/* * COPYRIGHT (c) International Business Machines Corp. 2020 * * This program is provided under the terms of the Common Public License, * version 1.0 (CPL-1.0). Any use, reproduction or distribution for this * software constitutes recipient's acceptance of CPL-1.0 terms which can be * found in the file LICENSE file or at * https://opensource.org/licenses/cpl1.0.php */ /* File: obj_lock.c * * Test driver. In-depth regression test for PKCS #11 */ #include #include #include #include #include #include #include #include #include #include "pkcs11types.h" #include "regress.h" void *usage_thread_func(CK_OBJECT_HANDLE *h_key) { CK_RV rv; CK_SESSION_HANDLE session = CK_INVALID_HANDLE; CK_FLAGS flags; time_t t1, t2; CK_BYTE original[1024]; CK_BYTE cipher[1024]; CK_BYTE clear[1024]; CK_ULONG i, count, orig_len, cipher_len, clear_len; CK_MECHANISM mech; CK_BYTE init_v[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10 }; // open a session for this thread flags = CKF_SERIAL_SESSION | CKF_RW_SESSION; rv = funcs->C_OpenSession(SLOT_ID, flags, NULL, NULL, &session); if (rv != CKR_OK) { testcase_error("Thread %lu: C_OpenSession() rc = %s", pthread_self(), p11_get_ckr(rv)); goto end_thread; } // clear buffers memset(original, 0, sizeof(original)); memset(clear, 0, sizeof(clear)); memset(cipher, 0, sizeof(cipher)); // encrypt some data orig_len = sizeof(original); for (i = 0; i < orig_len; i++) original[i] = i % 255; mech.mechanism = CKM_AES_CBC; mech.ulParameterLen = 16; mech.pParameter = init_v; testcase_begin("Thread %lu: Encrypt/Decrypt", pthread_self()); count = 0; time(&t1); do { rv = funcs->C_EncryptInit(session, &mech, *h_key); if (rv != CKR_OK) { testcase_error("Thread %lu: C_EncryptInit rc=%s", pthread_self(), p11_get_ckr(rv)); goto close_session; } cipher_len = sizeof(cipher); rv = funcs->C_Encrypt(session, original, orig_len, cipher, &cipher_len); if (rv != CKR_OK) { testcase_error("Thread %lu: C_Encrypt rc=%s", pthread_self(), p11_get_ckr(rv)); goto close_session; } rv = funcs->C_DecryptInit(session, &mech, *h_key); if (rv != CKR_OK) { testcase_error("Thread %lu: C_DecryptInit rc=%s", pthread_self(), p11_get_ckr(rv)); goto close_session; } clear_len = sizeof(clear); rv = funcs->C_Decrypt(session, cipher, cipher_len, clear, &clear_len); if (rv != CKR_OK) { testcase_error("Thread %lu: C_Decrypt rc=%s", pthread_self(), p11_get_ckr(rv)); goto close_session; } time(&t2); count++; } while (difftime(t2, t1) < 10); testcase_pass("Thread %lu: ran %lu pairs of Encrypt/Decrypt", pthread_self(), count); close_session: // close the session rv = funcs->C_CloseSession(session); if (rv != CKR_OK) { testcase_error("Thread %lu: C_CloseSession() rc = %s",pthread_self(), p11_get_ckr(rv)); } end_thread: return NULL; } void *alter_thread_func(CK_OBJECT_HANDLE *h_key) { CK_RV rv; CK_SESSION_HANDLE session = CK_INVALID_HANDLE; CK_FLAGS flags; CK_ULONG count; time_t t1, t2; CK_BYTE id[100]; CK_ATTRIBUTE attribs[] = { {CKA_ID, &id, sizeof(id)}, }; // open a session for this thread flags = CKF_SERIAL_SESSION | CKF_RW_SESSION; rv = funcs->C_OpenSession(SLOT_ID, flags, NULL, NULL, &session); if (rv != CKR_OK) { testcase_error("Thread %lu: C_OpenSession() rc = %s", pthread_self(), p11_get_ckr(rv)); goto end_thread; } testcase_begin("Thread %lu: Get/SetAttribute", pthread_self()); count = 0; time(&t1); do { // Get attribute attribs[0].ulValueLen = sizeof(id); rv = funcs->C_GetAttributeValue(session, *h_key, attribs, 1); if (rv != CKR_OK) { testcase_error("Thread %lu: C_GetAttributeValue() rc = %s", pthread_self(), p11_get_ckr(rv)); goto close_session; } // Set attribute attribs[0].ulValueLen = sizeof(id); memset(id, count, sizeof(id)); rv = funcs->C_SetAttributeValue(session, *h_key, attribs, 1); if (rv != CKR_OK) { testcase_error("Thread %lu: C_SetAttributeValue() rc = %s", pthread_self(), p11_get_ckr(rv)); goto close_session; } time(&t2); count++; } while (difftime(t2, t1) < 10); testcase_pass("Thread %lu: ran %lu pairs of Get/SetAttribute", pthread_self(), count); close_session: // close the session rv = funcs->C_CloseSession(session); if (rv != CKR_OK) { testcase_error("Thread %lu: C_CloseSession() rc = %s",pthread_self(), p11_get_ckr(rv)); } end_thread: return NULL; } int generate_key(CK_SESSION_HANDLE session, CK_ULONG key_len, CK_BBOOL token_obj, CK_MECHANISM * mechkey, CK_OBJECT_HANDLE * h_key) { CK_CHAR label[] = "OBJ_LOCK_TEST_KEY"; CK_BYTE id[100] = { 0 }; CK_ATTRIBUTE key_gen_tmpl[] = { {CKA_VALUE_LEN, &key_len, sizeof(CK_ULONG)}, {CKA_TOKEN, &token_obj, sizeof(token_obj)}, {CKA_ID, id, sizeof(id)}, {CKA_LABEL, label, sizeof(label) - 1}, }; CK_RV rc = funcs->C_GenerateKey(session, mechkey, key_gen_tmpl, 4, h_key); return rc; } int find_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE * h_key) { CK_RV rc; CK_CHAR label[] = "OBJ_LOCK_TEST_KEY"; CK_BBOOL true = TRUE; CK_OBJECT_HANDLE obj_list[1] = { 0 }; CK_ULONG find_count = 0; CK_ATTRIBUTE find_tmpl[] = { {CKA_TOKEN, &true, sizeof(true)}, {CKA_LABEL, label, sizeof(label) - 1}, }; rc = funcs->C_FindObjectsInit(session, find_tmpl, 2); if (rc != CKR_OK) return rc; rc = funcs->C_FindObjects(session, obj_list, 1, &find_count); if (rc != CKR_OK) goto done; if (find_count != 1) { rc = CKR_OBJECT_HANDLE_INVALID; goto done; } *h_key = obj_list[0]; done: funcs->C_FindObjectsFinal(session); return rc; } int main(int argc, char **argv) { CK_C_INITIALIZE_ARGS cinit_args; int k; CK_BYTE user_pin[128]; CK_ULONG user_pin_len; CK_ULONG num_usage_threads = 2; CK_ULONG num_alter_threads = 2; CK_BBOOL token_obj = FALSE; CK_BBOOL create_obj = TRUE; CK_BBOOL destroy_obj = TRUE; CK_RV rv; CK_SESSION_HANDLE session = CK_INVALID_HANDLE; CK_FLAGS flags; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; CK_ULONG i; pthread_t id[1000]; for (k = 1; k < argc; k++) { if (strcmp(argv[k], "-slot") == 0) { ++k; SLOT_ID = atoi(argv[k]); } else if (strcmp(argv[k], "-usage-threads") == 0) { ++k; num_usage_threads = atoi(argv[k]); } else if (strcmp(argv[k], "-alter-threads") == 0) { ++k; num_alter_threads = atoi(argv[k]); } else if (strcmp(argv[k], "-token_obj") == 0) { token_obj = TRUE; } else if (strcmp(argv[k], "-reuse_obj") == 0) { create_obj = FALSE; } else if (strcmp(argv[k], "-keep_obj") == 0) { destroy_obj = FALSE; } if (strcmp(argv[k], "-h") == 0) { printf("usage: %s [-slot ] [-usage-threads ] [-alter-threads ] [-token_obj] [-reuse_obj] [-keep_obj] [-h]\n\n", argv[0]); printf("By default, Slot #1 are used with 2 usage and 2 alter threads\n\n"); return -1; } } if (get_user_pin(user_pin)) return CKR_FUNCTION_FAILED; user_pin_len = (CK_ULONG) strlen((char *) user_pin); printf("Using slot #%lu ...\n\n", SLOT_ID); rv = do_GetFunctionList(); if (rv != TRUE) { testcase_fail("do_GetFunctionList() rc = %s", p11_get_ckr(rv)); goto out; } testcase_setup(0); testcase_begin("Starting..."); // Initialize memset(&cinit_args, 0x0, sizeof(cinit_args)); cinit_args.flags = CKF_OS_LOCKING_OK; if ((rv = funcs->C_Initialize(&cinit_args))) { testcase_fail("C_Initialize() rc = %s", p11_get_ckr(rv)); goto out; } // Open Session and login for slot 1 testcase_new_assertion(); flags = CKF_SERIAL_SESSION | CKF_RW_SESSION; rv = funcs->C_OpenSession(SLOT_ID, flags, NULL, NULL, &session); if (rv != CKR_OK) { testcase_fail("C_OpenSession() rc = %s", p11_get_ckr(rv)); goto finalize; } testcase_pass("C_OpenSession"); testcase_new_assertion(); rv = funcs->C_Login(session, CKU_USER, user_pin, user_pin_len); if (rv != CKR_OK) { testcase_fail("C_Login() rc = %s", p11_get_ckr(rv)); goto close_session; } testcase_pass("C_Login as User"); if (!token_obj || create_obj) { // generate an AES key testcase_new_assertion(); mech.mechanism = CKM_AES_KEY_GEN; mech.ulParameterLen = 0; mech.pParameter = NULL; rv = generate_key(session, 256 / 8, token_obj, &mech, &h_key); if (rv != CKR_OK) { testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rv)); goto close_session; } testcase_pass("C_GenerateKey"); } else { // find the existing AES key testcase_new_assertion(); rv = find_key(session, &h_key); if (rv != CKR_OK) { testcase_error("find_key rc=%s", p11_get_ckr(rv)); goto close_session; } testcase_pass("find_key"); } // create the usage threads testcase_new_assertion(); for (i = 0; i < num_usage_threads; i++) { printf("Creating usage thread %lu\n", i); pthread_create(&id[i], NULL, (void *(*)(void *)) usage_thread_func, (void *)&h_key); } // create the alter threads for (i = 0; i < num_alter_threads; i++) { printf("Creating alter thread %lu\n", i); pthread_create(&id[num_usage_threads + i], NULL, (void *(*)(void *)) alter_thread_func, (void *)&h_key); } // wait for all threads to end for (i = 0; i < num_usage_threads + num_alter_threads; i++) { pthread_join(id[i], NULL); } testcase_pass("All threads have ended"); if (!token_obj || destroy_obj) { testcase_new_assertion(); rv = funcs->C_DestroyObject(session, h_key); if (rv != CKR_OK) { testcase_fail("C_DestroyObject() rc = %s", p11_get_ckr(rv)); } testcase_pass("C_DestroyObject"); } close_session: testcase_new_assertion(); if (session != CK_INVALID_HANDLE) { rv = funcs->C_CloseSession(session); if (rv != CKR_OK) { testcase_fail("C_CloseSession() rc = %s", p11_get_ckr(rv)); } } testcase_pass("C_CloseSession"); finalize: testcase_new_assertion(); rv = funcs->C_Finalize(NULL); if (rv != CKR_OK) { testcase_fail("C_Finalize() rc = %s", p11_get_ckr(rv)); } testcase_pass("C_Finalize"); out: testcase_print_result(); return 0; }