|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* COPYRIGHT (c) International Business Machines Corp. 2012-2017
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* This program is provided under the terms of the Common Public License,
|
|
Packit |
8681c6 |
* version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
|
|
Packit |
8681c6 |
* software constitutes recipient's acceptance of CPL-1.0 terms which can be
|
|
Packit |
8681c6 |
* found in the file LICENSE file or at
|
|
Packit |
8681c6 |
* https://opensource.org/licenses/cpl1.0.php
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include <stdio.h>
|
|
Packit |
8681c6 |
#include <stdlib.h>
|
|
Packit |
8681c6 |
#include <string.h>
|
|
Packit |
8681c6 |
#include <memory.h>
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include "pkcs11types.h"
|
|
Packit |
8681c6 |
#include "regress.h"
|
|
Packit |
8681c6 |
#include "common.c"
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#define AES_KEY_SIZE_128 16
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* API Routines exercised that take /var/lock/LCK..opencryptoki spinlock.
|
|
Packit |
8681c6 |
* C_OpenSession
|
|
Packit |
8681c6 |
* C_CloseSession
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* API Routines exercised that cause stdll to take /var/lock/opencryptoki_stdll
|
|
Packit |
8681c6 |
* spinlock.
|
|
Packit |
8681c6 |
* C_CreateObject
|
|
Packit |
8681c6 |
* C_Login
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* 1) create a data object
|
|
Packit |
8681c6 |
* 2) create a certificate
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
CK_RV do_CreateSessionObject(void)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE h_session;
|
|
Packit |
8681c6 |
CK_RV rc = 0;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BYTE false = FALSE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_data;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS data_class = CKO_DATA;
|
|
Packit |
8681c6 |
CK_BYTE data_application[] = "Test Application";
|
|
Packit |
8681c6 |
CK_BYTE data_value[] = "1234567890abcedfghijklmnopqrstuvwxyz";
|
|
Packit |
8681c6 |
CK_ATTRIBUTE data_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &data_class, sizeof(data_class)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &false, sizeof(false)},
|
|
Packit |
8681c6 |
{CKA_APPLICATION, &data_application, sizeof(data_application)},
|
|
Packit |
8681c6 |
{CKA_VALUE, &data_value, sizeof(data_value)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_cert;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
|
|
Packit |
8681c6 |
CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
|
|
Packit |
8681c6 |
CK_BYTE cert_subject[] = "Certificate subject";
|
|
Packit |
8681c6 |
CK_BYTE cert_id[] = "Certificate ID";
|
|
Packit |
8681c6 |
CK_BYTE cert_value[] =
|
|
Packit |
8681c6 |
"AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";
|
|
Packit |
8681c6 |
CK_ATTRIBUTE cert_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &cert_class, sizeof(cert_class)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &false, sizeof(false)},
|
|
Packit |
8681c6 |
{CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type)},
|
|
Packit |
8681c6 |
{CKA_SUBJECT, &cert_subject, sizeof(cert_subject)},
|
|
Packit |
8681c6 |
{CKA_ID, &cert_id, sizeof(cert_id)},
|
|
Packit |
8681c6 |
{CKA_VALUE, &cert_value, sizeof(cert_value)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("starting...");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (get_user_pin(user_pin))
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
user_pin_len = (CK_ULONG) strlen((char *) user_pin);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// create a USER R/W session
|
|
Packit |
8681c6 |
flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
|
|
Packit |
8681c6 |
rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &h_session);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_OpenSession() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_Login(h_session, CKU_USER, user_pin, user_pin_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_Login() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// now, create the objects
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(h_session, data_attribs, 4, &h_data);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(h_session, cert_attribs, 6, &h_cert);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
done:
|
|
Packit |
8681c6 |
// done...close the session and verify the object is deleted
|
|
Packit |
8681c6 |
rc = funcs->C_CloseAllSessions(slot_id);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CloseAllSessions() rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_pass("looks okay...");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* API Routines exercised that take /var/lock/LCK..opencryptoki spinlock.
|
|
Packit |
8681c6 |
* C_OpenSession
|
|
Packit |
8681c6 |
* C_CloseSession
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* API routines exercised that result in stdll taking
|
|
Packit |
8681c6 |
* /var/lock/opencryptoki_stdll spinlock.
|
|
Packit |
8681c6 |
* C_CreateObject
|
|
Packit |
8681c6 |
* C_CopyObject
|
|
Packit |
8681c6 |
* C_DestroyObject
|
|
Packit |
8681c6 |
* C_GetAttributeValue
|
|
Packit |
8681c6 |
* C_GetObjectSize
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* 1) create a data object with no CKA_APPLICATION attribute
|
|
Packit |
8681c6 |
* 2) create a copy of the object specifying the CKA_APPLICATION attribute
|
|
Packit |
8681c6 |
* 3) extract the CK_VALUE attribute from the copy. Ensure matches the original
|
|
Packit |
8681c6 |
* 4) extract the CKA_APPLICATION attribute from the original. ensure empty.
|
|
Packit |
8681c6 |
* 5) extract the CKA_APPLICATION attribute from the copy. ensure is correct.
|
|
Packit |
8681c6 |
* 6) attempt to extract CK_PRIME from the original. ensure fails correctly.
|
|
Packit |
8681c6 |
* 7) attempt to extract CK_PRIME from a non-existant object. ensure fails
|
|
Packit |
8681c6 |
* correctly.
|
|
Packit |
8681c6 |
* 8) get the size of the original object and copied objects
|
|
Packit |
8681c6 |
* 9) destroy the original object. ensure this succeeds.
|
|
Packit |
8681c6 |
* A) destroy a non-existant object. ensure this fails correctly.
|
|
Packit |
8681c6 |
* B) get the size of the original object. ensure this fails correctly.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
CK_RV do_CopyObject(void)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE h_session;
|
|
Packit |
8681c6 |
CK_RV rc = 0, loc_rc = 0;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
CK_ULONG obj_size;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BYTE true = TRUE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_data;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS data_class = CKO_DATA;
|
|
Packit |
8681c6 |
CK_BYTE data_application[] = "Test Application";
|
|
Packit |
8681c6 |
CK_BYTE data_value[] = "1234567890abcedfghijklmnopqrstuvwxyz";
|
|
Packit |
8681c6 |
CK_ATTRIBUTE data_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &data_class, sizeof(data_class)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_VALUE, &data_value, sizeof(data_value)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_copy;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE copy_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_APPLICATION, &data_application, sizeof(data_application)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BYTE buf1[100];
|
|
Packit |
8681c6 |
CK_ATTRIBUTE verify_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_APPLICATION, &buf1, sizeof(buf1)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BYTE buf2[100];
|
|
Packit |
8681c6 |
CK_ATTRIBUTE prime_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_PRIME, &buf2, sizeof(buf2)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("starting...");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (get_user_pin(user_pin))
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
user_pin_len = (CK_ULONG) strlen((char *) user_pin);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* create a USER R/W session */
|
|
Packit |
8681c6 |
flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
|
|
Packit |
8681c6 |
rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &h_session);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_OpenSession() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_Login(h_session, CKU_USER, user_pin, user_pin_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_Login() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* create the object */
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(h_session, data_attribs, 3, &h_data);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* create the copy */
|
|
Packit |
8681c6 |
rc = funcs->C_CopyObject(h_session, h_data, copy_attribs, 1, &h_copy);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CopyObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy_1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* now, try to extract the CKA_APPLICATION attribute from the original
|
|
Packit |
8681c6 |
* this will pull in the token's default value for CKA_APPLICATION which
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
verify_attribs[0].ulValueLen = sizeof(buf1);
|
|
Packit |
8681c6 |
rc = funcs->C_GetAttributeValue(h_session, h_data, verify_attribs, 1);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_GetAttributeValue() rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* now, try to extract the CKA_APPLICATION attribute from the copy */
|
|
Packit |
8681c6 |
verify_attribs[0].ulValueLen = sizeof(buf1);
|
|
Packit |
8681c6 |
rc = funcs->C_GetAttributeValue(h_session, h_copy, verify_attribs, 1);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_GetAttributeValue() rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (memcmp(&data_application,
|
|
Packit |
8681c6 |
verify_attribs[0].pValue, sizeof(data_application)) != 0) {
|
|
Packit |
8681c6 |
testcase_fail("extracted attribute doesn't match");
|
|
Packit |
8681c6 |
rc = -1;
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* now, try to extract CKA_PRIME from the original.
|
|
Packit |
8681c6 |
* this should not exist
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
prime_attribs[0].ulValueLen = sizeof(buf2);
|
|
Packit |
8681c6 |
rc = funcs->C_GetAttributeValue(h_session, h_data, prime_attribs, 1);
|
|
Packit |
8681c6 |
if (rc != CKR_ATTRIBUTE_TYPE_INVALID) {
|
|
Packit |
8681c6 |
testcase_fail("C_GetAttributeValue() rc = %s (expected "
|
|
Packit |
8681c6 |
"CKR_ATTRIBUTE_TYPE_INVALID)", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* now, try to extract CKA_PRIME from a bogus object handle.
|
|
Packit |
8681c6 |
* this should not exist
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
rc = funcs->C_GetAttributeValue(h_session, 98765, prime_attribs, 1);
|
|
Packit |
8681c6 |
if (rc != CKR_OBJECT_HANDLE_INVALID) {
|
|
Packit |
8681c6 |
testcase_fail("C_GetAttributeValue() rc = %s (expected "
|
|
Packit |
8681c6 |
"CKR_OBJECT_HANDLE_INVALID)", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* now, get the size of the original object */
|
|
Packit |
8681c6 |
rc = funcs->C_GetObjectSize(h_session, h_data, &obj_size);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_GetObjectSize() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_pass("Looks okay...");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
destroy:
|
|
Packit |
8681c6 |
/* now, destroy the original object and the copy */
|
|
Packit |
8681c6 |
loc_rc = funcs->C_DestroyObject(h_session, h_copy);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
destroy_1:
|
|
Packit |
8681c6 |
loc_rc = funcs->C_DestroyObject(h_session, h_data);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
done:
|
|
Packit |
8681c6 |
loc_rc = funcs->C_CloseAllSessions(slot_id);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_CloseAllSessions() loc_rc=%s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* API Routines exercised that take /var/lock/LCK..opencryptoki spinlock.
|
|
Packit |
8681c6 |
* C_OpenSession
|
|
Packit |
8681c6 |
* C_CloseSession
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* API routines exercised that result in stdll taking
|
|
Packit |
8681c6 |
* /var/lock/opencryptoki_stdll spinlock.
|
|
Packit |
8681c6 |
* C_CreateObject
|
|
Packit |
8681c6 |
* C_GetAttributeValue
|
|
Packit |
8681c6 |
* C_SetAttributeValue
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* 1) create a certificate object with no CKA_SERIAL_NUMBER or CKA_ISSUER
|
|
Packit |
8681c6 |
* 2) add CKA_SERIAL_NUMBER and CKA_ISSUER and modify CKA_ID.
|
|
Packit |
8681c6 |
* verify this works.
|
|
Packit |
8681c6 |
* 3) try to modify CKA_VALUE and CKA_ID in a single call to
|
|
Packit |
8681c6 |
* C_SetAttributeValue. verify that this fails correctly and that
|
|
Packit |
8681c6 |
* the object is not modified.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
CK_RV do_SetAttributeValues(void)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE h_session;
|
|
Packit |
8681c6 |
CK_RV rc = 0, loc_rc = 0;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BYTE true = TRUE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_cert;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
|
|
Packit |
8681c6 |
CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
|
|
Packit |
8681c6 |
CK_BYTE cert_subject[] = "Certificate subject";
|
|
Packit |
8681c6 |
CK_BYTE cert_id[] = "Certificate ID";
|
|
Packit |
8681c6 |
CK_BYTE cert_value[] =
|
|
Packit |
8681c6 |
"AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_ATTRIBUTE cert_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &cert_class, sizeof(cert_class)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type)},
|
|
Packit |
8681c6 |
{CKA_SUBJECT, &cert_subject, sizeof(cert_subject)},
|
|
Packit |
8681c6 |
{CKA_ID, &cert_id, sizeof(cert_id)},
|
|
Packit |
8681c6 |
{CKA_VALUE, &cert_value, sizeof(cert_value)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BYTE cert_id2[] = "New ID";
|
|
Packit |
8681c6 |
CK_BYTE cert_issuer[] = "Certificate Issuer";
|
|
Packit |
8681c6 |
CK_BYTE cert_ser_no[] = "Serial Number: 12345";
|
|
Packit |
8681c6 |
CK_ATTRIBUTE update_attr[] = {
|
|
Packit |
8681c6 |
{CKA_SERIAL_NUMBER, &cert_ser_no, sizeof(cert_ser_no)},
|
|
Packit |
8681c6 |
{CKA_ISSUER, &cert_issuer, sizeof(cert_issuer)},
|
|
Packit |
8681c6 |
{CKA_ID, &cert_id2, sizeof(cert_id2)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BYTE cert_value2[] = "Invalid Value";
|
|
Packit |
8681c6 |
CK_BYTE cert_id3[] = "ID #3";
|
|
Packit |
8681c6 |
CK_ATTRIBUTE invalid_attr[] = {
|
|
Packit |
8681c6 |
{CKA_VALUE, &cert_value2, sizeof(cert_value2)},
|
|
Packit |
8681c6 |
{CKA_ID, &cert_id3, sizeof(cert_id3)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("starting...");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (get_user_pin(user_pin))
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
user_pin_len = (CK_ULONG) strlen((char *) user_pin);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* create a USER R/W session */
|
|
Packit |
8681c6 |
flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
|
|
Packit |
8681c6 |
rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &h_session);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_OpenSession() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_Login(h_session, CKU_USER, user_pin, user_pin_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_Login() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* create the object */
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(h_session, cert_attribs, 6, &h_cert);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Add CKA_SERIAL_NUMBER and CKA_ISSUER and change the
|
|
Packit |
8681c6 |
* existing CKA_ID
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
rc = funcs->C_SetAttributeValue(h_session, h_cert, update_attr, 3);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_SetAttributeValue() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
CK_BYTE buf1[100];
|
|
Packit |
8681c6 |
CK_BYTE buf2[100];
|
|
Packit |
8681c6 |
CK_BYTE buf3[100];
|
|
Packit |
8681c6 |
CK_ATTRIBUTE check1[] = {
|
|
Packit |
8681c6 |
{CKA_ISSUER, &buf1, sizeof(buf1)},
|
|
Packit |
8681c6 |
{CKA_SERIAL_NUMBER, &buf2, sizeof(buf2)},
|
|
Packit |
8681c6 |
{CKA_ID, &buf3, sizeof(buf3)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GetAttributeValue(h_session, h_cert,
|
|
Packit |
8681c6 |
(CK_ATTRIBUTE *) & check1, 3);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_GetAttributeValue() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (memcmp(check1[0].pValue, cert_issuer, check1[0].ulValueLen) != 0) {
|
|
Packit |
8681c6 |
testcase_fail("CKA_ISSUER mismatch");
|
|
Packit |
8681c6 |
rc = -1;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (memcmp(check1[1].pValue, cert_ser_no, check1[1].ulValueLen) != 0) {
|
|
Packit |
8681c6 |
testcase_fail("CKA_SERIAL_NUMBER mismatch");
|
|
Packit |
8681c6 |
rc = -1;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (memcmp(check1[2].pValue, cert_id2, check1[2].ulValueLen) != 0) {
|
|
Packit |
8681c6 |
testcase_fail("CKA_ID mismatch");
|
|
Packit |
8681c6 |
rc = -1;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* the next template tries to update a CK_ID (valid) and
|
|
Packit |
8681c6 |
* CKA_VALUE (read-only). the entire operation should fail -- no
|
|
Packit |
8681c6 |
* attributes should get modified
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
rc = funcs->C_SetAttributeValue(h_session, h_cert, invalid_attr, 2);
|
|
Packit |
8681c6 |
if (rc != CKR_ATTRIBUTE_READ_ONLY) {
|
|
Packit |
8681c6 |
testcase_fail
|
|
Packit |
8681c6 |
("C_SetAttributeValue() rc = %s (expected CKR_ATTRIBUTE_READ_ONLY)",
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
CK_BYTE buf1[100];
|
|
Packit |
8681c6 |
CK_ATTRIBUTE check1[] = {
|
|
Packit |
8681c6 |
{CKA_ID, &buf1, sizeof(buf1)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GetAttributeValue(h_session, h_cert, check1, 1);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_GetAttributeValue() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (memcmp(check1[0].pValue, cert_id2, check1[0].ulValueLen) != 0) {
|
|
Packit |
8681c6 |
testcase_fail("CKA_ID mismatch");
|
|
Packit |
8681c6 |
rc = -1;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_pass("Looks okay...");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
done:
|
|
Packit |
8681c6 |
/* now destroy the objects but don't clobber rc */
|
|
Packit |
8681c6 |
loc_rc = funcs->C_DestroyObject(h_session, h_cert);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
error:
|
|
Packit |
8681c6 |
/* done...close the session */
|
|
Packit |
8681c6 |
loc_rc = funcs->C_CloseAllSessions(slot_id);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_CloseAllSessions() loc_rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* API Routines exercised that take /var/lock/LCK..opencryptoki spinlock.
|
|
Packit |
8681c6 |
* C_OpenSession
|
|
Packit |
8681c6 |
* C_CloseSession
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* API routines exercised that result in stdll taking
|
|
Packit |
8681c6 |
* /var/lock/opencryptoki_stdll spinlock.
|
|
Packit |
8681c6 |
* C_FindObjectsInit
|
|
Packit |
8681c6 |
* C_FindObjects
|
|
Packit |
8681c6 |
* C_CreateObject
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* 1) Create 3 certificates with different CKA_ID attributes
|
|
Packit |
8681c6 |
* 2) Search for a particular CKA_ID. Verify this works.
|
|
Packit |
8681c6 |
* 3) Search for a non-existant CKA_ID. Verify this returns nothing.
|
|
Packit |
8681c6 |
* 4) Specify an empty template. Verify that all 3 objects are returned.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
CK_RV do_FindObjects(void)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE h_session;
|
|
Packit |
8681c6 |
CK_RV rc = 0, loc_rc = 0;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BYTE true = TRUE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_cert1;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS cert1_class = CKO_CERTIFICATE;
|
|
Packit |
8681c6 |
CK_CERTIFICATE_TYPE cert1_type = CKC_X_509;
|
|
Packit |
8681c6 |
CK_BYTE cert1_subject[] = "Certificate subject #1";
|
|
Packit |
8681c6 |
CK_BYTE cert1_id[] = "Certificate ID #1";
|
|
Packit |
8681c6 |
CK_BYTE cert1_value[] =
|
|
Packit |
8681c6 |
"AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_ATTRIBUTE cert1_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &cert1_class, sizeof(cert1_class)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_CERTIFICATE_TYPE, &cert1_type, sizeof(cert1_type)},
|
|
Packit |
8681c6 |
{CKA_SUBJECT, &cert1_subject, sizeof(cert1_subject)},
|
|
Packit |
8681c6 |
{CKA_ID, &cert1_id, sizeof(cert1_id)},
|
|
Packit |
8681c6 |
{CKA_VALUE, &cert1_value, sizeof(cert1_value)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_cert2;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS cert2_class = CKO_CERTIFICATE;
|
|
Packit |
8681c6 |
CK_CERTIFICATE_TYPE cert2_type = CKC_X_509;
|
|
Packit |
8681c6 |
CK_BYTE cert2_subject[] = "Certificate subject #2";
|
|
Packit |
8681c6 |
CK_BYTE cert2_id[] = "Certificate ID #2";
|
|
Packit |
8681c6 |
CK_BYTE cert2_value[] =
|
|
Packit |
8681c6 |
"AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_ATTRIBUTE cert2_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &cert2_class, sizeof(cert2_class)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_CERTIFICATE_TYPE, &cert2_type, sizeof(cert2_type)},
|
|
Packit |
8681c6 |
{CKA_SUBJECT, &cert2_subject, sizeof(cert2_subject)},
|
|
Packit |
8681c6 |
{CKA_ID, &cert2_id, sizeof(cert2_id)},
|
|
Packit |
8681c6 |
{CKA_VALUE, &cert2_value, sizeof(cert2_value)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_cert3;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS cert3_class = CKO_CERTIFICATE;
|
|
Packit |
8681c6 |
CK_CERTIFICATE_TYPE cert3_type = CKC_X_509;
|
|
Packit |
8681c6 |
CK_BYTE cert3_subject[] = "Certificate subject #3";
|
|
Packit |
8681c6 |
CK_BYTE cert3_id[] = "Certificate ID #3";
|
|
Packit |
8681c6 |
CK_BYTE cert3_value[] =
|
|
Packit |
8681c6 |
"AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_ATTRIBUTE cert3_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &cert3_class, sizeof(cert3_class)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_CERTIFICATE_TYPE, &cert3_type, sizeof(cert3_type)},
|
|
Packit |
8681c6 |
{CKA_SUBJECT, &cert3_subject, sizeof(cert3_subject)},
|
|
Packit |
8681c6 |
{CKA_ID, &cert3_id, sizeof(cert3_id)},
|
|
Packit |
8681c6 |
{CKA_VALUE, &cert3_value, sizeof(cert3_value)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BYTE find1_id[] = "Certificate ID #2";
|
|
Packit |
8681c6 |
CK_ATTRIBUTE find1_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_ID, &find1_id, sizeof(find1_id)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BYTE find2_id[] = "Certificate ID #12345";
|
|
Packit |
8681c6 |
CK_ATTRIBUTE find2_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_ID, &find2_id, sizeof(find2_id)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE obj_list[10];
|
|
Packit |
8681c6 |
CK_ULONG find_count;
|
|
Packit |
8681c6 |
unsigned int i;
|
|
Packit |
8681c6 |
int got_it = 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("starting...");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (get_user_pin(user_pin))
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
user_pin_len = (CK_ULONG) strlen((char *) user_pin);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* create a USER R/W session */
|
|
Packit |
8681c6 |
flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
|
|
Packit |
8681c6 |
rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &h_session);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_OpenSession() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_Login(h_session, CKU_USER, user_pin, user_pin_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_Login() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* create the objects */
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(h_session, cert1_attribs, 6, &h_cert1);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(h_session, cert2_attribs, 6, &h_cert2);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy_1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(h_session, cert3_attribs, 6, &h_cert3);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy_2;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* now, search for the 2nd objects */
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsInit(h_session, find1_attribs, 1);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjectsInit() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
do {
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjects(h_session, obj_list, 10, &find_count);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjects() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* step through list and find our object handle */
|
|
Packit |
8681c6 |
for (i = 0; i < find_count; i++) {
|
|
Packit |
8681c6 |
if (obj_list[i] == h_cert2)
|
|
Packit |
8681c6 |
got_it++;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} while (got_it == 0 && find_count != 0);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsFinal(h_session);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjectsFinal() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (got_it == 0) {
|
|
Packit |
8681c6 |
testcase_fail("could not find object handle");
|
|
Packit |
8681c6 |
rc = -1;
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* now, search for a non-existant object */
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsInit(h_session, find2_attribs, 1);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjectsInit() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjects(h_session, obj_list, 10, &find_count);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjects() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsFinal(h_session);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjectsFinal() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (find_count != 0) {
|
|
Packit |
8681c6 |
testcase_fail("found %ld objects when none where expected", find_count);
|
|
Packit |
8681c6 |
rc = -1;
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_pass("Looks okay...");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
destroy:
|
|
Packit |
8681c6 |
/* now destroy the objects that were created */
|
|
Packit |
8681c6 |
loc_rc = funcs->C_DestroyObject(h_session, h_cert3);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
destroy_2:
|
|
Packit |
8681c6 |
loc_rc = funcs->C_DestroyObject(h_session, h_cert2);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
destroy_1:
|
|
Packit |
8681c6 |
loc_rc = funcs->C_DestroyObject(h_session, h_cert1);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
done:
|
|
Packit |
8681c6 |
/* done...close the session */
|
|
Packit |
8681c6 |
loc_rc = funcs->C_CloseAllSessions(slot_id);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_CloseAllSessions() loc_rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* API Routines exercised that take /var/lock/LCK..opencryptoki spinlock.
|
|
Packit |
8681c6 |
* C_OpenSession
|
|
Packit |
8681c6 |
* C_CloseSession
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* API routines exercised that result in stdll taking
|
|
Packit |
8681c6 |
* /var/lock/opencryptoki_stdll spinlock.
|
|
Packit |
8681c6 |
* C_FindObjectsInit
|
|
Packit |
8681c6 |
* C_FindObjects
|
|
Packit |
8681c6 |
* C_CreateObject
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* 1) Create 3 certificates as PUBLIC token objects
|
|
Packit |
8681c6 |
* 2) Search for a particular CKA_ID. Verify that this works.
|
|
Packit |
8681c6 |
* 3) Do FindObjects with a NULL template. Verify that all 3 token objects
|
|
Packit |
8681c6 |
* are found.
|
|
Packit |
8681c6 |
* 4) Search for a particular CKA_ID. Verify it works.
|
|
Packit |
8681c6 |
* 5) Search for a non-existant CKA_ID. Verify it returns nothing.
|
|
Packit |
8681c6 |
* 6) Close all sessions. Then create a new session.
|
|
Packit |
8681c6 |
* 7) Search for a particular CKA_ID. Verify it works.
|
|
Packit |
8681c6 |
* 8) Search for a non-existant CKA_ID. Verify it returns nothing.
|
|
Packit |
8681c6 |
* 9) Destroy all 3 token objects
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
CK_RV do_CreateTokenObjects(void)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
unsigned int i;
|
|
Packit |
8681c6 |
int got_it = 0;
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE h_session;
|
|
Packit |
8681c6 |
CK_RV rc = 0, loc_rc = 0;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BYTE true = TRUE;
|
|
Packit |
8681c6 |
CK_BYTE false = FALSE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_cert1;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS cert1_class = CKO_CERTIFICATE;
|
|
Packit |
8681c6 |
CK_CERTIFICATE_TYPE cert1_type = CKC_X_509;
|
|
Packit |
8681c6 |
CK_BYTE cert1_subject[] = "Certificate subject #1";
|
|
Packit |
8681c6 |
CK_BYTE cert1_id[] = "Certificate ID #1";
|
|
Packit |
8681c6 |
CK_BYTE cert1_value[] =
|
|
Packit |
8681c6 |
"AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_ATTRIBUTE cert1_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &cert1_class, sizeof(cert1_class)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_CERTIFICATE_TYPE, &cert1_type, sizeof(cert1_type)},
|
|
Packit |
8681c6 |
{CKA_SUBJECT, &cert1_subject, sizeof(cert1_subject)},
|
|
Packit |
8681c6 |
{CKA_ID, &cert1_id, sizeof(cert1_id)},
|
|
Packit |
8681c6 |
{CKA_VALUE, &cert1_value, sizeof(cert1_value)},
|
|
Packit |
8681c6 |
{CKA_PRIVATE, &false, sizeof(false)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_cert2;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS cert2_class = CKO_CERTIFICATE;
|
|
Packit |
8681c6 |
CK_CERTIFICATE_TYPE cert2_type = CKC_X_509;
|
|
Packit |
8681c6 |
CK_BYTE cert2_subject[] = "Certificate subject #2";
|
|
Packit |
8681c6 |
CK_BYTE cert2_id[] = "Certificate ID #2";
|
|
Packit |
8681c6 |
CK_BYTE cert2_value[] =
|
|
Packit |
8681c6 |
"AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_ATTRIBUTE cert2_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &cert2_class, sizeof(cert2_class)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_CERTIFICATE_TYPE, &cert2_type, sizeof(cert2_type)},
|
|
Packit |
8681c6 |
{CKA_SUBJECT, &cert2_subject, sizeof(cert2_subject)},
|
|
Packit |
8681c6 |
{CKA_ID, &cert2_id, sizeof(cert2_id)},
|
|
Packit |
8681c6 |
{CKA_VALUE, &cert2_value, sizeof(cert2_value)},
|
|
Packit |
8681c6 |
{CKA_PRIVATE, &false, sizeof(false)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_cert3;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS cert3_class = CKO_CERTIFICATE;
|
|
Packit |
8681c6 |
CK_CERTIFICATE_TYPE cert3_type = CKC_X_509;
|
|
Packit |
8681c6 |
CK_BYTE cert3_subject[] = "Certificate subject #3";
|
|
Packit |
8681c6 |
CK_BYTE cert3_id[] = "Certificate ID #3";
|
|
Packit |
8681c6 |
CK_BYTE cert3_value[] =
|
|
Packit |
8681c6 |
"AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_ATTRIBUTE cert3_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &cert3_class, sizeof(cert3_class)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_CERTIFICATE_TYPE, &cert3_type, sizeof(cert3_type)},
|
|
Packit |
8681c6 |
{CKA_SUBJECT, &cert3_subject, sizeof(cert3_subject)},
|
|
Packit |
8681c6 |
{CKA_ID, &cert3_id, sizeof(cert3_id)},
|
|
Packit |
8681c6 |
{CKA_VALUE, &cert3_value, sizeof(cert3_value)},
|
|
Packit |
8681c6 |
{CKA_PRIVATE, &false, sizeof(false)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BYTE find1_id[] = "Certificate ID #2";
|
|
Packit |
8681c6 |
CK_ATTRIBUTE find1_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_ID, &find1_id, sizeof(find1_id)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BYTE find2_id[] = "Certificate ID #123456";
|
|
Packit |
8681c6 |
CK_ATTRIBUTE find2_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_ID, &find2_id, sizeof(find2_id)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE obj_list[10];
|
|
Packit |
8681c6 |
CK_ULONG find_count;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("starting...");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (get_user_pin(user_pin))
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
user_pin_len = (CK_ULONG) strlen((char *) user_pin);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* create a USER R/W session */
|
|
Packit |
8681c6 |
flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
|
|
Packit |
8681c6 |
rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &h_session);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_OpenSession() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_Login(h_session, CKU_USER, user_pin, user_pin_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_Login() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* create the token objects */
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(h_session, cert1_attribs, 7, &h_cert1);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(h_session, cert2_attribs, 7, &h_cert2);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy_1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(h_session, cert3_attribs, 7, &h_cert3);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy_2;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* now, search for the 2nd object */
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsInit(h_session, find1_attribs, 1);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjectsInit() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
do {
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjects(h_session, obj_list, 10, &find_count);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjects() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* step through list and find 2nd object's handle */
|
|
Packit |
8681c6 |
for (i = 0; i < find_count; i++) {
|
|
Packit |
8681c6 |
if (obj_list[i] == h_cert2)
|
|
Packit |
8681c6 |
got_it++;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} while (got_it == 0 && find_count != 0);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsFinal(h_session);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjectsFinal() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (got_it == 0) {
|
|
Packit |
8681c6 |
testcase_fail("could not find 2nd object's handle");
|
|
Packit |
8681c6 |
rc = -1;
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* now, search for a non-existant attribute */
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsInit(h_session, find2_attribs, 1);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjectsInit() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjects(h_session, obj_list, 10, &find_count);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjects() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsFinal(h_session);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjectsFinal() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (find_count != 0) {
|
|
Packit |
8681c6 |
testcase_fail("found %ld objects when none where expected", find_count);
|
|
Packit |
8681c6 |
rc = -1;
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* done...close all sessions and open a new one */
|
|
Packit |
8681c6 |
rc = funcs->C_CloseAllSessions(slot_id);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CloseAllSessions() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* create a USER R/W session */
|
|
Packit |
8681c6 |
flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
|
|
Packit |
8681c6 |
rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &h_session);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_OpenSession() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_Login(h_session, CKU_USER, user_pin, user_pin_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_Login() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* now, search for the 2nd object */
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsInit(h_session, find1_attribs, 1);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjectsInit() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
do {
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjects(h_session, obj_list, 10, &find_count);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjects() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* step through list and find 2nd object's handle */
|
|
Packit |
8681c6 |
got_it = 0;
|
|
Packit |
8681c6 |
for (i = 0; i < find_count; i++) {
|
|
Packit |
8681c6 |
if (obj_list[i] == h_cert2)
|
|
Packit |
8681c6 |
got_it++;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} while (got_it == 0 && find_count != 0);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsFinal(h_session);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjectsFinal() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (got_it == 0) {
|
|
Packit |
8681c6 |
testcase_fail("could not find 2nd object's handle in new session");
|
|
Packit |
8681c6 |
rc = -1;
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* now, search for a non-existant attribute */
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsInit(h_session, find2_attribs, 1);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjectsInit() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjects(h_session, obj_list, 10, &find_count);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjects() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (find_count != 0) {
|
|
Packit |
8681c6 |
testcase_fail("found %ld objects when none where expected", find_count);
|
|
Packit |
8681c6 |
rc = -1;
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsFinal(h_session);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjectsFinal() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_pass("Looks okay...");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Destroy the created objects, don't clobber the rc */
|
|
Packit |
8681c6 |
destroy:
|
|
Packit |
8681c6 |
loc_rc = funcs->C_DestroyObject(h_session, h_cert3);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
destroy_2:
|
|
Packit |
8681c6 |
loc_rc = funcs->C_DestroyObject(h_session, h_cert2);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
destroy_1:
|
|
Packit |
8681c6 |
loc_rc = funcs->C_DestroyObject(h_session, h_cert1);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
done:
|
|
Packit |
8681c6 |
/* done...close the session */
|
|
Packit |
8681c6 |
loc_rc = funcs->C_CloseAllSessions(slot_id);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_CloseAllSessions() loc_rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* do_HW_Feature_Search Test:
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* 1. Create 5 objects, 3 of which are HW_FEATURE objects.
|
|
Packit |
8681c6 |
* 2. Search for objects using a template that does have its
|
|
Packit |
8681c6 |
* HW_FEATURE attribute set.
|
|
Packit |
8681c6 |
* 3. Result should be that the hardware feature object is returned.
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV do_HWFeatureSearch(void)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
unsigned int i, got_it = 0;
|
|
Packit |
8681c6 |
CK_RV rc, loc_rc;
|
|
Packit |
8681c6 |
CK_ULONG find_count;
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id;
|
|
Packit |
8681c6 |
CK_BBOOL false = FALSE;
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE h_session = 0;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN] = {0};
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len = 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* A counter object */
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS counter1_class = CKO_HW_FEATURE;
|
|
Packit |
8681c6 |
CK_HW_FEATURE_TYPE feature1_type = CKH_MONOTONIC_COUNTER;
|
|
Packit |
8681c6 |
CK_UTF8CHAR counter1_label[] = "Monotonic counter";
|
|
Packit |
8681c6 |
CK_CHAR counter1_value[16];
|
|
Packit |
8681c6 |
CK_ATTRIBUTE counter1_template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &counter1_class, sizeof(counter1_class)},
|
|
Packit |
8681c6 |
{CKA_HW_FEATURE_TYPE, &feature1_type, sizeof(feature1_type)},
|
|
Packit |
8681c6 |
{CKA_LABEL, counter1_label, sizeof(counter1_label) - 1},
|
|
Packit |
8681c6 |
{CKA_VALUE, counter1_value, sizeof(counter1_value)},
|
|
Packit |
8681c6 |
{CKA_RESET_ON_INIT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_HAS_RESET, &false, sizeof(false)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* A clock object */
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS clock_class = CKO_HW_FEATURE;
|
|
Packit |
8681c6 |
CK_HW_FEATURE_TYPE clock_type = CKH_CLOCK;
|
|
Packit |
8681c6 |
CK_UTF8CHAR clock_label[] = "Clock";
|
|
Packit |
8681c6 |
CK_CHAR clock_value[16] = {0};
|
|
Packit |
8681c6 |
CK_ATTRIBUTE clock_template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &clock_class, sizeof(clock_class)},
|
|
Packit |
8681c6 |
{CKA_HW_FEATURE_TYPE, &clock_type, sizeof(clock_type)},
|
|
Packit |
8681c6 |
{CKA_LABEL, clock_label, sizeof(clock_label) - 1},
|
|
Packit |
8681c6 |
{CKA_VALUE, clock_value, sizeof(clock_value)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* A data object */
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS obj1_class = CKO_DATA;
|
|
Packit |
8681c6 |
CK_UTF8CHAR obj1_label[] = "Object 1";
|
|
Packit |
8681c6 |
CK_BYTE obj1_data[] = "Object 1's data";
|
|
Packit |
8681c6 |
CK_ATTRIBUTE obj1_template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &obj1_class, sizeof(obj1_class)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_LABEL, obj1_label, sizeof(obj1_label) - 1},
|
|
Packit |
8681c6 |
{CKA_VALUE, obj1_data, sizeof(obj1_data)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* A secret key object */
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS obj2_class = CKO_SECRET_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE obj2_type = CKK_AES;
|
|
Packit |
8681c6 |
CK_UTF8CHAR obj2_label[] = "Object 2";
|
|
Packit |
8681c6 |
CK_BYTE obj2_data[AES_KEY_SIZE_128] = {0};
|
|
Packit |
8681c6 |
CK_ATTRIBUTE obj2_template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &obj2_class, sizeof(obj2_class)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &obj2_type, sizeof(obj2_type)},
|
|
Packit |
8681c6 |
{CKA_LABEL, obj2_label, sizeof(obj2_label) - 1},
|
|
Packit |
8681c6 |
{CKA_VALUE, obj2_data, sizeof(obj2_data)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_counter1 = 0, h_clock = 0, h_obj1 = 0, h_obj2 = 0,
|
|
Packit |
8681c6 |
obj_list[10] = {0};
|
|
Packit |
8681c6 |
CK_ATTRIBUTE find_tmpl[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &counter1_class, sizeof(counter1_class)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("starting...");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (get_user_pin(user_pin))
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
user_pin_len = (CK_ULONG) strlen((char *) user_pin);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Open a session with the token */
|
|
Packit |
8681c6 |
if ((rc = funcs->C_OpenSession(slot_id,
|
|
Packit |
8681c6 |
(CKF_SERIAL_SESSION | CKF_RW_SESSION),
|
|
Packit |
8681c6 |
NULL_PTR, NULL_PTR, &h_session)) != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_OpenSession() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// Login correctly
|
|
Packit |
8681c6 |
rc = funcs->C_Login(h_session, CKU_USER, user_pin, user_pin_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_Login() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Create the 3 test objects */
|
|
Packit |
8681c6 |
if ((rc = funcs->C_CreateObject(h_session, obj1_template,
|
|
Packit |
8681c6 |
4, &h_obj1)) != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto session_close;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((rc = funcs->C_CreateObject(h_session, obj2_template,
|
|
Packit |
8681c6 |
5, &h_obj2)) != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy_1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* try and create a monotonic object. This should fail
|
|
Packit |
8681c6 |
* since it is a read only feature.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
if ((rc = funcs->C_CreateObject(h_session, counter1_template, 6,
|
|
Packit |
8681c6 |
&h_counter1)) != CKR_ATTRIBUTE_READ_ONLY) {
|
|
Packit |
8681c6 |
testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy_2;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((rc = funcs->C_CreateObject(h_session, clock_template,
|
|
Packit |
8681c6 |
4, &h_clock)) != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy_2;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Now find the hardware feature objects */
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsInit(h_session, find_tmpl, 1);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjectsInit() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
do {
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjects(h_session, obj_list, 10, &find_count);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjects() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
got_it = 0;
|
|
Packit |
8681c6 |
/* Make sure we got the right ones */
|
|
Packit |
8681c6 |
for (i = 0; i < find_count; i++) {
|
|
Packit |
8681c6 |
if (obj_list[i] == h_clock) {
|
|
Packit |
8681c6 |
got_it++;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} while (got_it == 0 && find_count != 0);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsFinal(h_session);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_FindObjectsFinal() rc = %s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (got_it != 1) {
|
|
Packit |
8681c6 |
testcase_fail("could not find the corect object handle");
|
|
Packit |
8681c6 |
rc = -1;
|
|
Packit |
8681c6 |
goto destroy;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_pass("Looks okay...");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
destroy:
|
|
Packit |
8681c6 |
/* Destroy the created objects, don't clobber the rc */
|
|
Packit |
8681c6 |
loc_rc = funcs->C_DestroyObject(h_session, h_clock);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject() rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
destroy_2:
|
|
Packit |
8681c6 |
loc_rc = funcs->C_DestroyObject(h_session, h_obj2);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject() rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
destroy_1:
|
|
Packit |
8681c6 |
loc_rc = funcs->C_DestroyObject(h_session, h_obj1);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject() rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
loc_rc = funcs->C_Logout(h_session);
|
|
Packit |
8681c6 |
if (loc_rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_Logout() rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
session_close:
|
|
Packit |
8681c6 |
/* Close the session */
|
|
Packit |
8681c6 |
if ((loc_rc = funcs->C_CloseSession(h_session)) != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_CloseSession() rc = %s", p11_get_ckr(loc_rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV obj_mgmt_functions()
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
int rc, errors = 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = do_CreateSessionObject();
|
|
Packit |
8681c6 |
if (rc)
|
|
Packit |
8681c6 |
errors++;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = do_CopyObject();
|
|
Packit |
8681c6 |
if (rc)
|
|
Packit |
8681c6 |
errors++;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = do_SetAttributeValues();
|
|
Packit |
8681c6 |
if (rc)
|
|
Packit |
8681c6 |
errors++;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = do_FindObjects();
|
|
Packit |
8681c6 |
if (rc)
|
|
Packit |
8681c6 |
errors++;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = do_HWFeatureSearch();
|
|
Packit |
8681c6 |
if (rc)
|
|
Packit |
8681c6 |
errors++;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = do_CreateTokenObjects();
|
|
Packit |
8681c6 |
if (rc)
|
|
Packit |
8681c6 |
errors++;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return errors++;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int main(int argc, char **argv)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_C_INITIALIZE_ARGS cinit_args;
|
|
Packit |
8681c6 |
int rc;
|
|
Packit |
8681c6 |
CK_RV rv;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = do_ParseArgs(argc, argv);
|
|
Packit |
8681c6 |
if (rc != 1)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("Using slot #%lu...\n\n", SLOT_ID);
|
|
Packit |
8681c6 |
printf("With option: no_init: %d, no_stop: %d, skip_token_obj: %d\n",
|
|
Packit |
8681c6 |
no_init, no_stop, skip_token_obj);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = do_GetFunctionList();
|
|
Packit |
8681c6 |
if (!rc) {
|
|
Packit |
8681c6 |
testcase_error_f("(setup)", "do_GetFunctionList() rc = %s",
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memset(&cinit_args, 0x0, sizeof(cinit_args));
|
|
Packit |
8681c6 |
cinit_args.flags = CKF_OS_LOCKING_OK;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// SAB Add calls to ALL functions before the C_Initialize gets hit
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
funcs->C_Initialize(&cinit_args);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE hsess = 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GetFunctionStatus(hsess);
|
|
Packit |
8681c6 |
if (rc != CKR_FUNCTION_NOT_PARALLEL)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_CancelFunction(hsess);
|
|
Packit |
8681c6 |
if (rc != CKR_FUNCTION_NOT_PARALLEL)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = obj_mgmt_functions();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* make sure we return non-zero if rv is non-zero */
|
|
Packit |
8681c6 |
return ((rv == 0) || (rv % 256) ? (int)rv : -1);
|
|
Packit |
8681c6 |
}
|