diff options
Diffstat (limited to 'doc/pkcs11-coverage.txt')
-rw-r--r-- | doc/pkcs11-coverage.txt | 324 |
1 files changed, 209 insertions, 115 deletions
diff --git a/doc/pkcs11-coverage.txt b/doc/pkcs11-coverage.txt index 2885915..5eec19c 100644 --- a/doc/pkcs11-coverage.txt +++ b/doc/pkcs11-coverage.txt @@ -6,182 +6,276 @@ This is the test coverage of the p11-tests tool of the PKCS#11 interface. We're anxious to complete this, if you have patches please do contribute. +CK_INFO + - flags + - libraryDescription + - manufacturerID + +CK_MECHANISM_INFO + - Mechanism min key size should not be greater than max + - flags + +CK_SESSION_INFO + - C_Login: open RO session + - C_Login: open RW session + - flags + - slotID + - state + +CK_SLOT_INFO + - CKF_TOKEN_PRESENT flag is equivalent to C_GetSlotList(TRUE, ...) + - flags + - manufacturerID + - slotDescription + +CK_TOKEN_INFO + - Validate token time when CKF_CLOCK_ON_TOKEN + - flags + - label + - manufacturerID + - model + - serialNumber + C_CloseAllSessions -- Invalid slot id -- Normal call -- Check open session was closed -- Call when no sessions open + - Call when no sessions open + - Check open session was closed + - Invalid slot id + - Normal call C_CloseSession -- Invalid session -- Normal call -- Check open session was closed -- Close twice + - Check open session was closed + - Close twice + - Invalid session + - Normal call C_CopyObject -- Not Implemented + - Not Tested C_CreateObject -- Not Implemented + - Not Tested C_Decrypt -- CKM_RSA_PKCS -- CKM_RSA_X_509 + - Module encrypted data + - Normal call + - RSA decrypt failed, mangled data + - RSA decrypt failed, wrong length + - RSA validate failed, bad data + - RSA validate failed, wrong length + +C_DecryptInit + - Module encrypted data + - Normal call C_DestroyObject -- Not Implemented + - Not Tested C_Encrypt -- CKM_RSA_PKCS -- CKM_RSA_X_509 + - CKM_RSA_PKCS + - CKM_RSA_X_509 + - Normal call + - RSA encrypt failed, wrong length + +C_EncryptInit + - Normal call C_Finalize -- With invalid argument -- Normal call -- Double finalize in a row + - Double finalize in a row + - Normal call + - With invalid argument C_FindObjects -- Invalid session -- Null object count -- Retrieve a single object before remainder -- Retrieve remaining objects -- Extra call after retrieving all objects. -- Out of order call + - Extra call after retrieving all objects + - If asked for a single object, return one. + - Invalid session + - Null object count + - Out of order call + - Retrieve a single object before remainder + - Retrieve remaining objects + - Should return no objects in extra call C_FindObjectsFinal -- Invalid session -- Normal call -- Extra call + - Extra call + - Invalid session + - Normal call C_FindObjectsInit -- Invalid session -- Attribute count without buffer -- Double call. + - Attribute count without buffer + - Double call + - Find all objects + - Invalid session C_GetAttributeValue -- Invalid session -- Invalid object -- No template -- Buffer too small -- Retrieve attribute length -- Retrieve single attribute -- With one invalid attribute, no buffer. -- With one invalid attribute, with buffer. -- Multiple attributes, no buffer. -- Multiple attributes, some buffers -- Multiple attributes, one small buffer -- Multiple attributes, with buffers + - Buffer too small + - Buffer too small should return size + - CKA_CLASS value + - CKA_LABEL boolean value + - CKA_MODIFIABLE boolean value + - CKA_PRIVATE boolean value + - CKA_TOKEN boolean value + - Invalid object + - Invalid session + - Multiple attributes, no buffer + - Multiple attributes, one small buffer + - Multiple attributes, some buffers + - Multiple attributes, with buffers + - No template + - Retrieve attribute length + - Retrieve single attribute + - Should set attribute size, in partially valid set + - Should set invalid attribute to -1 + - Should set valid attribute to size + - Should set valid attribute, in partially valid set + - Size of CKA_CLASS + - Size of CKA_MODIFIABLE + - Size of CKA_PRIVATE + - Size of CKA_TOKEN + - Size of object class attribute. + - With one invalid attribute, no buffer + - With one invalid attribute, with buffer C_GetFunctionList -- See if returns same data as library entry point + - Call through function list + - See if returns same data as library entry point C_GetInfo -- NULL argument -- Normal call -- Space padded strings in CK_INFO -- No flags set + - Normal call + - Null argument C_GetMechanismInfo -- Invalid mechanism -- Null arguments -- Invalid slot id -- Normal call + - Invalid mechanism + - Invalid slot id + - Normal call + - Null arguments C_GetMechanismList -- Null arguments -- Without buffer -- Zero count but buffer present -- Low count but buffer present + - Call with too much buffer + - Invalid Slot + - Low count but buffer present + - Null arguments + - Should return number of mechs + - Without buffer + - Zero count but buffer present C_GetObjectSize -- Not Implemented + - Not Tested C_GetOperationState -- Not Implemented + - Not Tested C_GetSessionInfo -- Invalid session -- NULL arguments -- Valid call -- Valid slot id -- Valid state for session -- Valid flags for session + - Invalid session + - Null arguments + - Valid call C_GetSlotInfo -- NULL argument -- Normal call -- Space padded CK_SLOT_INFO fields -- CK_SLOT_INFO flags are from valid set -- Track CKF_TOKEN_PRESENT flag and compare to C_GetSlotList(TRUE) + - Normal call + - Null argument C_GetSlotList -- NULL arguments -- Retrieving the count -- Passing buffer space along with zero count. -- Passing buffer space along with low count. -- Passing too much buffer space. + - Count invalid when too much buffer passed + - Listing only tokens + - Normal call + - Null arguments + - Number of present tokens doesn't match token info flags. ie: CKF_TOKEN_PRESENT + - Passing buffer along with low count + - Passing buffer with zero count + - Present tokens don't match those in token info flags. ie: CKF_TOKEN_PRESENT + - Resulting count when buffer with low count passed + - Resulting count when buffer with zero count passed + - Retrieving the count C_GetTokenInfo -- Null arguments -- Normal call -- Space padded CK_TOKEN_INFO fields -- CK_TOKEN_INFO flags are from valid set -- Validate token time when CKF_CLOCK_ON_TOKEN -- Calling on slot without token + - Calling on slot without token + - Normal call + - Null arguments C_InitPIN -- Not Implemented + - Not Tested C_InitToken -- Not Implemented + - Not Tested C_Initialize -- Normal call -- Locking: no threads -- Locking: os locking -- Locking: app locking -- Locking: either locking -- Calls without initializing -- NULL argument -- Multiple initialize with C_Finalize between -- Double initialize in a row + - Calls without initializing + - Double initialize in a row + - Locking: app locking + - Locking: either locking + - Locking: no threads + - Locking: os locking + - Multiple initialize with C_Finalize between + - Null argument C_Login -- Invalid session -- Invalid user type -- Normal login -- Login changes all session state -- Login as SO not allowed with RO session -- Login as SO -- Login changes all session state -- Can't open RO session when logged in as SO -- Logout from SO -- Logout SO changes goes back to public + - Invalid session + - Invalid user type + - Login as SO + - Login as SO not allowed with RO session + - Login changes all session's state + - Normal login + - SO login changes all session state + - Test closing RO session before login as SO + - Test opening RO session before login as SO C_Logout -- Invalid session -- Normal logout -- Logout changes all session state + - C_OpenSession: open RW session + - Invalid session + - Logout SO changes goes back to public + - Logout changes all session state + - Logout from SO + - Normal logout C_OpenSession -- Invalid slot -- Null arguments -- No flags -- Without serial flag -- Valid flags -- Read write session + - Can't open RO session when logged in as SO + - Invalid slot + - No flags + - Null arguments + - Read write session + - Valid flags + - Without serial flag C_SetOperationState -- Not Implemented + - Not Tested C_SetPIN -- Not Implemented + - Not Tested C_Sign -- CKM_RSA_PKCS (SHA1) -- CKM_RSA_PKCS (MD5) -- CKM_RSA_PKCS (SHA1/MD5/SSL3) + - CKM_RSA_PKCS (MD5) + - CKM_RSA_PKCS (SHA1) + - CKM_RSA_PKCS (SHA1/MD5/SSL3) + - CKM_RSA_X_509 + - C_Sign: rsa x509 result length + - Normal call + - RSA PKCS#1.5 or SSLv3 signature did not verify + - RSA X509 Call + - RSA x509 signature did not verify + - RSA x509 signature was invalid + +C_SignInit + - Normal call + - RSA X509 Call C_WaitForSlotEvent -- Not Implemented + - Not Tested + +CreateMutex + - Arguments should not be null + +DestroyMutex + - Mutex should not be invalid + - Mutex should not be locked + - Mutex should not be null + +LockMutex + - Mutex should not be invalid + - Mutex should not deadlock + - Thread should not exit without releasing mutex + - null mutex + +UnlockMutex + - Mutex should be locked + - Mutex should be valid + - Mutex should not be invalid + - Mutex should not be locked + - Mutex should not be null |