From 3a09c5c75038efe0e0c55b73dd234731fbc2c061 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Sat, 6 Dec 2008 15:25:46 +0000 Subject: Update coverage tool for new system. --- doc/pkcs11-coverage.py | 34 ++--- doc/pkcs11-coverage.txt | 324 +++++++++++++++++++++++++++++++----------------- 2 files changed, 228 insertions(+), 130 deletions(-) diff --git a/doc/pkcs11-coverage.py b/doc/pkcs11-coverage.py index 13d7b6c..55d831c 100644 --- a/doc/pkcs11-coverage.py +++ b/doc/pkcs11-coverage.py @@ -13,7 +13,7 @@ We're anxious to complete this, if you have patches please do contribute. """ # Matches a comment like /** comment */ -PATTERN = re.compile("""P11T_([A-Z_]+)\("(.+?)"""") +PATTERN = re.compile(r'\bP11T_([A-Z_]+)\("(.+?)"') os.chdir("../src") @@ -23,26 +23,27 @@ files = [ name for name in os.listdir(".") if name[-2:] == ".c" ] coverage = { } for file in files: - data = open(file).read() + lines = open(file).readlines() section = "" - # Find all the matching comments in this file - matches = PATTERN.findall(data) - for match in matches: + for line in lines: - # Strip all the comment stuff out start and of the match - match = match.strip(" /*\t\n\r") + match = PATTERN.search(line) if not match: continue - if match[0] == '-' and section: - coverage[section].append(match) - continue + name = match.group(1) + value = match.group(2) + + if name.find("SECTION") != -1: + section = value + if section not in coverage: + coverage[section] = [] + elif name.find("CHECK") != -1: + if section in coverage: + coverage[section].append(value) - section = match - if section not in coverage: - coverage[section] = [] sections = coverage.keys() sections.sort() @@ -51,6 +52,9 @@ print HEADER for section in sections: print section - for match in coverage[section]: - print match + checks = list(set(coverage[section])) + checks.sort() + for check in checks: + print " - %s" % check print + diff --git a/doc/pkcs11-coverage.txt b/doc/pkcs11-coverage.txt index 2885915..5eec19c 100644 --- a/doc/pkcs11-coverage.txt +++ b/doc/pkcs11-coverage.txt @@ -6,182 +6,276 @@ This is the test coverage of the p11-tests tool of the PKCS#11 interface. We're anxious to complete this, if you have patches please do contribute. +CK_INFO + - flags + - libraryDescription + - manufacturerID + +CK_MECHANISM_INFO + - Mechanism min key size should not be greater than max + - flags + +CK_SESSION_INFO + - C_Login: open RO session + - C_Login: open RW session + - flags + - slotID + - state + +CK_SLOT_INFO + - CKF_TOKEN_PRESENT flag is equivalent to C_GetSlotList(TRUE, ...) + - flags + - manufacturerID + - slotDescription + +CK_TOKEN_INFO + - Validate token time when CKF_CLOCK_ON_TOKEN + - flags + - label + - manufacturerID + - model + - serialNumber + C_CloseAllSessions -- Invalid slot id -- Normal call -- Check open session was closed -- Call when no sessions open + - Call when no sessions open + - Check open session was closed + - Invalid slot id + - Normal call C_CloseSession -- Invalid session -- Normal call -- Check open session was closed -- Close twice + - Check open session was closed + - Close twice + - Invalid session + - Normal call C_CopyObject -- Not Implemented + - Not Tested C_CreateObject -- Not Implemented + - Not Tested C_Decrypt -- CKM_RSA_PKCS -- CKM_RSA_X_509 + - Module encrypted data + - Normal call + - RSA decrypt failed, mangled data + - RSA decrypt failed, wrong length + - RSA validate failed, bad data + - RSA validate failed, wrong length + +C_DecryptInit + - Module encrypted data + - Normal call C_DestroyObject -- Not Implemented + - Not Tested C_Encrypt -- CKM_RSA_PKCS -- CKM_RSA_X_509 + - CKM_RSA_PKCS + - CKM_RSA_X_509 + - Normal call + - RSA encrypt failed, wrong length + +C_EncryptInit + - Normal call C_Finalize -- With invalid argument -- Normal call -- Double finalize in a row + - Double finalize in a row + - Normal call + - With invalid argument C_FindObjects -- Invalid session -- Null object count -- Retrieve a single object before remainder -- Retrieve remaining objects -- Extra call after retrieving all objects. -- Out of order call + - Extra call after retrieving all objects + - If asked for a single object, return one. + - Invalid session + - Null object count + - Out of order call + - Retrieve a single object before remainder + - Retrieve remaining objects + - Should return no objects in extra call C_FindObjectsFinal -- Invalid session -- Normal call -- Extra call + - Extra call + - Invalid session + - Normal call C_FindObjectsInit -- Invalid session -- Attribute count without buffer -- Double call. + - Attribute count without buffer + - Double call + - Find all objects + - Invalid session C_GetAttributeValue -- Invalid session -- Invalid object -- No template -- Buffer too small -- Retrieve attribute length -- Retrieve single attribute -- With one invalid attribute, no buffer. -- With one invalid attribute, with buffer. -- Multiple attributes, no buffer. -- Multiple attributes, some buffers -- Multiple attributes, one small buffer -- Multiple attributes, with buffers + - Buffer too small + - Buffer too small should return size + - CKA_CLASS value + - CKA_LABEL boolean value + - CKA_MODIFIABLE boolean value + - CKA_PRIVATE boolean value + - CKA_TOKEN boolean value + - Invalid object + - Invalid session + - Multiple attributes, no buffer + - Multiple attributes, one small buffer + - Multiple attributes, some buffers + - Multiple attributes, with buffers + - No template + - Retrieve attribute length + - Retrieve single attribute + - Should set attribute size, in partially valid set + - Should set invalid attribute to -1 + - Should set valid attribute to size + - Should set valid attribute, in partially valid set + - Size of CKA_CLASS + - Size of CKA_MODIFIABLE + - Size of CKA_PRIVATE + - Size of CKA_TOKEN + - Size of object class attribute. + - With one invalid attribute, no buffer + - With one invalid attribute, with buffer C_GetFunctionList -- See if returns same data as library entry point + - Call through function list + - See if returns same data as library entry point C_GetInfo -- NULL argument -- Normal call -- Space padded strings in CK_INFO -- No flags set + - Normal call + - Null argument C_GetMechanismInfo -- Invalid mechanism -- Null arguments -- Invalid slot id -- Normal call + - Invalid mechanism + - Invalid slot id + - Normal call + - Null arguments C_GetMechanismList -- Null arguments -- Without buffer -- Zero count but buffer present -- Low count but buffer present + - Call with too much buffer + - Invalid Slot + - Low count but buffer present + - Null arguments + - Should return number of mechs + - Without buffer + - Zero count but buffer present C_GetObjectSize -- Not Implemented + - Not Tested C_GetOperationState -- Not Implemented + - Not Tested C_GetSessionInfo -- Invalid session -- NULL arguments -- Valid call -- Valid slot id -- Valid state for session -- Valid flags for session + - Invalid session + - Null arguments + - Valid call C_GetSlotInfo -- NULL argument -- Normal call -- Space padded CK_SLOT_INFO fields -- CK_SLOT_INFO flags are from valid set -- Track CKF_TOKEN_PRESENT flag and compare to C_GetSlotList(TRUE) + - Normal call + - Null argument C_GetSlotList -- NULL arguments -- Retrieving the count -- Passing buffer space along with zero count. -- Passing buffer space along with low count. -- Passing too much buffer space. + - Count invalid when too much buffer passed + - Listing only tokens + - Normal call + - Null arguments + - Number of present tokens doesn't match token info flags. ie: CKF_TOKEN_PRESENT + - Passing buffer along with low count + - Passing buffer with zero count + - Present tokens don't match those in token info flags. ie: CKF_TOKEN_PRESENT + - Resulting count when buffer with low count passed + - Resulting count when buffer with zero count passed + - Retrieving the count C_GetTokenInfo -- Null arguments -- Normal call -- Space padded CK_TOKEN_INFO fields -- CK_TOKEN_INFO flags are from valid set -- Validate token time when CKF_CLOCK_ON_TOKEN -- Calling on slot without token + - Calling on slot without token + - Normal call + - Null arguments C_InitPIN -- Not Implemented + - Not Tested C_InitToken -- Not Implemented + - Not Tested C_Initialize -- Normal call -- Locking: no threads -- Locking: os locking -- Locking: app locking -- Locking: either locking -- Calls without initializing -- NULL argument -- Multiple initialize with C_Finalize between -- Double initialize in a row + - Calls without initializing + - Double initialize in a row + - Locking: app locking + - Locking: either locking + - Locking: no threads + - Locking: os locking + - Multiple initialize with C_Finalize between + - Null argument C_Login -- Invalid session -- Invalid user type -- Normal login -- Login changes all session state -- Login as SO not allowed with RO session -- Login as SO -- Login changes all session state -- Can't open RO session when logged in as SO -- Logout from SO -- Logout SO changes goes back to public + - Invalid session + - Invalid user type + - Login as SO + - Login as SO not allowed with RO session + - Login changes all session's state + - Normal login + - SO login changes all session state + - Test closing RO session before login as SO + - Test opening RO session before login as SO C_Logout -- Invalid session -- Normal logout -- Logout changes all session state + - C_OpenSession: open RW session + - Invalid session + - Logout SO changes goes back to public + - Logout changes all session state + - Logout from SO + - Normal logout C_OpenSession -- Invalid slot -- Null arguments -- No flags -- Without serial flag -- Valid flags -- Read write session + - Can't open RO session when logged in as SO + - Invalid slot + - No flags + - Null arguments + - Read write session + - Valid flags + - Without serial flag C_SetOperationState -- Not Implemented + - Not Tested C_SetPIN -- Not Implemented + - Not Tested C_Sign -- CKM_RSA_PKCS (SHA1) -- CKM_RSA_PKCS (MD5) -- CKM_RSA_PKCS (SHA1/MD5/SSL3) + - CKM_RSA_PKCS (MD5) + - CKM_RSA_PKCS (SHA1) + - CKM_RSA_PKCS (SHA1/MD5/SSL3) + - CKM_RSA_X_509 + - C_Sign: rsa x509 result length + - Normal call + - RSA PKCS#1.5 or SSLv3 signature did not verify + - RSA X509 Call + - RSA x509 signature did not verify + - RSA x509 signature was invalid + +C_SignInit + - Normal call + - RSA X509 Call C_WaitForSlotEvent -- Not Implemented + - Not Tested + +CreateMutex + - Arguments should not be null + +DestroyMutex + - Mutex should not be invalid + - Mutex should not be locked + - Mutex should not be null + +LockMutex + - Mutex should not be invalid + - Mutex should not deadlock + - Thread should not exit without releasing mutex + - null mutex + +UnlockMutex + - Mutex should be locked + - Mutex should be valid + - Mutex should not be invalid + - Mutex should not be locked + - Mutex should not be null -- cgit v1.2.3