summaryrefslogtreecommitdiff
path: root/doc/pkcs11-coverage.txt
blob: 5eec19cf8377fd2bec00696c3b7fee8e5b00558d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281


PKCS#11 COVERAGE

This is the test coverage of the p11-tests tool of the PKCS#11 interface.
We're anxious to complete this, if you have patches please do contribute.


CK_INFO
 - flags
 - libraryDescription
 - manufacturerID

CK_MECHANISM_INFO
 - Mechanism min key size should not be greater than max
 - flags

CK_SESSION_INFO
 - C_Login: open RO session
 - C_Login: open RW session
 - flags
 - slotID
 - state

CK_SLOT_INFO
 - CKF_TOKEN_PRESENT flag is equivalent to C_GetSlotList(TRUE, ...)
 - flags
 - manufacturerID
 - slotDescription

CK_TOKEN_INFO
 - Validate token time when CKF_CLOCK_ON_TOKEN
 - flags
 - label
 - manufacturerID
 - model
 - serialNumber

C_CloseAllSessions
 - Call when no sessions open
 - Check open session was closed
 - Invalid slot id
 - Normal call

C_CloseSession
 - Check open session was closed
 - Close twice
 - Invalid session
 - Normal call

C_CopyObject
 - Not Tested

C_CreateObject
 - Not Tested

C_Decrypt
 - Module encrypted data
 - Normal call
 - RSA decrypt failed, mangled data
 - RSA decrypt failed, wrong length
 - RSA validate failed, bad data
 - RSA validate failed, wrong length

C_DecryptInit
 - Module encrypted data
 - Normal call

C_DestroyObject
 - Not Tested

C_Encrypt
 - CKM_RSA_PKCS
 - CKM_RSA_X_509
 - Normal call
 - RSA encrypt failed, wrong length

C_EncryptInit
 - Normal call

C_Finalize
 - Double finalize in a row
 - Normal call
 - With invalid argument

C_FindObjects
 - Extra call after retrieving all objects
 - If asked for a single object, return one.
 - Invalid session
 - Null object count
 - Out of order call
 - Retrieve a single object before remainder
 - Retrieve remaining objects
 - Should return no objects in extra call

C_FindObjectsFinal
 - Extra call
 - Invalid session
 - Normal call

C_FindObjectsInit
 - Attribute count without buffer
 - Double call
 - Find all objects
 - Invalid session

C_GetAttributeValue
 - Buffer too small
 - Buffer too small should return size
 - CKA_CLASS value
 - CKA_LABEL boolean value
 - CKA_MODIFIABLE boolean value
 - CKA_PRIVATE boolean value
 - CKA_TOKEN boolean value
 - Invalid object
 - Invalid session
 - Multiple attributes, no buffer
 - Multiple attributes, one small buffer
 - Multiple attributes, some buffers
 - Multiple attributes, with buffers
 - No template
 - Retrieve attribute length
 - Retrieve single attribute
 - Should set attribute size, in partially valid set
 - Should set invalid attribute to -1
 - Should set valid attribute to size
 - Should set valid attribute, in partially valid set
 - Size of CKA_CLASS
 - Size of CKA_MODIFIABLE
 - Size of CKA_PRIVATE
 - Size of CKA_TOKEN
 - Size of object class attribute.
 - With one invalid attribute, no buffer
 - With one invalid attribute, with buffer

C_GetFunctionList
 - Call through function list
 - See if returns same data as library entry point

C_GetInfo
 - Normal call
 - Null argument

C_GetMechanismInfo
 - Invalid mechanism
 - Invalid slot id
 - Normal call
 - Null arguments

C_GetMechanismList
 - Call with too much buffer
 - Invalid Slot
 - Low count but buffer present
 - Null arguments
 - Should return number of mechs
 - Without buffer
 - Zero count but buffer present

C_GetObjectSize
 - Not Tested

C_GetOperationState
 - Not Tested

C_GetSessionInfo
 - Invalid session
 - Null arguments
 - Valid call

C_GetSlotInfo
 - Normal call
 - Null argument

C_GetSlotList
 - Count invalid when too much buffer passed
 - Listing only tokens
 - Normal call
 - Null arguments
 - Number of present tokens doesn't match token info flags. ie: CKF_TOKEN_PRESENT
 - Passing buffer along with low count
 - Passing buffer with zero count
 - Present tokens don't match those in token info flags. ie: CKF_TOKEN_PRESENT
 - Resulting count when buffer with low count passed
 - Resulting count when buffer with zero count passed
 - Retrieving the count

C_GetTokenInfo
 - Calling on slot without token
 - Normal call
 - Null arguments

C_InitPIN
 - Not Tested

C_InitToken
 - Not Tested

C_Initialize
 - Calls without initializing
 - Double initialize in a row
 - Locking: app locking
 - Locking: either locking
 - Locking: no threads
 - Locking: os locking
 - Multiple initialize with C_Finalize between
 - Null argument

C_Login
 - Invalid session
 - Invalid user type
 - Login as SO
 - Login as SO not allowed with RO session
 - Login changes all session's state
 - Normal login
 - SO login changes all session state
 - Test closing RO session before login as SO
 - Test opening RO session before login as SO

C_Logout
 - C_OpenSession: open RW session
 - Invalid session
 - Logout SO changes goes back to public
 - Logout changes all session state
 - Logout from SO
 - Normal logout

C_OpenSession
 - Can't open RO session when logged in as SO
 - Invalid slot
 - No flags
 - Null arguments
 - Read write session
 - Valid flags
 - Without serial flag

C_SetOperationState
 - Not Tested

C_SetPIN
 - Not Tested

C_Sign
 - CKM_RSA_PKCS (MD5)
 - CKM_RSA_PKCS (SHA1)
 - CKM_RSA_PKCS (SHA1/MD5/SSL3)
 - CKM_RSA_X_509
 - C_Sign: rsa x509 result length
 - Normal call
 - RSA PKCS#1.5 or SSLv3 signature did not verify
 - RSA X509 Call
 - RSA x509 signature did not verify
 - RSA x509 signature was invalid

C_SignInit
 - Normal call
 - RSA X509 Call

C_WaitForSlotEvent
 - Not Tested

CreateMutex
 - Arguments should not be null

DestroyMutex
 - Mutex should not be invalid
 - Mutex should not be locked
 - Mutex should not be null

LockMutex
 - Mutex should not be invalid
 - Mutex should not deadlock
 - Thread should not exit without releasing mutex
 - null mutex

UnlockMutex
 - Mutex should be locked
 - Mutex should be valid
 - Mutex should not be invalid
 - Mutex should not be locked
 - Mutex should not be null