From 8ebef7ee31f973b64dce777297cba0b3cfe0f3fe Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Fri, 5 Dec 2008 16:37:29 +0000 Subject: Add support for testing FindObjects. --- doc/pkcs11-coverage.py | 3 +- doc/pkcs11-coverage.txt | 33 +++++++++ src/Makefile.am | 1 + src/object.c | 175 ++++++++++++++++++++++++++++++++++++++++++++++++ src/p11-tests.c | 1 + src/p11-tests.h | 12 ++++ src/session.c | 101 ++++++++++++++++++++++++++++ 7 files changed, 325 insertions(+), 1 deletion(-) create mode 100644 src/object.c diff --git a/doc/pkcs11-coverage.py b/doc/pkcs11-coverage.py index 2184cee..2df744c 100644 --- a/doc/pkcs11-coverage.py +++ b/doc/pkcs11-coverage.py @@ -41,7 +41,8 @@ for file in files: continue section = match - coverage[section] = [] + if section not in coverage: + coverage[section] = [] sections = coverage.keys() sections.sort() diff --git a/doc/pkcs11-coverage.txt b/doc/pkcs11-coverage.txt index e5e9847..295df9f 100644 --- a/doc/pkcs11-coverage.txt +++ b/doc/pkcs11-coverage.txt @@ -18,11 +18,40 @@ C_CloseSession - Check open session was closed - Close twice +C_CopyObject +- Not Implemented + +C_CreateObject +- Not Implemented + +C_DestroyObject +- Not Implemented + C_Finalize - With invalid argument - Normal call - Double finalize in a row +C_FindObjects +- Invalid session +- Null object count +- Retrieve count of objects, using NULL buffer +- Retrieve count of objects +- Retrieve a single object before remainder +- Retrieve remaining objects +- Extra call after retrieving all objects. +- Out of order call + +C_FindObjectsFinal +- Invalid session +- Normal call +- Extra call + +C_FindObjectsInit +- Invalid session +- Attribute count without buffer +- Double call. + C_GetFunctionList - See if returns same data as library entry point @@ -95,6 +124,10 @@ C_Initialize - Double initialize in a row C_Login +- Invalid session +- Invalid user type +- Normal login +- Login changes all session state - Login as SO not allowed with RO session - Login as SO - Login changes all session state diff --git a/src/Makefile.am b/src/Makefile.am index 1f8a5ce..0a725c1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -8,6 +8,7 @@ p11_tests_SOURCES = \ config.c \ module.c \ msg.c \ + object.c \ p11-tests.c \ session.c \ slot.c diff --git a/src/object.c b/src/object.c new file mode 100644 index 0000000..450c795 --- /dev/null +++ b/src/object.c @@ -0,0 +1,175 @@ + +#include "config.h" + +#include "p11-tests.h" + +#include + +static void +create_object(CK_SESSION_HANDLE session_rw, CK_SESSION_HANDLE session_ro) +{ + /** C_CreateObject */ + + /** - Not Implemented */ +} + +static void +copy_object(CK_SESSION_HANDLE session_rw, CK_SESSION_HANDLE session_ro) +{ + /** C_CopyObject */ + + /** - Not Implemented */ +} + +static void +destroy_object(CK_SESSION_HANDLE session_rw, CK_SESSION_HANDLE session_ro) +{ + /** C_DestroyObject */ + + /** - Not Implemented */ +} + +static void +find_all_objects(CK_SESSION_HANDLE session) +{ + CK_OBJECT_HANDLE_PTR objects; + CK_OBJECT_HANDLE extra; + CK_ATTRIBUTE dummy; + CK_ULONG object_count, count; + CK_RV rv; + + assert(p11t_module_funcs); + + /** C_FindObjectsInit */ + + if(p11t_test_unexpected) + { + /** - Invalid session */ + rv = (p11t_module_funcs->C_FindObjectsInit)((CK_SESSION_HANDLE)-99, &dummy, 0); + p11t_check_returns("C_FindObjectsInit: invalid session", rv, CKR_SESSION_HANDLE_INVALID); + + /** - Attribute count without buffer */ + rv = (p11t_module_funcs->C_FindObjectsInit)((CK_SESSION_HANDLE)-99, NULL, 1); + p11t_check_returns("C_FindObjectsInit: count without buffer", rv, CKR_ARGUMENTS_BAD); + + } + + rv = (p11t_module_funcs->C_FindObjectsInit)(session, &dummy, 0); + p11t_check_returns("C_FindObjectsInit: all", rv, CKR_OK); + + if(p11t_test_unexpected) + { + /** - Double call. */ + rv = (p11t_module_funcs->C_FindObjectsInit)(session, &dummy, 0); + p11t_check_returns("C_FindObjectsInit: all", rv, CKR_OPERATION_ACTIVE); + + } + + /** C_FindObjects */ + + if(p11t_test_unexpected) + { + /** - Invalid session */ + rv = (p11t_module_funcs->C_FindObjects)((CK_SESSION_HANDLE)-99, NULL, 0, &object_count); + p11t_check_returns("C_FindObjects: invalid session", rv, CKR_SESSION_HANDLE_INVALID); + + /** - Null object count */ + rv = (p11t_module_funcs->C_FindObjects)(session, NULL, 0, NULL); + p11t_check_returns("C_FindObjects: invalid session", rv, CKR_ARGUMENTS_BAD); + + /** - Retrieve count of objects, using NULL buffer */ + rv = (p11t_module_funcs->C_FindObjects)(session, NULL, 0, &object_count); + p11t_check_returns("C_FindObjects: retrieve count", rv, CKR_OK); + } + + /** - Retrieve count of objects */ + rv = (p11t_module_funcs->C_FindObjects)(session, &extra, 0, &object_count); + p11t_check_returns("C_FindObjects: retrieve count", rv, CKR_OK); + + if(object_count > 0) + { + if(p11t_test_unexpected) + { + /** - Retrieve a single object before remainder */ + rv = (p11t_module_funcs->C_FindObjects)(session, &extra, 1, &count); + p11t_check_returns("C_FindObjects: single object", rv, CKR_OK); + p11t_check_ulong("C_FindObjects: should return one object", count, 1); + --object_count; + } + + /** - Retrieve remaining objects */ + objects = calloc(object_count, sizeof(CK_OBJECT_HANDLE)); + assert(objects); + rv = (p11t_module_funcs->C_FindObjects)(session, objects, object_count, &count); + p11t_check_returns("C_FindObjects: all objects", rv, CKR_OK); + p11t_check_ulong("C_FindObjects: should return one object", count, object_count); + } + + if(p11t_test_unexpected) + { + /** - Extra call after retrieving all objects. */ + rv = (p11t_module_funcs->C_FindObjects(session, &extra, 1, &count)); + p11t_check_returns("C_FindObjects: extra call", rv, CKR_OK); + p11t_check_ulong("C_FindObjects: should return no objects in extra call", count, 0); + } + + /** C_FindObjectsFinal */ + + if(p11t_test_unexpected) + { + /** - Invalid session */ + rv = (p11t_module_funcs->C_FindObjectsFinal)((CK_SESSION_HANDLE)-88); + p11t_check_returns("C_FindObjectsFinal: invalid session", rv, CKR_SESSION_HANDLE_INVALID); + } + + /** - Normal call */ + rv = (p11t_module_funcs->C_FindObjectsFinal)(session); + p11t_check_returns("C_FindObjectsFinal", rv, CKR_OK); + + if(p11t_test_unexpected) + { + /** - Extra call */ + rv = (p11t_module_funcs->C_FindObjectsFinal)(session); + p11t_check_returns("C_FindObjectsFinal: extra call", rv, CKR_OPERATION_NOT_INITIALIZED); + + /** C_FindObjects */ + + /** - Out of order call */ + rv = (p11t_module_funcs->C_FindObjects)(session, &extra, 1, &count); + p11t_check_returns("C_FindObjectsFinal: extra call", rv, CKR_OPERATION_NOT_INITIALIZED); + } + +} + +void +p11t_object_tests(void) +{ + CK_SESSION_HANDLE session_rw; + CK_SESSION_HANDLE session_ro; + CK_ULONG i; + + for(i = 0; i < p11t_slot_count; ++i) + { + session_rw = p11t_session_open(p11t_slot_ids[i], 1); + session_ro = p11t_session_open(p11t_slot_ids[i], 0); + + /* We need to have the readonly session and log in for tests to proceed */ + if(session_ro == CK_INVALID) + continue; + + if(p11t_session_login(session_ro)) + continue; + + find_all_objects(session_ro); + + if(session_rw != CK_INVALID) + { + find_all_objects(session_rw); + create_object(session_rw, session_ro); + copy_object(session_rw, session_ro); + destroy_object(session_rw, session_ro); + } + + p11t_session_close_all(p11t_slot_ids[i]); + } +} diff --git a/src/p11-tests.c b/src/p11-tests.c index 3346766..689dba4 100644 --- a/src/p11-tests.c +++ b/src/p11-tests.c @@ -53,6 +53,7 @@ main(int argc, char* argv[]) p11t_slot_tests(); p11t_session_tests(); + p11t_object_tests(); /* Remaining module tests */ p11t_module_finalize(); diff --git a/src/p11-tests.h b/src/p11-tests.h index 425032d..d30e1cc 100644 --- a/src/p11-tests.h +++ b/src/p11-tests.h @@ -65,10 +65,22 @@ void p11t_module_unload(void); void p11t_module_initialize(void); void p11t_module_finalize(void); +/* ------------------------------------------------------------------- + * object.c + */ + +void p11t_object_tests(void); + /* ------------------------------------------------------------------- * session.c */ +CK_SESSION_HANDLE p11t_session_open(CK_SLOT_ID slot, int readwrite); +int p11t_session_login(CK_SESSION_HANDLE handle); +int p11t_session_logout(CK_SESSION_HANDLE handle); +int p11t_session_close(CK_SESSION_HANDLE handle); +int p11t_session_close_all(CK_SLOT_ID slot); + void p11t_session_config(const char *name, const char *value); void p11t_session_tests(void); diff --git a/src/session.c b/src/session.c index 703227c..51bc050 100644 --- a/src/session.c +++ b/src/session.c @@ -343,6 +343,106 @@ p11t_session_tests() } } +CK_SESSION_HANDLE +p11t_session_open(CK_SLOT_ID slot, int readwrite) +{ + CK_SESSION_HANDLE session; + CK_FLAGS flags; + + assert(p11t_module_funcs); + + flags = CKF_SERIAL_SESSION; + if(readwrite) + flags |= CKF_RW_SESSION; + + if((p11t_module_funcs->C_OpenSession)(slot, flags, NULL, NULL, &session) != CKR_OK) + return CK_INVALID; + + return session; +} + +int +p11t_session_login(CK_SESSION_HANDLE session) +{ + CK_SESSION_INFO info; + CK_UTF8CHAR_PTR pin; + CK_ULONG n_pin; + + assert(session != CK_INVALID); + assert(p11t_module_funcs); + + if((p11t_module_funcs->C_GetSessionInfo)(session, &info) != CKR_OK) + return 0; + + switch(info.state) + { + case CKS_RO_USER_FUNCTIONS: + case CKS_RW_USER_FUNCTIONS: + case CKS_RW_SO_FUNCTIONS: + return 1; + } + + pin = calculate_pin(info.slotID, CKU_USER, &n_pin); + if((p11t_module_funcs->C_Login)(session, CKU_USER, pin, n_pin) != CKR_OK) + return 0; + + return 1; +} + +int +p11t_session_logout(CK_SESSION_HANDLE session) +{ + CK_SESSION_INFO info; + + assert(session != CK_INVALID); + assert(p11t_module_funcs); + + if((p11t_module_funcs->C_GetSessionInfo)(session, &info) != CKR_OK) + return 0; + + switch(info.state) + { + case CKS_RO_PUBLIC_SESSION: + case CKS_RW_PUBLIC_SESSION: + return 1; + } + + if((p11t_module_funcs->C_Logout)(session) != CKR_OK) + return 0; + + return 1; +} + +int +p11t_session_close(CK_SESSION_HANDLE session) +{ + CK_RV rv; + + assert(session != CK_INVALID); + assert(p11t_module_funcs); + + rv = (p11t_module_funcs->C_CloseSession)(session); + switch(rv) + { + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_CLOSED: + case CKR_OK: + return 1; + default: + return 0; + } +} + +int +p11t_session_close_all(CK_SLOT_ID slot) +{ + assert(p11t_module_funcs); + + if((p11t_module_funcs->C_CloseAllSessions)(slot) == CKR_OK) + return 1; + return 0; +} + void p11t_session_config(const char *name, const char *value) { @@ -351,3 +451,4 @@ p11t_session_config(const char *name, const char *value) if(strcmp(name, "login-so-pin") == 0) login_so_pin = value; } + -- cgit v1.2.3