest));
4726 digest_size = 0;
4727
4728 memcpy(data, digest_test_patterns[0].data,
4729 digest_test_patterns[0].data_size);
4730 data_size = digest_test_patterns[0].data_size;
4731
4732 rv = C_DigestInit(session, &mechanism);
4733 if (!ADBG_EXPECT_CK_OK(c, rv))
4734 goto out;
4735
4736 rv = C_DigestUpdate(session, data, data_size);
4737 if (!ADBG_EXPECT_CK_OK(c, rv))
4738 goto out;
4739
4740 rv = C_DigestFinal(session, digest, &digest_size);
4741 if (!ADBG_EXPECT_CK_RESULT(c, CKR_BUFFER_TOO_SMALL, rv))
4742 goto out;
4743
4744 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, digest_size, ==, 32))
4745 goto out;
4746
4747 rv = C_DigestFinal(session, digest, &digest_size);
4748 if (!ADBG_EXPECT_CK_OK(c, rv))
4749 goto out;
4750
4751 Do_ADBG_EndSubCase(c, NULL);
4752
4753 /* Test bad arguments & operation terminations */
4754
4755 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestUpdate");
4756
4757 mechanism.mechanism = CKM_SHA256;
4758
4759 memset(data, 0xCC, sizeof(data));
4760 memset(digest, 0xCC, sizeof(digest));
4761 digest_size = sizeof(digest);
4762
4763 memcpy(data, digest_test_patterns[0].data,
4764 digest_test_patterns[0].data_size);
4765 data_size = digest_test_patterns[0].data_size;
4766
4767 rv = C_DigestInit(session, &mechanism);
4768 if (!ADBG_EXPECT_CK_OK(c, rv))
4769 goto out;
4770
4771 rv = C_DigestUpdate(session, NULL, 10);
4772 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4773 goto out;
4774
4775 rv = C_DigestUpdate(session, data, data_size);
4776 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4777 goto out;
4778
4779 Do_ADBG_EndSubCase(c, NULL);
4780
4781 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with NULL digest");
4782
4783 mechanism.mechanism = CKM_SHA256;
4784
4785 memset(data, 0xCC, sizeof(data));
4786 memset(digest, 0xCC, sizeof(digest));
4787 digest_size = sizeof(digest);
4788
4789 memcpy(data, digest_test_patterns[0].data,
4790 digest_test_patterns[0].data_size);
4791 data_size = digest_test_patterns[0].data_size;
4792
4793 rv = C_DigestInit(session, &mechanism);
4794 if (!ADBG_EXPECT_CK_OK(c, rv))
4795 goto out;
4796
4797 rv = C_DigestUpdate(session, data, data_size);
4798 if (!ADBG_EXPECT_CK_OK(c, rv))
4799 goto out;
4800
4801 rv = C_DigestFinal(session, NULL, NULL);
4802 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4803 goto out;
4804
4805 rv = C_DigestFinal(session, digest, &digest_size);
4806 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4807 goto out;
4808
4809 Do_ADBG_EndSubCase(c, NULL);
4810
4811 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with digest but NULL size");
4812
4813 mechanism.mechanism = CKM_SHA256;
4814
4815 memset(data, 0xCC, sizeof(data));
4816 memset(digest, 0xCC, sizeof(digest));
4817 digest_size = sizeof(digest);
4818
4819 memcpy(data, digest_test_patterns[0].data,
4820 digest_test_patterns[0].data_size);
4821 data_size = digest_test_patterns[0].data_size;
4822
4823 rv = C_DigestInit(session, &mechanism);
4824 if (!ADBG_EXPECT_CK_OK(c, rv))
4825 goto out;
4826
4827 rv = C_DigestUpdate(session, data, data_size);
4828 if (!ADBG_EXPECT_CK_OK(c, rv))
4829 goto out;
4830
4831 rv = C_DigestFinal(session, digest, NULL);
4832 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4833 goto out;
4834
4835 rv = C_DigestFinal(session, digest, &digest_size);
4836 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4837 goto out;
4838
4839 Do_ADBG_EndSubCase(c, NULL);
4840
4841 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_Digest with NULL data but non-zero size");
4842
4843 mechanism.mechanism = CKM_SHA256;
4844
4845 memset(data, 0xCC, sizeof(data));
4846 memset(digest, 0xCC, sizeof(digest));
4847 digest_size = sizeof(digest);
4848
4849 memcpy(data, digest_test_patterns[0].data,
4850 digest_test_patterns[0].data_size);
4851 data_size = digest_test_patterns[0].data_size;
4852
4853 rv = C_DigestInit(session, &mechanism);
4854 if (!ADBG_EXPECT_CK_OK(c, rv))
4855 goto out;
4856
4857 rv = C_Digest(session, NULL, 10, digest, &digest_size);
4858 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4859 goto out;
4860
4861 rv = C_Digest(session, data, data_size, digest, &digest_size);
4862 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4863 goto out;
4864
4865 Do_ADBG_EndSubCase(c, NULL);
4866
4867 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_Digest with NULL digest");
4868
4869 mechanism.mechanism = CKM_SHA256;
4870
4871 memset(data, 0xCC, sizeof(data));
4872 memset(digest, 0xCC, sizeof(digest));
4873 digest_size = sizeof(digest);
4874
4875 memcpy(data, digest_test_patterns[0].data,
4876 digest_test_patterns[0].data_size);
4877 data_size = digest_test_patterns[0].data_size;
4878
4879 rv = C_DigestInit(session, &mechanism);
4880 if (!ADBG_EXPECT_CK_OK(c, rv))
4881 goto out;
4882
4883 rv = C_Digest(session, data, data_size, NULL, NULL);
4884 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4885 goto out;
4886
4887 rv = C_Digest(session, data, data_size, digest, &digest_size);
4888 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4889 goto out;
4890
4891 Do_ADBG_EndSubCase(c, NULL);
4892
4893 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestFinal with digest but NULL size");
4894
4895 mechanism.mechanism = CKM_SHA256;
4896
4897 memset(data, 0xCC, sizeof(data));
4898 memset(digest, 0xCC, sizeof(digest));
4899 digest_size = sizeof(digest);
4900
4901 memcpy(data, digest_test_patterns[0].data,
4902 digest_test_patterns[0].data_size);
4903 data_size = digest_test_patterns[0].data_size;
4904
4905 rv = C_DigestInit(session, &mechanism);
4906 if (!ADBG_EXPECT_CK_OK(c, rv))
4907 goto out;
4908
4909 rv = C_Digest(session, data, data_size, digest, NULL);
4910 if (!ADBG_EXPECT_CK_RESULT(c, CKR_ARGUMENTS_BAD, rv))
4911 goto out;
4912
4913 rv = C_Digest(session, data, data_size, digest, &digest_size);
4914 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4915 goto out;
4916
4917 Do_ADBG_EndSubCase(c, NULL);
4918
4919 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestKey with invalid key handle");
4920
4921 rv = C_CreateObject(session, digest_data_object,
4922 ARRAY_SIZE(digest_data_object), &key_handle);
4923 if (!ADBG_EXPECT_CK_OK(c, rv))
4924 goto out;
4925
4926 mechanism.mechanism = CKM_SHA256;
4927
4928 memset(data, 0xCC, sizeof(data));
4929 memset(digest, 0xCC, sizeof(digest));
4930 digest_size = sizeof(digest);
4931
4932 memcpy(data, digest_test_patterns[0].data,
4933 digest_test_patterns[0].data_size);
4934 data_size = digest_test_patterns[0].data_size;
4935
4936 rv = C_DigestInit(session, &mechanism);
4937 if (!ADBG_EXPECT_CK_OK(c, rv))
4938 goto out;
4939
4940 rv = C_DigestKey(session, 9999);
4941 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_HANDLE_INVALID, rv))
4942 goto out;
4943
4944 rv = C_DigestKey(session, key_handle);
4945 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4946 goto out;
4947
4948 Do_ADBG_EndSubCase(c, NULL);
4949
4950 Do_ADBG_BeginSubCase(c, "Test bad arguments - C_DigestKey with non-secret key type");
4951
4952 mechanism.mechanism = CKM_SHA256;
4953
4954 memset(data, 0xCC, sizeof(data));
4955 memset(digest, 0xCC, sizeof(digest));
4956 digest_size = sizeof(digest);
4957
4958 memcpy(data, digest_test_patterns[0].data,
4959 digest_test_patterns[0].data_size);
4960 data_size = digest_test_patterns[0].data_size;
4961
4962 rv = C_DigestInit(session, &mechanism);
4963 if (!ADBG_EXPECT_CK_OK(c, rv))
4964 goto out;
4965
4966 rv = C_DigestKey(session, key_handle);
4967 if (!ADBG_EXPECT_CK_RESULT(c, CKR_KEY_INDIGESTIBLE, rv))
4968 goto out;
4969
4970 rv = C_DigestKey(session, key_handle);
4971 if (!ADBG_EXPECT_CK_RESULT(c, CKR_OPERATION_NOT_INITIALIZED, rv))
4972 goto out;
4973
4974 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4975 key_handle = CK_INVALID_HANDLE;
4976
4977 out:
4978 #ifdef OPENSSL_FOUND
4979 if (!ADBG_EXPECT_POINTER(c, NULL, mdctx)) {
4980 Do_ADBG_Log("Unexpected failure in openssl functions: %d",
4981 ret);
4982 EVP_MD_CTX_destroy(mdctx);
4983 }
4984 #endif
4985
4986 Do_ADBG_EndSubCase(c, NULL);
4987
4988 if (logged_in)
4989 ADBG_EXPECT_CK_OK(c, C_Logout(session));
4990
4991 if (key_handle != CK_INVALID_HANDLE) {
4992 ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, key_handle));
4993 key_handle = CK_INVALID_HANDLE;
4994 }
4995
4996 ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
4997
4998 close_lib:
4999 ADBG_EXPECT_CK_OK(c, close_lib());
5000 }
5001 ADBG_CASE_DEFINE(pkcs11, 1018, xtest_pkcs11_test_1018,
5002 "PKCS11: Digest tests");
5003