diff options
-rw-r--r-- | doc/pkcs11-coverage.txt | 37 | ||||
-rw-r--r-- | src/Makefile.am | 1 | ||||
-rw-r--r-- | src/check.c | 2 | ||||
-rw-r--r-- | src/p11-tests.c | 1 | ||||
-rw-r--r-- | src/p11-tests.h | 31 | ||||
-rw-r--r-- | src/session.c | 165 | ||||
-rw-r--r-- | src/slot.c | 8 |
7 files changed, 233 insertions, 12 deletions
diff --git a/doc/pkcs11-coverage.txt b/doc/pkcs11-coverage.txt index 538d487..b864f49 100644 --- a/doc/pkcs11-coverage.txt +++ b/doc/pkcs11-coverage.txt @@ -6,6 +6,18 @@ This is the test coverage of the p11-tests tool of the PKCS#11 interface. We're anxious to complete this, if you have patches please do contribute. +C_CloseAllSessions +- Invalid slot id +- Normal call +- Check open session was closed +- Call when no sessions open + +C_CloseSession +- Invalid session +- Normal call +- Check open session was closed +- Close twice + C_Finalize - Normal call - Double finalize in a row @@ -32,6 +44,14 @@ C_GetMechanismList - Zero count but buffer present - Low count but buffer present +C_GetSessionInfo +- Invalid session +- NULL arguments +- Valid call +- Valid slot id +- Valid state for session +- Valid flags for session + C_GetSlotInfo - NULL argument - Normal call @@ -54,6 +74,12 @@ C_GetTokenInfo - Validate token time when CKF_CLOCK_ON_TOKEN - Calling on slot without token +C_InitPIN +- Not Implemented + +C_InitToken +- Not Implemented + C_Initialize - Normal call - Locking: no threads @@ -65,6 +91,17 @@ C_Initialize - Multiple initialize with C_Finalize between - Double initialize in a row +C_OpenSession +- Invalid slot +- Null arguments +- No flags +- Without serial flag +- Valid flags +- Read write session + +C_SetPIN +- Not Implemented + C_WaitForSlotEvent - Not Implemented diff --git a/src/Makefile.am b/src/Makefile.am index ee3290a..49a9801 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -8,5 +8,6 @@ p11_tests_SOURCES = \ module.c \ msg.c \ p11-tests.c \ + session.c \ slot.c diff --git a/src/check.c b/src/check.c index a72cf87..e8bc31f 100644 --- a/src/check.c +++ b/src/check.c @@ -71,7 +71,7 @@ p11t_check_mask(const char *message, CK_ULONG flags, CK_ULONG mask) int p11t_check_flag(const char *message, CK_ULONG flags, CK_ULONG flag) { - if((flags & flag) == 0) + if((flags & flag) == flag) { p11t_msg_print("%s: flag 0x%08x should be set in: 0x%08x", message, flag, flags); diff --git a/src/p11-tests.c b/src/p11-tests.c index 2adf6e9..a77ccea 100644 --- a/src/p11-tests.c +++ b/src/p11-tests.c @@ -40,6 +40,7 @@ main(int argc, char* argv[]) p11t_module_initialize(argc == 2 ? argv[1] : NULL); p11t_slot_tests(); + p11t_session_tests(); /* Remaining module tests */ p11t_module_finalize(); diff --git a/src/p11-tests.h b/src/p11-tests.h index 4a79ffd..21b6064 100644 --- a/src/p11-tests.h +++ b/src/p11-tests.h @@ -6,6 +6,8 @@ #include <assert.h> #include <stdarg.h> +#define CK_INVALID ((CK_ULONG)-1) +\ /* ------------------------------------------------------------------- * msg.c */ @@ -40,6 +42,24 @@ int p11t_check_flag(const char *message, CK_ULONG flags, CK_ULONG flag); int p11t_check_nflag(const char *message, CK_ULONG flags, CK_ULONG nflag); /* ------------------------------------------------------------------- + * module.c + */ + +extern CK_FUNCTION_LIST_PTR p11t_module_funcs; + +void p11t_module_load(const char *filename); +void p11t_module_unload(void); + +void p11t_module_initialize(const char *initstr); +void p11t_module_finalize(void); + +/* ------------------------------------------------------------------- + * session.c + */ + +void p11t_session_tests(void); + +/* ------------------------------------------------------------------- * slot.c */ @@ -55,16 +75,5 @@ extern CK_MECHANISM_INFO_PTR* p11t_slot_mech_info; void p11t_slot_tests(void); -/* ------------------------------------------------------------------- - * module.c - */ - -extern CK_FUNCTION_LIST_PTR p11t_module_funcs; - -void p11t_module_load(const char *filename); -void p11t_module_unload(void); - -void p11t_module_initialize(const char *initstr); -void p11t_module_finalize(void); #endif /* P11TESTST_H_ */ diff --git a/src/session.c b/src/session.c new file mode 100644 index 0000000..414a50e --- /dev/null +++ b/src/session.c @@ -0,0 +1,165 @@ + +#include "config.h" + +#include "p11-tests.h" + +void +session_info(CK_SESSION_HANDLE session, CK_SLOT_ID slot, CK_FLAGS flags, CK_STATE state) +{ + CK_SESSION_INFO info; + CK_RV rv; + + if(session == CK_INVALID) + return; + + /** C_GetSessionInfo */ + + /** - Invalid session */ + rv = (p11t_module_funcs->C_GetSessionInfo)((CK_SESSION_HANDLE)-33, &info); + p11t_check_returns("C_GetSessionInfo with invalid session", rv, CKR_SESSION_HANDLE_INVALID); + + /** - NULL arguments */ + rv = (p11t_module_funcs->C_GetSessionInfo)(session, NULL); + p11t_check_returns("C_GetSessionInfo with null", rv, CKR_ARGUMENTS_BAD); + + /** - Valid call */ + rv = (p11t_module_funcs->C_GetSessionInfo)(session, &info); + if(!p11t_check_returns("C_GetSessionInfo", rv, CKR_OK)) + return; + + /** - Valid slot id */ + p11t_check_ulong("CK_SESSION_INFO.slotID", info.slotID, slot); + + /** - Valid state for session */ + p11t_check_ulong("CK_SESSION_INFO.state", info.state, state); + + /** - Valid flags for session */ + p11t_check_flag("CK_SESSION_INFO.flags", info.flags, flags); +} + +void +session_main(CK_SLOT_ID slot) +{ + CK_SESSION_HANDLE session_ro = CK_INVALID; + CK_SESSION_HANDLE session_rw = CK_INVALID; + CK_SESSION_HANDLE session_ro2 = CK_INVALID; + CK_SESSION_INFO info; + CK_RV rv; + + assert(p11t_module_funcs); + + /** C_OpenSession */ + + /** - Invalid slot */ + rv = (p11t_module_funcs->C_OpenSession)((CK_SLOT_ID)-5, 0, NULL, NULL, &session_ro); + p11t_check_returns("C_OpenSession with invalid slot", rv, CKR_SLOT_ID_INVALID); + + /** - Null arguments */ + rv = (p11t_module_funcs->C_OpenSession)(slot, 0, NULL, NULL, NULL); + p11t_check_returns("C_OpenSession with invalid slot", rv, CKR_ARGUMENTS_BAD); + + /** - No flags */ + rv = (p11t_module_funcs->C_OpenSession)(slot, 0, NULL, NULL, &session_ro); + p11t_check_returns("C_OpenSession with 0 flags", rv, CKR_SESSION_PARALLEL_NOT_SUPPORTED); + + /** - Without serial flag */ + rv = (p11t_module_funcs->C_OpenSession)(slot, CKF_RW_SESSION, NULL, NULL, &session_ro); + p11t_check_returns("C_OpenSession with RW flags", rv, CKR_SESSION_PARALLEL_NOT_SUPPORTED); + + /** - Valid flags */ + rv = (p11t_module_funcs->C_OpenSession)(slot, CKF_SERIAL_SESSION, NULL, NULL, &session_ro); + p11t_check_returns("C_OpenSession with serial flags", rv, CKR_OK); + rv = (p11t_module_funcs->C_OpenSession)(slot, CKF_SERIAL_SESSION, NULL, NULL, &session_ro2); + p11t_check_returns("C_OpenSession with serial flags", rv, CKR_OK); + + /** - Read write session */ + rv = (p11t_module_funcs->C_OpenSession)(slot, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session_rw); + if(rv == CKR_TOKEN_WRITE_PROTECTED) + session_rw = CK_INVALID; + else + p11t_check_returns("C_OpenSession with read write flags", rv, CKR_OK); + + /* Test all the sessions and validate their state */ + session_info(session_ro, slot, CKF_SERIAL_SESSION, CKS_RO_PUBLIC_SESSION); + session_info(session_ro2, slot, CKF_SERIAL_SESSION, CKS_RO_PUBLIC_SESSION); + if(session_rw) + session_info(session_rw, slot, CKF_SERIAL_SESSION | CKF_RW_SESSION, CKS_RW_PUBLIC_SESSION); + + /** C_CloseSession */ + + /** - Invalid session */ + rv = (p11t_module_funcs->C_CloseSession)((CK_SESSION_HANDLE)-10); + p11t_check_returns("C_CloseSession invalid handle", rv, CKR_SESSION_HANDLE_INVALID); + + if(session_ro != CK_INVALID) + { + /** - Normal call */ + rv = (p11t_module_funcs->C_CloseSession)(session_ro); + p11t_check_returns("C_CloseSession valid", rv, CKR_OK); + + /** - Check open session was closed */ + rv = (p11t_module_funcs->C_GetSessionInfo)(session_ro, &info); + p11t_check_returns("C_GetSessionInfo after close", rv, CKR_SESSION_HANDLE_INVALID); + + + /** - Close twice */ + + /* + * Note that CKR_SESSION_CLOSED is a valid return in this case. + * That should only be returned in the rare case when a session + * was closed during the execution of a function. A corner case. + */ + + rv = (p11t_module_funcs->C_CloseSession)(session_ro); + p11t_check_returns("C_CloseSession valid", rv, CKR_SESSION_HANDLE_INVALID); + } + + if(session_rw != CK_INVALID) + { + rv = (p11t_module_funcs->C_CloseSession)(session_rw); + p11t_check_returns("C_CloseSession read write", rv, CKR_OK); + } + + /** C_CloseAllSessions */ + + /** - Invalid slot id */ + rv = (p11t_module_funcs->C_CloseAllSessions)((CK_SLOT_ID)-34); + p11t_check_returns("C_CloseAllSessions invalid slot", rv, CKR_SLOT_ID_INVALID); + + /** - Normal call */ + rv = (p11t_module_funcs->C_CloseAllSessions)(slot); + p11t_check_returns("C_CloseAllSessions", rv, CKR_OK); + + /** - Check open session was closed */ + rv = (p11t_module_funcs->C_GetSessionInfo)(session_ro2, &info); + p11t_check_returns("C_GetSessionInfo after close all", rv, CKR_SESSION_HANDLE_INVALID); + + /** - Call when no sessions open */ + rv = (p11t_module_funcs->C_CloseAllSessions)(slot); + p11t_check_returns("C_CloseAllSessions", rv, CKR_OK); +} + +void +session_pin(CK_SLOT_ID slot) +{ + /** C_InitPIN */ + + /** - Not Implemented */ + + /** C_SetPIN */ + + /** - Not Implemented */ +} + +void +p11t_session_tests() +{ + CK_ULONG i; + + for(i = 0; i < p11t_slot_count; ++i) + { + CK_SLOT_ID slot = p11t_slot_ids[i]; + session_pin(slot); + session_main(slot); + } +} @@ -349,6 +349,14 @@ slot_mechanisms(void) } void +slot_init_token(void) +{ + /** C_InitToken */ + + /** - Not Implemented */ +} + +void p11t_slot_tests(void) { slot_global(); |