|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* COPYRIGHT (c) International Business Machines Corp. 2002-2017
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* This program is provided under the terms of the Common Public License,
|
|
Packit |
8681c6 |
* version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
|
|
Packit |
8681c6 |
* software constitutes recipient's acceptance of CPL-1.0 terms which can be
|
|
Packit |
8681c6 |
* found in the file LICENSE file or at
|
|
Packit |
8681c6 |
* https://opensource.org/licenses/cpl1.0.php
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* openCryptoki testcase
|
|
Packit |
8681c6 |
* - Tests the new login flags for v2.11
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* Feb 12, 2002
|
|
Packit |
8681c6 |
* Kent Yoder <yoder1@us.ibm.com>
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include <stdio.h>
|
|
Packit |
8681c6 |
#include <stdlib.h>
|
|
Packit |
8681c6 |
#include <string.h>
|
|
Packit |
8681c6 |
#include <dlfcn.h>
|
|
Packit |
8681c6 |
#include <sys/types.h>
|
|
Packit |
8681c6 |
#include <sys/stat.h>
|
|
Packit |
8681c6 |
#include <unistd.h>
|
|
Packit |
8681c6 |
#include <fcntl.h>
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include "pkcs11types.h"
|
|
Packit |
8681c6 |
#include "regress.h"
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#define BAD_USER_PIN "534566346"
|
|
Packit |
8681c6 |
#define BAD_USER_PIN_LEN strlen(BAD_USER_PIN)
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int clean_up(void);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id;
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE session_handle;
|
|
Packit |
8681c6 |
CK_SESSION_INFO si;
|
|
Packit |
8681c6 |
CK_TOKEN_INFO ti;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
void *dl_handle;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int main(int argc, char **argv)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
int i;
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_C_INITIALIZE_ARGS initialize_args;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Set default slot to 0 */
|
|
Packit |
8681c6 |
slot_id = 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Parse the command line */
|
|
Packit |
8681c6 |
for (i = 1; i < argc; i++) {
|
|
Packit |
8681c6 |
if (strncmp(argv[i], "-slot", 5) == 0) {
|
|
Packit |
8681c6 |
slot_id = atoi(argv[i + 1]);
|
|
Packit |
8681c6 |
i++;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("Using slot %ld...\n\n", slot_id);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (do_GetFunctionList())
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* There will be no multi-threaded Cryptoki access in this app */
|
|
Packit |
8681c6 |
memset(&initialize_args, 0, sizeof(initialize_args));
|
|
Packit |
8681c6 |
memset(&si, 0, sizeof(CK_SESSION_INFO));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((rc = funcs->C_Initialize(&initialize_args)) != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_Initialize", rc);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (get_user_pin(user_pin))
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
user_pin_len = (CK_ULONG) strlen((char *) user_pin);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
// Tests:
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
// 1. Open Session
|
|
Packit |
8681c6 |
// 2. Check that the session looks normal
|
|
Packit |
8681c6 |
// 3. Login/Logout as USER with correct PIN
|
|
Packit |
8681c6 |
// 4. Login as USER with an incorrect PIN
|
|
Packit |
8681c6 |
// 5. Check that USER PIN COUNT LOW set
|
|
Packit |
8681c6 |
// 6. Login as USER with an incorrect PIN
|
|
Packit |
8681c6 |
// 7. Check that USER PIN LAST TRY set
|
|
Packit |
8681c6 |
// 8. Login correctly
|
|
Packit |
8681c6 |
// 9. Check that flags are reset
|
|
Packit |
8681c6 |
// 10. Try to set a new PIN, but with newPIN == oldPIN
|
|
Packit |
8681c6 |
// 11. Check that we get CKR_PIN_INVALID
|
|
Packit |
8681c6 |
// 12. Login as USER with an incorrect PIN
|
|
Packit |
8681c6 |
// 13. Check that USER PIN COUNT LOW set
|
|
Packit |
8681c6 |
// 14. Login as USER with an incorrect PIN
|
|
Packit |
8681c6 |
// 15. Check that USER PIN LAST TRY set
|
|
Packit |
8681c6 |
// 16. Login as USER with incorrect PIN
|
|
Packit |
8681c6 |
// 17. Check that USER PIN LOCKED set
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* 1. Open a session with the token */
|
|
Packit |
8681c6 |
if ((rc = funcs->C_OpenSession(slot_id,
|
|
Packit |
8681c6 |
(CKF_SERIAL_SESSION | CKF_RW_SESSION),
|
|
Packit |
8681c6 |
NULL_PTR,
|
|
Packit |
8681c6 |
NULL_PTR, &session_handle)) != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_OpenSession #1", rc);
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((rc = funcs->C_GetSessionInfo(session_handle, &si)) != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_GetSessionInfo #1", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* 2. Test the slot_id change. This used to be hard coded to 1.
|
|
Packit |
8681c6 |
* It should now be the slot number of the token we're using
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
if (si.slotID != slot_id) {
|
|
Packit |
8681c6 |
printf("Test #2 failed. Slot ID was %ld, expected %ld\n", si.slotID,
|
|
Packit |
8681c6 |
slot_id);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_GetTokenInfo #2", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (ti.flags & CKF_USER_PIN_LOCKED) {
|
|
Packit |
8681c6 |
printf("The USER's PIN is locked for the token in slot %ld.\n"
|
|
Packit |
8681c6 |
"Please reset the USER's PIN and re-run this test.\n", slot_id);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!(ti.flags & CKF_TOKEN_INITIALIZED)) {
|
|
Packit |
8681c6 |
printf("The token in slot %ld is uninitialized.\n", slot_id);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// 3. Login/Logout with correct USER PIN
|
|
Packit |
8681c6 |
rc = funcs->C_Login(session_handle, CKU_USER, user_pin, user_pin_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_Login #3", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_Logout(session_handle);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_Logout #3", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// 4. Login as USER with an incorrect PIN
|
|
Packit |
8681c6 |
rc = funcs->C_Login(session_handle, CKU_USER, (CK_CHAR_PTR) BAD_USER_PIN,
|
|
Packit |
8681c6 |
BAD_USER_PIN_LEN);
|
|
Packit |
8681c6 |
if (rc != CKR_PIN_INCORRECT) {
|
|
Packit |
8681c6 |
show_error("Test #4", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_GetTokenInfo #4", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// 5. Check that USER PIN COUNT LOW set
|
|
Packit |
8681c6 |
if (((ti.flags & CKF_USER_PIN_COUNT_LOW) == 0) ||
|
|
Packit |
8681c6 |
(ti.flags & CKF_USER_PIN_FINAL_TRY) ||
|
|
Packit |
8681c6 |
(ti.flags & CKF_USER_PIN_LOCKED)) {
|
|
Packit |
8681c6 |
printf("Test #5 failed. Token flags: %p.\n", (void *) ti.flags);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// 6. Login as USER with an incorrect PIN
|
|
Packit |
8681c6 |
rc = funcs->C_Login(session_handle, CKU_USER, (CK_CHAR_PTR) BAD_USER_PIN,
|
|
Packit |
8681c6 |
BAD_USER_PIN_LEN);
|
|
Packit |
8681c6 |
if (rc != CKR_PIN_INCORRECT) {
|
|
Packit |
8681c6 |
show_error("C_Login #6", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_GetTokenInfo #6", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// 7. Check that USER PIN LAST TRY set
|
|
Packit |
8681c6 |
if ((ti.flags & CKF_USER_PIN_COUNT_LOW) ||
|
|
Packit |
8681c6 |
((ti.flags & CKF_USER_PIN_FINAL_TRY) == 0) ||
|
|
Packit |
8681c6 |
(ti.flags & CKF_USER_PIN_LOCKED)) {
|
|
Packit |
8681c6 |
printf("Test #7 failed. Token flags: %p.\n", (void *) ti.flags);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// 8. Login correctly
|
|
Packit |
8681c6 |
rc = funcs->C_Login(session_handle, CKU_USER, user_pin, user_pin_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_Login #8", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_GetTokenInfo #8", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// 9. Check that flags are reset
|
|
Packit |
8681c6 |
if ((ti.flags & CKF_USER_PIN_COUNT_LOW) ||
|
|
Packit |
8681c6 |
(ti.flags & CKF_USER_PIN_FINAL_TRY) ||
|
|
Packit |
8681c6 |
(ti.flags & CKF_USER_PIN_LOCKED)) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("Test #9 failed. Token flags: %p.\n", (void *) ti.flags);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// 10. Try to set a new PIN, but with newPIN == oldPIN
|
|
Packit |
8681c6 |
// 11. Check that we get CKR_PIN_INVALID
|
|
Packit |
8681c6 |
rc = funcs->C_SetPIN(session_handle, user_pin, user_pin_len,
|
|
Packit |
8681c6 |
user_pin, user_pin_len);
|
|
Packit |
8681c6 |
if (rc != CKR_PIN_INVALID) {
|
|
Packit |
8681c6 |
show_error("Test #10", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// 12. Login as USER with an incorrect PIN
|
|
Packit |
8681c6 |
rc = funcs->C_Login(session_handle, CKU_USER, (CK_CHAR_PTR) BAD_USER_PIN,
|
|
Packit |
8681c6 |
BAD_USER_PIN_LEN);
|
|
Packit |
8681c6 |
if (rc != CKR_PIN_INCORRECT) {
|
|
Packit |
8681c6 |
show_error("C_Login #12", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_GetTokenInfo #12", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// 13. Check that USER PIN COUNT LOW set
|
|
Packit |
8681c6 |
if (((ti.flags & CKF_USER_PIN_COUNT_LOW) == 0) ||
|
|
Packit |
8681c6 |
(ti.flags & CKF_USER_PIN_FINAL_TRY) ||
|
|
Packit |
8681c6 |
(ti.flags & CKF_USER_PIN_LOCKED)) {
|
|
Packit |
8681c6 |
printf("Test #13 failed. Token flags: %p.\n", (void *) ti.flags);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// 14. Login as USER with an incorrect PIN
|
|
Packit |
8681c6 |
rc = funcs->C_Login(session_handle, CKU_USER, (CK_CHAR_PTR) BAD_USER_PIN,
|
|
Packit |
8681c6 |
BAD_USER_PIN_LEN);
|
|
Packit |
8681c6 |
if (rc != CKR_PIN_INCORRECT) {
|
|
Packit |
8681c6 |
show_error("C_Login #14", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_GetTokenInfo #14", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// 15. Check that USER PIN LAST TRY set
|
|
Packit |
8681c6 |
if ((ti.flags & CKF_USER_PIN_COUNT_LOW) ||
|
|
Packit |
8681c6 |
((ti.flags & CKF_USER_PIN_FINAL_TRY) == 0) ||
|
|
Packit |
8681c6 |
(ti.flags & CKF_USER_PIN_LOCKED)) {
|
|
Packit |
8681c6 |
printf("Test #15 failed. Token flags: %p.\n", (void *) ti.flags);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// 16. Login as USER with incorrect PIN
|
|
Packit |
8681c6 |
rc = funcs->C_Login(session_handle, CKU_USER, (CK_CHAR_PTR) BAD_USER_PIN,
|
|
Packit |
8681c6 |
BAD_USER_PIN_LEN);
|
|
Packit |
8681c6 |
if (rc != CKR_PIN_INCORRECT) {
|
|
Packit |
8681c6 |
show_error("C_Login #16", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_GetTokenInfo #16", rc);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// 17. Check that USER PIN LOCKED set
|
|
Packit |
8681c6 |
if ((ti.flags & CKF_USER_PIN_COUNT_LOW) ||
|
|
Packit |
8681c6 |
(ti.flags & CKF_USER_PIN_FINAL_TRY) ||
|
|
Packit |
8681c6 |
((ti.flags & CKF_USER_PIN_LOCKED) == 0)) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("Test #17 failed. Token flags: %p.\n", (void *) ti.flags);
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("Tests succeeded. USER PIN is now locked for slot %ld.\n"
|
|
Packit |
8681c6 |
"Re-running this test should return CKR_PIN_LOCKED.\n"
|
|
Packit |
8681c6 |
"To unlock this slot, run the init_tok testcase on the slot.\n",
|
|
Packit |
8681c6 |
slot_id);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
session_close:
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Close the session */
|
|
Packit |
8681c6 |
if ((rc = funcs->C_CloseSession(session_handle)) != CKR_OK)
|
|
Packit |
8681c6 |
show_error("C_CloseSession", rc);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
done:
|
|
Packit |
8681c6 |
/* Call C_Finalize and dlclose the library */
|
|
Packit |
8681c6 |
return clean_up();
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int clean_up(void)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((rc = funcs->C_Finalize(NULL)) != CKR_OK)
|
|
Packit |
8681c6 |
show_error("C_Finalize", rc);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Decrement the reference count to libopencryptoki.so */
|
|
Packit |
8681c6 |
dlclose(dl_handle);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|