path: root/doc/pkcs11-coverage.txt

PKCS#11 COVERAGE

This is the test coverage of the p11-tests tool of the PKCS#11 interface.
We're anxious to complete this, if you have patches please do contribute.


CK_INFO
 - flags
 - libraryDescription
 - manufacturerID

CK_MECHANISM_INFO
 - Mechanism min key size should not be greater than max
 - flags

CK_SESSION_INFO
 - C_Login: open RO session
 - C_Login: open RW session
 - flags
 - slotID
 - state

CK_SLOT_INFO
 - CKF_TOKEN_PRESENT flag is equivalent to C_GetSlotList(TRUE, ...)
 - flags
 - manufacturerID
 - slotDescription

CK_TOKEN_INFO
 - Validate token time when CKF_CLOCK_ON_TOKEN
 - flags
 - label
 - manufacturerID
 - model
 - serialNumber

C_CloseAllSessions
 - Call when no sessions open
 - Check open session was closed
 - Invalid slot id
 - Normal call

C_CloseSession
 - Check open session was closed
 - Close twice
 - Invalid session
 - Normal call

C_CopyObject
 - Not Tested

C_CreateObject
 - Not Tested

C_Decrypt
 - Module encrypted data
 - Normal call
 - RSA decrypt failed, mangled data
 - RSA decrypt failed, wrong length
 - RSA validate failed, bad data
 - RSA validate failed, wrong length

C_DecryptInit
 - Module encrypted data
 - Normal call

C_DestroyObject
 - Not Tested

C_Encrypt
 - CKM_RSA_PKCS
 - CKM_RSA_X_509
 - Normal call
 - RSA encrypt failed, wrong length

C_EncryptInit
 - Normal call

C_Finalize
 - Double finalize in a row
 - Normal call
 - With invalid argument

C_FindObjects
 - Extra call after retrieving all objects
 - If asked for a single object, return one.
 - Invalid session
 - Null object count
 - Out of order call
 - Retrieve a single object before remainder
 - Retrieve remaining objects
 - Should return no objects in extra call

C_FindObjectsFinal
 - Extra call
 - Invalid session
 - Normal call

C_FindObjectsInit
 - Attribute count without buffer
 - Double call
 - Find all objects
 - Invalid session

C_GetAttributeValue
 - Buffer too small
 - Buffer too small should return size
 - CKA_CLASS value
 - CKA_LABEL boolean value
 - CKA_MODIFIABLE boolean value
 - CKA_PRIVATE boolean value
 - CKA_TOKEN boolean value
 - Invalid object
 - Invalid session
 - Multiple attributes, no buffer
 - Multiple attributes, one small buffer
 - Multiple attributes, some buffers
 - Multiple attributes, with buffers
 - No template
 - Retrieve attribute length
 - Retrieve single attribute
 - Should set attribute size, in partially valid set
 - Should set invalid attribute to -1
 - Should set valid attribute to size
 - Should set valid attribute, in partially valid set
 - Size of CKA_CLASS
 - Size of CKA_MODIFIABLE
 - Size of CKA_PRIVATE
 - Size of CKA_TOKEN
 - Size of object class attribute.
 - With one invalid attribute, no buffer
 - With one invalid attribute, with buffer

C_GetFunctionList
 - Call through function list
 - See if returns same data as library entry point

C_GetInfo
 - Normal call
 - Null argument

C_GetMechanismInfo
 - Invalid mechanism
 - Invalid slot id
 - Normal call
 - Null arguments

C_GetMechanismList
 - Call with too much buffer
 - Invalid Slot
 - Low count but buffer present
 - Null arguments
 - Should return number of mechs
 - Without buffer
 - Zero count but buffer present

C_GetObjectSize
 - Not Tested

C_GetOperationState
 - Not Tested

C_GetSessionInfo
 - Invalid session
 - Null arguments
 - Valid call

C_GetSlotInfo
 - Normal call
 - Null argument

C_GetSlotList
 - Count invalid when too much buffer passed
 - Listing only tokens
 - Normal call
 - Null arguments
 - Number of present tokens doesn't match token info flags. ie: CKF_TOKEN_PRESENT
 - Passing buffer along with low count
 - Passing buffer with zero count
 - Present tokens don't match those in token info flags. ie: CKF_TOKEN_PRESENT
 - Resulting count when buffer with low count passed
 - Resulting count when buffer with zero count passed
 - Retrieving the count

C_GetTokenInfo
 - Calling on slot without token
 - Normal call
 - Null arguments

C_InitPIN
 - Not Tested

C_InitToken
 - Not Tested

C_Initialize
 - Calls without initializing
 - Double initialize in a row
 - Locking: app locking
 - Locking: either locking
 - Locking: no threads
 - Locking: os locking
 - Multiple initialize with C_Finalize between
 - Null argument

C_Login
 - Invalid session
 - Invalid user type
 - Login as SO
 - Login as SO not allowed with RO session
 - Login changes all session's state
 - Normal login
 - SO login changes all session state
 - Test closing RO session before login as SO
 - Test opening RO session before login as SO

C_Logout
 - C_OpenSession: open RW session
 - Invalid session
 - Logout SO changes goes back to public
 - Logout changes all session state
 - Logout from SO
 - Normal logout

C_OpenSession
 - Can't open RO session when logged in as SO
 - Invalid slot
 - No flags
 - Null arguments
 - Read write session
 - Valid flags
 - Without serial flag

C_SetOperationState
 - Not Tested

C_SetPIN
 - Not Tested

C_Sign
 - CKM_RSA_PKCS (MD5)
 - CKM_RSA_PKCS (SHA1)
 - CKM_RSA_PKCS (SHA1/MD5/SSL3)
 - CKM_RSA_X_509
 - C_Sign: rsa x509 result length
 - Normal call
 - RSA PKCS#1.5 or SSLv3 signature did not verify
 - RSA X509 Call
 - RSA x509 signature did not verify
 - RSA x509 signature was invalid

C_SignInit
 - Normal call
 - RSA X509 Call

C_WaitForSlotEvent
 - Not Tested

CreateMutex
 - Arguments should not be null

DestroyMutex
 - Mutex should not be invalid
 - Mutex should not be locked
 - Mutex should not be null

LockMutex
 - Mutex should not be invalid
 - Mutex should not deadlock
 - Thread should not exit without releasing mutex
 - null mutex

UnlockMutex
 - Mutex should be locked
 - Mutex should be valid
 - Mutex should not be invalid
 - Mutex should not be locked
 - Mutex should not be null