PKCS#11 COVERAGE This is the test coverage of the p11-tests tool of the PKCS#11 interface. We're anxious to complete this, if you have patches please do contribute. CK_INFO - flags - libraryDescription - manufacturerID CK_MECHANISM_INFO - Mechanism min key size should not be greater than max - flags CK_SESSION_INFO - C_Login: open RO session - C_Login: open RW session - flags - slotID - state CK_SLOT_INFO - CKF_TOKEN_PRESENT flag is equivalent to C_GetSlotList(TRUE, ...) - flags - manufacturerID - slotDescription CK_TOKEN_INFO - Validate token time when CKF_CLOCK_ON_TOKEN - flags - label - manufacturerID - model - serialNumber C_CloseAllSessions - Call when no sessions open - Check open session was closed - Invalid slot id - Normal call C_CloseSession - Check open session was closed - Close twice - Invalid session - Normal call C_CopyObject - Not Tested C_CreateObject - Not Tested C_Decrypt - Module encrypted data - Normal call - RSA decrypt failed, mangled data - RSA decrypt failed, wrong length - RSA validate failed, bad data - RSA validate failed, wrong length C_DecryptInit - Module encrypted data - Normal call C_DestroyObject - Not Tested C_Encrypt - CKM_RSA_PKCS - CKM_RSA_X_509 - Normal call - RSA encrypt failed, wrong length C_EncryptInit - Normal call C_Finalize - Double finalize in a row - Normal call - With invalid argument C_FindObjects - Extra call after retrieving all objects - If asked for a single object, return one. - Invalid session - Null object count - Out of order call - Retrieve a single object before remainder - Retrieve remaining objects - Should return no objects in extra call C_FindObjectsFinal - Extra call - Invalid session - Normal call C_FindObjectsInit - Attribute count without buffer - Double call - Find all objects - Invalid session C_GetAttributeValue - Buffer too small - Buffer too small should return size - CKA_CLASS value - CKA_LABEL boolean value - CKA_MODIFIABLE boolean value - CKA_PRIVATE boolean value - CKA_TOKEN boolean value - Invalid object - Invalid session - Multiple attributes, no buffer - Multiple attributes, one small buffer - Multiple attributes, some buffers - Multiple attributes, with buffers - No template - Retrieve attribute length - Retrieve single attribute - Should set attribute size, in partially valid set - Should set invalid attribute to -1 - Should set valid attribute to size - Should set valid attribute, in partially valid set - Size of CKA_CLASS - Size of CKA_MODIFIABLE - Size of CKA_PRIVATE - Size of CKA_TOKEN - Size of object class attribute. - With one invalid attribute, no buffer - With one invalid attribute, with buffer C_GetFunctionList - Call through function list - See if returns same data as library entry point C_GetInfo - Normal call - Null argument C_GetMechanismInfo - Invalid mechanism - Invalid slot id - Normal call - Null arguments C_GetMechanismList - Call with too much buffer - Invalid Slot - Low count but buffer present - Null arguments - Should return number of mechs - Without buffer - Zero count but buffer present C_GetObjectSize - Not Tested C_GetOperationState - Not Tested C_GetSessionInfo - Invalid session - Null arguments - Valid call C_GetSlotInfo - Normal call - Null argument C_GetSlotList - Count invalid when too much buffer passed - Listing only tokens - Normal call - Null arguments - Number of present tokens doesn't match token info flags. ie: CKF_TOKEN_PRESENT - Passing buffer along with low count - Passing buffer with zero count - Present tokens don't match those in token info flags. ie: CKF_TOKEN_PRESENT - Resulting count when buffer with low count passed - Resulting count when buffer with zero count passed - Retrieving the count C_GetTokenInfo - Calling on slot without token - Normal call - Null arguments C_InitPIN - Not Tested C_InitToken - Not Tested C_Initialize - Calls without initializing - Double initialize in a row - Locking: app locking - Locking: either locking - Locking: no threads - Locking: os locking - Multiple initialize with C_Finalize between - Null argument C_Login - Invalid session - Invalid user type - Login as SO - Login as SO not allowed with RO session - Login changes all session's state - Normal login - SO login changes all session state - Test closing RO session before login as SO - Test opening RO session before login as SO C_Logout - C_OpenSession: open RW session - Invalid session - Logout SO changes goes back to public - Logout changes all session state - Logout from SO - Normal logout C_OpenSession - Can't open RO session when logged in as SO - Invalid slot - No flags - Null arguments - Read write session - Valid flags - Without serial flag C_SetOperationState - Not Tested C_SetPIN - Not Tested C_Sign - CKM_RSA_PKCS (MD5) - CKM_RSA_PKCS (SHA1) - CKM_RSA_PKCS (SHA1/MD5/SSL3) - CKM_RSA_X_509 - C_Sign: rsa x509 result length - Normal call - RSA PKCS#1.5 or SSLv3 signature did not verify - RSA X509 Call - RSA x509 signature did not verify - RSA x509 signature was invalid C_SignInit - Normal call - RSA X509 Call C_WaitForSlotEvent - Not Tested CreateMutex - Arguments should not be null DestroyMutex - Mutex should not be invalid - Mutex should not be locked - Mutex should not be null LockMutex - Mutex should not be invalid - Mutex should not deadlock - Thread should not exit without releasing mutex - null mutex UnlockMutex - Mutex should be locked - Mutex should be valid - Mutex should not be invalid - Mutex should not be locked - Mutex should not be null