diff --git a/common/mock.c b/common/mock.c index 7a6230a74..4bcc6b9e2 100644 --- a/common/mock.c +++ b/common/mock.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2011, Collabora Ltd. + * Copyright (c) 2021, Red Hat, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -86,12 +87,13 @@ typedef struct _Session { /* For encrypt, decrypt operations */ CK_OBJECT_HANDLE crypto_key; - CK_ATTRIBUTE_TYPE crypto_method; + CK_FLAGS crypto_method; CK_MECHANISM_TYPE crypto_mechanism; + CK_BBOOL crypto_final; /* For sign, verify, digest, CKM_MOCK_COUNT */ CK_MECHANISM_TYPE hash_mechanism; - CK_ATTRIBUTE_TYPE hash_method; + CK_FLAGS hash_method; CK_OBJECT_HANDLE hash_key; CK_ULONG hash_count; @@ -1916,12 +1918,19 @@ mock_C_EncryptInit (CK_SESSION_HANDLE session, { Session *sess; - return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); if (!sess) return CKR_SESSION_HANDLE_INVALID; + /* can be called with pMechanism set to NULL_PTR to terminate an active encryption operation */ + if (mechanism == NULL) { + if (sess->crypto_method & CKF_ENCRYPT) { + sess->crypto_method &= ~CKF_ENCRYPT; + return CKR_OK; + } else + return CKR_ARGUMENTS_BAD; + } + /* Starting an operation, cancels any previous one */ sess->finding = CK_FALSE; @@ -1930,7 +1939,7 @@ mock_C_EncryptInit (CK_SESSION_HANDLE session, if (key != MOCK_PUBLIC_KEY_CAPITALIZE) return CKR_KEY_HANDLE_INVALID; - sess->crypto_method = CKA_ENCRYPT; + sess->crypto_method |= CKF_ENCRYPT; sess->crypto_mechanism = CKM_MOCK_CAPITALIZE; sess->crypto_key = key; return CKR_OK; @@ -1961,9 +1970,15 @@ mock_C_Encrypt (CK_SESSION_HANDLE session, CK_ULONG_PTR encrypted_data_len) { CK_ULONG last = 0; + Session *sess; CK_RV rv; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + rv = mock_C_EncryptUpdate (session, data, data_len, encrypted_data, encrypted_data_len); - if (rv == CKR_OK) + if (rv == CKR_OK && sess->crypto_final) rv = mock_C_EncryptFinal (session, encrypted_data, &last); return rv; } @@ -2010,9 +2025,10 @@ mock_C_EncryptUpdate (CK_SESSION_HANDLE session, if (!sess) return CKR_SESSION_HANDLE_INVALID; + sess->crypto_final = false; if (!sess->crypto_mechanism) return CKR_OPERATION_NOT_INITIALIZED; - if (sess->crypto_method != CKA_ENCRYPT) + if (!(sess->crypto_method & CKF_ENCRYPT)) return CKR_OPERATION_NOT_INITIALIZED; assert (sess->crypto_mechanism == CKM_MOCK_CAPITALIZE); assert (sess->crypto_key == MOCK_PUBLIC_KEY_CAPITALIZE); @@ -2030,6 +2046,7 @@ mock_C_EncryptUpdate (CK_SESSION_HANDLE session, for (i = 0; i < part_len; ++i) encrypted_part[i] = p11_ascii_toupper (part[i]); *encrypted_part_len = part_len; + sess->crypto_final = true; return CKR_OK; } @@ -2073,12 +2090,12 @@ mock_C_EncryptFinal (CK_SESSION_HANDLE session, if (!sess->crypto_mechanism) return CKR_OPERATION_NOT_INITIALIZED; - if (sess->crypto_method != CKA_ENCRYPT) + if (!(sess->crypto_method & CKF_ENCRYPT)) return CKR_OPERATION_NOT_INITIALIZED; *last_encrypted_part_len = 0; - sess->crypto_method = 0; + sess->crypto_method &= ~CKF_ENCRYPT; sess->crypto_mechanism = 0; sess->crypto_key = 0; return CKR_OK; @@ -2112,12 +2129,19 @@ mock_C_DecryptInit (CK_SESSION_HANDLE session, { Session *sess; - return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); if (!sess) return CKR_SESSION_HANDLE_INVALID; + /* can be called with pMechanism set to NULL_PTR to terminate an active decryption operation */ + if (mechanism == NULL) { + if (sess->crypto_method & CKF_DECRYPT) { + sess->crypto_method &= ~CKF_DECRYPT; + return CKR_OK; + } else + return CKR_ARGUMENTS_BAD; + } + /* Starting an operation, cancels any previous one */ sess->finding = false; @@ -2126,7 +2150,7 @@ mock_C_DecryptInit (CK_SESSION_HANDLE session, if (key != MOCK_PRIVATE_KEY_CAPITALIZE) return CKR_KEY_HANDLE_INVALID; - sess->crypto_method = CKA_DECRYPT; + sess->crypto_method |= CKF_DECRYPT; sess->crypto_mechanism = CKM_MOCK_CAPITALIZE; sess->crypto_key = key; return CKR_OK; @@ -2157,9 +2181,14 @@ mock_C_Decrypt (CK_SESSION_HANDLE session, CK_ULONG_PTR data_len) { CK_ULONG last = 0; + Session *sess; CK_RV rv; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; rv = mock_C_DecryptUpdate (session, encrypted_data, encrypted_data_len, data, data_len); - if (rv == CKR_OK) + if (rv == CKR_OK && sess->crypto_final) rv = mock_C_DecryptFinal (session, data, &last); return rv; } @@ -2206,9 +2235,10 @@ mock_C_DecryptUpdate (CK_SESSION_HANDLE session, if (!sess) return CKR_SESSION_HANDLE_INVALID; + sess->crypto_final = false; if (!sess->crypto_mechanism) return CKR_OPERATION_NOT_INITIALIZED; - if (sess->crypto_method != CKA_DECRYPT) + if (!(sess->crypto_method & CKF_DECRYPT)) return CKR_OPERATION_NOT_INITIALIZED; assert (sess->crypto_mechanism == CKM_MOCK_CAPITALIZE); assert (sess->crypto_key == MOCK_PRIVATE_KEY_CAPITALIZE); @@ -2226,6 +2256,7 @@ mock_C_DecryptUpdate (CK_SESSION_HANDLE session, for (i = 0; i < encrypted_part_len; ++i) part[i] = p11_ascii_tolower (encrypted_part[i]); *part_len = encrypted_part_len; + sess->crypto_final = true; return CKR_OK; } @@ -2269,12 +2300,12 @@ mock_C_DecryptFinal (CK_SESSION_HANDLE session, if (!sess->crypto_mechanism) return CKR_OPERATION_NOT_INITIALIZED; - if (sess->crypto_method != CKA_DECRYPT) + if (!(sess->crypto_method & CKF_DECRYPT)) return CKR_OPERATION_NOT_INITIALIZED; *last_part_len = 0; - sess->crypto_method = 0; + sess->crypto_method &= ~CKF_DECRYPT; sess->crypto_mechanism = 0; sess->crypto_key = 0; @@ -2308,12 +2339,19 @@ mock_C_DigestInit (CK_SESSION_HANDLE session, { Session *sess; - return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); if (!sess) return CKR_SESSION_HANDLE_INVALID; + /* can be called with pMechanism set to NULL_PTR to terminate an active message-digesting operation */ + if (mechanism == NULL) { + if (sess->hash_method == CKF_DIGEST) { + sess->hash_method = 0; + return CKR_OK; + } else + return CKR_ARGUMENTS_BAD; + } + /* Starting an operation, cancels any previous one */ sess->finding = false; @@ -2321,7 +2359,7 @@ mock_C_DigestInit (CK_SESSION_HANDLE session, return CKR_MECHANISM_INVALID; sess->hash_mechanism = CKM_MOCK_COUNT; - sess->hash_method = (CK_ULONG)-1; + sess->hash_method = CKF_DIGEST; sess->hash_count = 0; sess->hash_key = 0; return CKR_OK; @@ -2349,13 +2387,23 @@ mock_C_Digest (CK_SESSION_HANDLE session, CK_BYTE_PTR digest, CK_ULONG_PTR digest_len) { + Session *sess; CK_RV rv; return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + rv = mock_C_DigestUpdate (session, data, data_len); - if (rv == CKR_OK) + if (rv == CKR_OK) { rv = mock_C_DigestFinal (session, digest, digest_len); + if (sess->hash_method == CKF_DIGEST) { + /* not finalized -- reset the state */ + sess->hash_count = 0; + } + } return rv; } @@ -2397,7 +2445,7 @@ mock_C_DigestUpdate (CK_SESSION_HANDLE session, if (!sess->hash_mechanism) return CKR_OPERATION_NOT_INITIALIZED; - if (sess->hash_method != (CK_ULONG)-1) + if (sess->hash_method != CKF_DIGEST) return CKR_OPERATION_NOT_INITIALIZED; assert (sess->hash_mechanism == CKM_MOCK_COUNT); @@ -2434,7 +2482,7 @@ mock_C_DigestKey (CK_SESSION_HANDLE session, if (!sess->hash_mechanism) return CKR_OPERATION_NOT_INITIALIZED; - if (sess->hash_method != (CK_ULONG)-1) + if (sess->hash_method != CKF_DIGEST) return CKR_OPERATION_NOT_INITIALIZED; assert (sess->hash_mechanism == CKM_MOCK_COUNT); @@ -2474,7 +2522,7 @@ mock_C_DigestFinal (CK_SESSION_HANDLE session, if (!sess->hash_mechanism) return CKR_OPERATION_NOT_INITIALIZED; - if (sess->hash_method != (CK_ULONG)-1) + if (sess->hash_method != CKF_DIGEST) return CKR_OPERATION_NOT_INITIALIZED; assert (sess->hash_mechanism == CKM_MOCK_COUNT); @@ -2522,7 +2570,7 @@ mock_X_DigestFinal__invalid_handle (CK_X_FUNCTION_LIST *self, static CK_RV prefix_mechanism_init (CK_SESSION_HANDLE session, - CK_ATTRIBUTE_TYPE method, + CK_FLAGS method, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key) { @@ -2540,10 +2588,10 @@ prefix_mechanism_init (CK_SESSION_HANDLE session, if (mechanism->mechanism != CKM_MOCK_PREFIX) return CKR_MECHANISM_INVALID; - if (method == CKA_SIGN || method == CKA_SIGN_RECOVER) { + if (method == CKF_SIGN || method == CKF_SIGN_RECOVER) { if (key != MOCK_PRIVATE_KEY_PREFIX) return CKR_KEY_HANDLE_INVALID; - } else if (method == CKA_VERIFY || method == CKA_VERIFY_RECOVER) { + } else if (method == CKF_VERIFY || method == CKF_VERIFY_RECOVER) { if (key != MOCK_PUBLIC_KEY_PREFIX) return CKR_KEY_HANDLE_INVALID; } else { @@ -2583,7 +2631,7 @@ prefix_mechanism_init (CK_SESSION_HANDLE session, sess->n_sign_prefix = length; /* The private key has CKA_ALWAYS_AUTHENTICATE above */ - if (method == CKA_SIGN || method == CKA_SIGN_RECOVER) + if (method == CKF_SIGN || method == CKF_SIGN_RECOVER) sess->want_context_login = true; return CKR_OK; @@ -2595,8 +2643,22 @@ mock_C_SignInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key) { - return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); - return prefix_mechanism_init (session, CKA_SIGN, mechanism, key); + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + /* can be called with pMechanism set to NULL_PTR to terminate an active signature operation */ + if (mechanism == NULL) { + if (sess->hash_method == CKF_SIGN) { + sess->hash_method = 0; + return CKR_OK; + } else + return CKR_ARGUMENTS_BAD; + } + + return prefix_mechanism_init (session, CKF_SIGN, mechanism, key); } CK_RV @@ -2623,11 +2685,22 @@ mock_C_Sign (CK_SESSION_HANDLE session, CK_BYTE_PTR signature, CK_ULONG_PTR signature_len) { + Session *sess; CK_RV rv; + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + rv = mock_C_SignUpdate (session, data, data_len); - if (rv == CKR_OK) + + if (rv == CKR_OK) { rv = mock_C_SignFinal (session, signature, signature_len); + if (sess->hash_method == CKF_SIGN) { + /* not finalized -- reset the state */ + sess->hash_count = 0; + } + } return rv; } @@ -2668,7 +2741,7 @@ mock_C_SignUpdate (CK_SESSION_HANDLE session, if (!sess) return CKR_SESSION_HANDLE_INVALID; if (sess->hash_mechanism != CKM_MOCK_PREFIX || - sess->hash_method != CKA_SIGN) + sess->hash_method != CKF_SIGN) return CKR_OPERATION_NOT_INITIALIZED; if (sess->want_context_login) return CKR_USER_NOT_LOGGED_IN; @@ -2714,7 +2787,7 @@ mock_C_SignFinal (CK_SESSION_HANDLE session, if (!sess) return CKR_SESSION_HANDLE_INVALID; if (sess->hash_mechanism != CKM_MOCK_PREFIX || - sess->hash_method != CKA_SIGN) + sess->hash_method != CKF_SIGN) return CKR_OPERATION_NOT_INITIALIZED; if (sess->want_context_login) return CKR_USER_NOT_LOGGED_IN; @@ -2770,8 +2843,23 @@ mock_C_SignRecoverInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key) { - return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); - return prefix_mechanism_init (session, CKA_SIGN_RECOVER, mechanism, key); + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + /* can be called with pMechanism set to NULL_PTR to terminate + * an active signature with data recovery operation */ + if (mechanism == NULL) { + if (sess->hash_method == CKF_SIGN_RECOVER) { + sess->hash_method = 0; + return CKR_OK; + } else + return CKR_ARGUMENTS_BAD; + } + + return prefix_mechanism_init (session, CKF_SIGN_RECOVER, mechanism, key); } CK_RV @@ -2807,7 +2895,7 @@ mock_C_SignRecover (CK_SESSION_HANDLE session, sess = p11_dict_get (the_sessions, handle_to_pointer (session)); if (!sess) return CKR_SESSION_HANDLE_INVALID; - if (sess->hash_method != CKA_SIGN_RECOVER || + if (sess->hash_method != CKF_SIGN_RECOVER || sess->hash_mechanism != CKM_MOCK_PREFIX) return CKR_OPERATION_NOT_INITIALIZED; if (sess->want_context_login) @@ -2867,8 +2955,22 @@ mock_C_VerifyInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key) { - return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); - return prefix_mechanism_init (session, CKA_VERIFY, mechanism, key); + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + /* can be called with pMechanism set to NULL_PTR to terminate an active verification operation */ + if (mechanism == NULL) { + if (sess->hash_method == CKF_VERIFY) { + sess->hash_method = 0; + return CKR_OK; + } else + return CKR_ARGUMENTS_BAD; + } + + return prefix_mechanism_init (session, CKF_VERIFY, mechanism, key); } CK_RV @@ -2936,7 +3038,7 @@ mock_C_VerifyUpdate (CK_SESSION_HANDLE session, if (!sess) return CKR_SESSION_HANDLE_INVALID; if (sess->hash_mechanism != CKM_MOCK_PREFIX || - sess->hash_method != CKA_VERIFY) + sess->hash_method != CKF_VERIFY) return CKR_OPERATION_NOT_INITIALIZED; if (sess->want_context_login) return CKR_USER_NOT_LOGGED_IN; @@ -2971,6 +3073,7 @@ mock_C_VerifyFinal (CK_SESSION_HANDLE session, Session *sess; CK_ULONG length; int len; + CK_RV rv = CKR_OK; return_val_if_fail (signature, CKR_ARGUMENTS_BAD); @@ -2978,7 +3081,7 @@ mock_C_VerifyFinal (CK_SESSION_HANDLE session, if (!sess) return CKR_SESSION_HANDLE_INVALID; if (sess->hash_mechanism != CKM_MOCK_PREFIX || - sess->hash_method != CKA_VERIFY) + sess->hash_method != CKF_VERIFY) return CKR_OPERATION_NOT_INITIALIZED; if (sess->want_context_login) return CKR_USER_NOT_LOGGED_IN; @@ -2991,14 +3094,14 @@ mock_C_VerifyFinal (CK_SESSION_HANDLE session, if (memcmp (signature, sess->sign_prefix, sess->n_sign_prefix) != 0 || memcmp (signature + sess->n_sign_prefix, buffer, len) != 0) - return CKR_SIGNATURE_INVALID; + rv = CKR_SIGNATURE_INVALID; sess->hash_mechanism = 0; sess->hash_method = 0; sess->hash_count = 0; sess->hash_key = 0; - return CKR_OK; + return rv; } CK_RV @@ -3023,8 +3126,23 @@ mock_C_VerifyRecoverInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key) { - return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); - return prefix_mechanism_init (session, CKA_VERIFY_RECOVER, mechanism, key); + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + /* can be called with pMechanism set to NULL_PTR to terminate + * an active verification with data recovery operation */ + if (mechanism == NULL) { + if (sess->hash_method == CKF_VERIFY_RECOVER) { + sess->hash_method = 0; + return CKR_OK; + } else + return CKR_ARGUMENTS_BAD; + } + + return prefix_mechanism_init (session, CKF_VERIFY_RECOVER, mechanism, key); } CK_RV @@ -3060,7 +3178,7 @@ mock_C_VerifyRecover (CK_SESSION_HANDLE session, if (!sess) return CKR_SESSION_HANDLE_INVALID; if (sess->hash_mechanism != CKM_MOCK_PREFIX || - sess->hash_method != CKA_VERIFY_RECOVER) + sess->hash_method != CKF_VERIFY_RECOVER) return CKR_OPERATION_NOT_INITIALIZED; if (sess->want_context_login) return CKR_USER_NOT_LOGGED_IN; diff --git a/common/pkcs11.h b/common/pkcs11.h index 6058b6d06..b63b242b4 100644 --- a/common/pkcs11.h +++ b/common/pkcs11.h @@ -1118,7 +1118,7 @@ _CK_DECLARE_FUNCTION (C_SetOperationState, unsigned char *operation_state, unsigned long operation_state_len, ck_object_handle_t encryption_key, - ck_object_handle_t authentiation_key)); + ck_object_handle_t authentication_key)); _CK_DECLARE_FUNCTION (C_Login, (ck_session_handle_t session, ck_user_type_t user_type, unsigned char *pin, unsigned long pin_len)); diff --git a/p11-kit/log.c b/p11-kit/log.c index 58bc5f461..e715f5cf9 100644 --- a/p11-kit/log.c +++ b/p11-kit/log.c @@ -466,11 +466,15 @@ log_mechanism (p11_buffer *buf, p11_buffer_add (buf, name, -1); p11_buffer_add (buf, " = {\n", 5); p11_buffer_add (buf, "\tmechanism: ", -1); - log_CKM (buf, mech->mechanism); - p11_buffer_add (buf, "\n\tpParameter: ", -1); - snprintf (temp, sizeof (temp), "(%lu) ", mech->ulParameterLen); - p11_buffer_add (buf, temp, -1); - log_some_bytes (buf, mech->pParameter, mech->ulParameterLen); + if (mech != NULL) { + log_CKM (buf, mech->mechanism); + p11_buffer_add (buf, "\n\tpParameter: ", -1); + snprintf (temp, sizeof (temp), "(%lu) ", mech->ulParameterLen); + p11_buffer_add (buf, temp, -1); + log_some_bytes (buf, mech->pParameter, mech->ulParameterLen); + } else { + p11_buffer_add (buf, "NULL", 4); + } p11_buffer_add (buf, "\n }\n", -1); } diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c index 3d31a3c6e..724b541e5 100644 --- a/p11-kit/rpc-client.c +++ b/p11-kit/rpc-client.c @@ -421,12 +421,17 @@ proto_write_mechanism (p11_rpc_message *msg, CK_MECHANISM_PTR mech) { assert (msg != NULL); - assert (mech != NULL); assert (msg->output != NULL); /* Make sure this is in the right order */ assert (!msg->signature || p11_rpc_message_verify_part (msg, "M")); + /* This case is valid for C_*Init () functions to cancel operation */ + if (mech == NULL) { + p11_rpc_buffer_add_uint32 (msg->output, 0); + return p11_buffer_failed (msg->output) ? CKR_HOST_MEMORY : CKR_OK; + } + if (!p11_rpc_mechanism_is_supported (mech->mechanism)) return CKR_MECHANISM_INVALID; @@ -624,8 +629,6 @@ proto_read_sesssion_info (p11_rpc_message *msg, { _ret = CKR_HOST_MEMORY; goto _cleanup; } #define IN_MECHANISM(val) \ - if (val == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ _ret = proto_write_mechanism (&_msg, val); \ if (_ret != CKR_OK) goto _cleanup; diff --git a/p11-kit/rpc-message.c b/p11-kit/rpc-message.c index f785b79bd..5fcb056a4 100644 --- a/p11-kit/rpc-message.c +++ b/p11-kit/rpc-message.c @@ -2114,6 +2114,11 @@ p11_rpc_buffer_get_mechanism (p11_buffer *buffer, mech->mechanism = mechanism; + /* special NULL case */ + if (mechanism == 0) { + return true; + } + for (i = 0; i < ELEMS (p11_rpc_mechanism_serializers); i++) { if (p11_rpc_mechanism_serializers[i].type == mech->mechanism) { serializer = &p11_rpc_mechanism_serializers[i]; diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c index 7c82a1429..7c66215d4 100644 --- a/p11-kit/rpc-server.c +++ b/p11-kit/rpc-server.c @@ -121,6 +121,7 @@ proto_read_byte_array (p11_rpc_message *msg, { const unsigned char *data; unsigned char valid; + uint32_t len; size_t n_data; assert (msg != NULL); @@ -134,8 +135,10 @@ proto_read_byte_array (p11_rpc_message *msg, return PARSE_ERROR; if (!valid) { + if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &len)) + return PARSE_ERROR; *array = NULL; - *n_array = 0; + *n_array = len; return CKR_OK; } @@ -426,7 +429,7 @@ proto_read_null_string (p11_rpc_message *msg, static CK_RV proto_read_mechanism (p11_rpc_message *msg, - CK_MECHANISM_PTR mech) + CK_MECHANISM_PTR *mech) { size_t offset; CK_MECHANISM temp; @@ -446,19 +449,24 @@ proto_read_mechanism (p11_rpc_message *msg, return PARSE_ERROR; } - mech->mechanism = temp.mechanism; + if (temp.mechanism == 0) { + *mech = NULL; + return CKR_OK; + } + + (*mech)->mechanism = temp.mechanism; /* The mechanism doesn't require parameter */ if (temp.ulParameterLen == 0) { - mech->pParameter = NULL; - mech->ulParameterLen = 0; + (*mech)->pParameter = NULL; + (*mech)->ulParameterLen = 0; msg->parsed = offset; return CKR_OK; } /* Actually retrieve the parameter */ - mech->pParameter = p11_rpc_message_alloc_extra (msg, temp.ulParameterLen); - if (!p11_rpc_buffer_get_mechanism (msg->input, &msg->parsed, mech)) + (*mech)->pParameter = p11_rpc_message_alloc_extra (msg, temp.ulParameterLen); + if (!p11_rpc_buffer_get_mechanism (msg->input, &msg->parsed, *mech)) return PARSE_ERROR; assert (msg->parsed == offset); @@ -1180,14 +1188,15 @@ rpc_C_EncryptInit (CK_X_FUNCTION_LIST *self, p11_rpc_message *msg) { CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; + CK_MECHANISM mechanism_; + CK_MECHANISM_PTR mechanism = &mechanism_; CK_OBJECT_HANDLE key; BEGIN_CALL (EncryptInit); IN_ULONG (session); IN_MECHANISM (mechanism); IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); + PROCESS_CALL ((self, session, mechanism, key)); END_CALL; } @@ -1251,14 +1260,15 @@ rpc_C_DecryptInit (CK_X_FUNCTION_LIST *self, p11_rpc_message *msg) { CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; + CK_MECHANISM mechanism_; + CK_MECHANISM_PTR mechanism = &mechanism_; CK_OBJECT_HANDLE key; BEGIN_CALL (DecryptInit); IN_ULONG (session); IN_MECHANISM (mechanism); IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); + PROCESS_CALL ((self, session, mechanism, key)); END_CALL; } @@ -1321,12 +1331,13 @@ rpc_C_DigestInit (CK_X_FUNCTION_LIST *self, p11_rpc_message *msg) { CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; + CK_MECHANISM mechanism_; + CK_MECHANISM_PTR mechanism = &mechanism_; BEGIN_CALL (DigestInit); IN_ULONG (session); IN_MECHANISM (mechanism); - PROCESS_CALL ((self, session, &mechanism)); + PROCESS_CALL ((self, session, mechanism)); END_CALL; } @@ -1399,14 +1410,15 @@ rpc_C_SignInit (CK_X_FUNCTION_LIST *self, p11_rpc_message *msg) { CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; + CK_MECHANISM mechanism_; + CK_MECHANISM_PTR mechanism = &mechanism_; CK_OBJECT_HANDLE key; BEGIN_CALL (SignInit); IN_ULONG (session); IN_MECHANISM (mechanism); IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); + PROCESS_CALL ((self, session, mechanism, key)); END_CALL; } @@ -1466,14 +1478,15 @@ rpc_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, p11_rpc_message *msg) { CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; + CK_MECHANISM mechanism_; + CK_MECHANISM_PTR mechanism = &mechanism_; CK_OBJECT_HANDLE key; BEGIN_CALL (SignRecoverInit); IN_ULONG (session); IN_MECHANISM (mechanism); IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); + PROCESS_CALL ((self, session, mechanism, key)); END_CALL; } @@ -1501,14 +1514,15 @@ rpc_C_VerifyInit (CK_X_FUNCTION_LIST *self, p11_rpc_message *msg) { CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; + CK_MECHANISM mechanism_; + CK_MECHANISM_PTR mechanism = &mechanism_; CK_OBJECT_HANDLE key; BEGIN_CALL (VerifyInit); IN_ULONG (session); IN_MECHANISM (mechanism); IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); + PROCESS_CALL ((self, session, mechanism, key)); END_CALL; } @@ -1565,14 +1579,15 @@ rpc_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, p11_rpc_message *msg) { CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; + CK_MECHANISM mechanism_; + CK_MECHANISM_PTR mechanism = &mechanism_; CK_OBJECT_HANDLE key; BEGIN_CALL (VerifyRecoverInit); IN_ULONG (session); IN_MECHANISM (mechanism); IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); + PROCESS_CALL ((self, session, mechanism, key)); END_CALL; } @@ -1676,7 +1691,8 @@ rpc_C_GenerateKey (CK_X_FUNCTION_LIST *self, p11_rpc_message *msg) { CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; + CK_MECHANISM mechanism_; + CK_MECHANISM_PTR mechanism = &mechanism_; CK_ATTRIBUTE_PTR template; CK_ULONG count; CK_OBJECT_HANDLE key; @@ -1685,7 +1701,7 @@ rpc_C_GenerateKey (CK_X_FUNCTION_LIST *self, IN_ULONG (session); IN_MECHANISM (mechanism); IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL ((self, session, &mechanism, template, count, &key)); + PROCESS_CALL ((self, session, mechanism, template, count, &key)); OUT_ULONG (key); END_CALL; } @@ -1695,7 +1711,8 @@ rpc_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, p11_rpc_message *msg) { CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; + CK_MECHANISM mechanism_; + CK_MECHANISM_PTR mechanism = &mechanism_; CK_ATTRIBUTE_PTR public_key_template; CK_ULONG public_key_attribute_count; CK_ATTRIBUTE_PTR private_key_template; @@ -1708,7 +1725,8 @@ rpc_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, IN_MECHANISM (mechanism); IN_ATTRIBUTE_ARRAY (public_key_template, public_key_attribute_count); IN_ATTRIBUTE_ARRAY (private_key_template, private_key_attribute_count); - PROCESS_CALL ((self, session, &mechanism, public_key_template, public_key_attribute_count, private_key_template, private_key_attribute_count, &public_key, &private_key)); + PROCESS_CALL ((self, session, mechanism, public_key_template, public_key_attribute_count, + private_key_template, private_key_attribute_count, &public_key, &private_key)); OUT_ULONG (public_key); OUT_ULONG (private_key); END_CALL; @@ -1719,7 +1737,8 @@ rpc_C_WrapKey (CK_X_FUNCTION_LIST *self, p11_rpc_message *msg) { CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; + CK_MECHANISM mechanism_; + CK_MECHANISM_PTR mechanism = &mechanism_; CK_OBJECT_HANDLE wrapping_key; CK_OBJECT_HANDLE key; CK_BYTE_PTR wrapped_key; @@ -1731,7 +1750,7 @@ rpc_C_WrapKey (CK_X_FUNCTION_LIST *self, IN_ULONG (wrapping_key); IN_ULONG (key); IN_BYTE_BUFFER (wrapped_key, wrapped_key_len); - PROCESS_CALL ((self, session, &mechanism, wrapping_key, key, wrapped_key, &wrapped_key_len)); + PROCESS_CALL ((self, session, mechanism, wrapping_key, key, wrapped_key, &wrapped_key_len)); OUT_BYTE_ARRAY (wrapped_key, wrapped_key_len); END_CALL; } @@ -1741,7 +1760,8 @@ rpc_C_UnwrapKey (CK_X_FUNCTION_LIST *self, p11_rpc_message *msg) { CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; + CK_MECHANISM mechanism_; + CK_MECHANISM_PTR mechanism = &mechanism_; CK_OBJECT_HANDLE unwrapping_key; CK_BYTE_PTR wrapped_key; CK_ULONG wrapped_key_len; @@ -1755,7 +1775,7 @@ rpc_C_UnwrapKey (CK_X_FUNCTION_LIST *self, IN_ULONG (unwrapping_key); IN_BYTE_ARRAY (wrapped_key, wrapped_key_len); IN_ATTRIBUTE_ARRAY (template, attribute_count); - PROCESS_CALL ((self, session, &mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, attribute_count, &key)); + PROCESS_CALL ((self, session, mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, attribute_count, &key)); OUT_ULONG (key); END_CALL; } @@ -1765,7 +1785,8 @@ rpc_C_DeriveKey (CK_X_FUNCTION_LIST *self, p11_rpc_message *msg) { CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; + CK_MECHANISM mechanism_; + CK_MECHANISM_PTR mechanism = &mechanism_; CK_OBJECT_HANDLE base_key; CK_ATTRIBUTE_PTR template; CK_ULONG attribute_count; @@ -1776,7 +1797,7 @@ rpc_C_DeriveKey (CK_X_FUNCTION_LIST *self, IN_MECHANISM (mechanism); IN_ULONG (base_key); IN_ATTRIBUTE_ARRAY (template, attribute_count); - PROCESS_CALL ((self, session, &mechanism, base_key, template, attribute_count, &key)); + PROCESS_CALL ((self, session, mechanism, base_key, template, attribute_count, &key)); OUT_ULONG (key); END_CALL; } diff --git a/p11-kit/test-mock.c b/p11-kit/test-mock.c index 6cc690c69..4bce6be69 100644 --- a/p11-kit/test-mock.c +++ b/p11-kit/test-mock.c @@ -1,6 +1,6 @@ /* * Copyright (c) 2012 Stefan Walter - * Copyright (c) 2012-2013 Red Hat Inc. + * Copyright (c) 2012-2021 Red Hat Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -30,7 +30,8 @@ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * - * Author: Stef Walter + * Authors: Stef Walter + * Jakub Jelen */ #include "test.h" @@ -436,13 +437,13 @@ test_set_pin (void) module = setup_mock_module (&session); rv = (module->C_SetPIN) (0, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"other", 5, (CK_UTF8CHAR_PTR)"OTHER", 5); - assert (rv == CKR_PIN_INCORRECT); + assert_num_eq (rv, CKR_PIN_INCORRECT); teardown_mock_module (module); } @@ -485,19 +486,19 @@ test_login_logout (void) module = setup_mock_module (&session); rv = (module->C_Login) (0, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"bo", 2); - assert (rv == CKR_PIN_INCORRECT); + assert_num_eq (rv, CKR_PIN_INCORRECT); rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_Logout) (session); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_Logout) (session); - assert (rv == CKR_USER_NOT_LOGGED_IN); + assert_num_eq (rv, CKR_USER_NOT_LOGGED_IN); teardown_mock_module (module); } @@ -583,17 +584,20 @@ test_set_attribute_value (void) attrs[1].pValue = &bits; attrs[1].ulValueLen = sizeof (bits); + rv = (module->C_SetAttributeValue) (0, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 2); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); + rv = (module->C_SetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_USER_NOT_LOGGED_IN); + assert_num_eq (rv, CKR_USER_NOT_LOGGED_IN); rv = (module->C_SetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); memset (label, 0, sizeof (label)); bits = 0; rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); assert_num_eq (bits, 1555); assert_num_eq (7, attrs[0].ulValueLen); @@ -645,6 +649,61 @@ test_create_object (void) teardown_mock_module (module); } +static void +test_create_object_private (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE attrs[8]; + char label[32]; + CK_ULONG bits; + CK_BBOOL true_value = CK_TRUE; + CK_RV rv; + + module = setup_mock_module (&session); + + strcpy (label, "Private Blahooo"); + bits = 15555; + + attrs[0].type = CKA_LABEL; + attrs[0].pValue = label; + attrs[0].ulValueLen = strlen (label); + attrs[1].type = CKA_BITS_PER_PIXEL; + attrs[1].pValue = &bits; + attrs[1].ulValueLen = sizeof (bits); + attrs[2].type = CKA_PRIVATE; + attrs[2].pValue = &true_value; + attrs[2].ulValueLen = sizeof (true_value); + + rv = (module->C_CreateObject) (0, attrs, 3, &object); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_CreateObject) (session, attrs, 3, &object); + assert_num_eq (rv, CKR_USER_NOT_LOGGED_IN); + + rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); + assert_num_eq (rv, CKR_OK); + + rv = (module->C_CreateObject) (session, attrs, 3, &object); + assert_num_eq (rv, CKR_OK); + + attrs[0].ulValueLen = sizeof (label); + memset (label, 0, sizeof (label)); + bits = 0; + true_value = -1; + + rv = (module->C_GetAttributeValue) (session, object, attrs, 3); + assert_num_eq (rv, CKR_OK); + + assert_num_eq (bits, 15555); + assert_num_eq (15, attrs[0].ulValueLen); + assert (memcmp (label, "Private Blahooo", attrs[0].ulValueLen) == 0); + assert_num_eq (true_value, CK_TRUE); + + teardown_mock_module (module); +} + static void test_copy_object (void) { @@ -685,6 +744,52 @@ test_copy_object (void) teardown_mock_module (module); } +static void +test_copy_object_private (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE attrs[8]; + char label[32]; + CK_ULONG bits; + CK_RV rv; + + module = setup_mock_module (&session); + + bits = 1555; + + attrs[0].type = CKA_BITS_PER_PIXEL; + attrs[0].pValue = &bits; + attrs[0].ulValueLen = sizeof (bits); + + rv = (module->C_CopyObject) (session, 1333, attrs, 1, &object); + assert_num_eq (rv, CKR_OBJECT_HANDLE_INVALID); + + rv = (module->C_CopyObject) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 1, &object); + assert_num_eq (rv, CKR_USER_NOT_LOGGED_IN); + + rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); + assert_num_eq (rv, CKR_OK); + + rv = (module->C_CopyObject) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 1, &object); + assert_num_eq (rv, CKR_OK); + + attrs[1].type = CKA_LABEL; + attrs[1].pValue = label; + attrs[1].ulValueLen = sizeof (label); + bits = 0; + + rv = (module->C_GetAttributeValue) (session, object, attrs, 2); + assert_num_eq (rv, CKR_OK); + + assert_num_eq (bits, 1555); + assert_num_eq (22, attrs[1].ulValueLen); + assert (memcmp (label, "Private Capitalize Key", attrs[1].ulValueLen) == 0); + + teardown_mock_module (module); +} + static void test_destroy_object (void) { @@ -808,44 +913,73 @@ test_encrypt (void) module = setup_mock_module (&session); + rv = (module->C_EncryptInit) (0, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); + rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_KEY_HANDLE_INVALID); + assert_num_eq (rv, CKR_KEY_HANDLE_INVALID); rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); + + /* null mechanism cancels the operation */ + rv = (module->C_EncryptInit) (session, NULL, MOCK_PUBLIC_KEY_CAPITALIZE); + assert_num_eq (rv, CKR_OK); length = sizeof (data); rv = (module->C_Encrypt) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (data); rv = (module->C_Encrypt) (session, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OPERATION_NOT_INITIALIZED); + + rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); + assert_num_eq (rv, CKR_OK); + + /* just get the length */ + length = 0; + rv = (module->C_Encrypt) (session, (CK_BYTE_PTR)"blah", 4, NULL, &length); + assert_num_eq (rv, CKR_OK); + assert_num_eq (length, 4); + + length = 1; + rv = (module->C_Encrypt) (session, (CK_BYTE_PTR)"blah", 4, data, &length); + assert_num_eq (rv, CKR_BUFFER_TOO_SMALL); + assert_num_eq (length, 4); + + length = sizeof (data); + rv = (module->C_Encrypt) (session, (CK_BYTE_PTR)"blah", 4, data, &length); + assert_num_eq (rv, CKR_OK); assert_num_eq (4, length); assert (memcmp (data, "BLAH", 4) == 0); rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); length = sizeof (data); - rv = (module->C_EncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + rv = (module->C_EncryptUpdate) (0, (CK_BYTE_PTR)"sLurm", 5, data, &length); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (data); rv = (module->C_EncryptUpdate) (session, (CK_BYTE_PTR)"sLurm", 5, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); assert_num_eq (5, length); assert (memcmp (data, "SLURM", 5) == 0); length = sizeof (data); rv = (module->C_EncryptFinal) (0, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (data); rv = (module->C_EncryptFinal) (session, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); + + length = sizeof (data); + rv = (module->C_EncryptFinal) (session, data, &length); + assert_num_eq (rv, CKR_OPERATION_NOT_INITIALIZED); teardown_mock_module (module); } @@ -863,46 +997,75 @@ test_decrypt (void) module = setup_mock_module (&session); rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); + + rv = (module->C_DecryptInit) (0, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_KEY_HANDLE_INVALID); + assert_num_eq (rv, CKR_KEY_HANDLE_INVALID); rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); + + /* null mechanism cancels the operation */ + rv = (module->C_DecryptInit) (session, NULL, MOCK_PRIVATE_KEY_CAPITALIZE); + assert_num_eq (rv, CKR_OK); length = sizeof (data); rv = (module->C_Decrypt) (0, (CK_BYTE_PTR)"bLAH", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (data); rv = (module->C_Decrypt) (session, (CK_BYTE_PTR)"BLAh", 4, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OPERATION_NOT_INITIALIZED); + + rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); + assert_num_eq (rv, CKR_OK); + + /* just get the length */ + length = 0; + rv = (module->C_Decrypt) (session, (CK_BYTE_PTR)"BLAh", 4, NULL, &length); + assert_num_eq (rv, CKR_OK); + assert_num_eq (length, 4); + + length = 1; + rv = (module->C_Decrypt) (session, (CK_BYTE_PTR)"BLAh", 4, data, &length); + assert_num_eq (rv, CKR_BUFFER_TOO_SMALL); + assert_num_eq (length, 4); + + length = sizeof (data); + rv = (module->C_Decrypt) (session, (CK_BYTE_PTR)"BLAh", 4, data, &length); + assert_num_eq (rv, CKR_OK); assert_num_eq (4, length); assert (memcmp (data, "blah", 4) == 0); rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); length = sizeof (data); rv = (module->C_DecryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (data); rv = (module->C_DecryptUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); assert_num_eq (5, length); assert (memcmp (data, "slurm", 5) == 0); length = sizeof (data); rv = (module->C_DecryptFinal) (0, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (data); rv = (module->C_DecryptFinal) (session, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); + + length = sizeof (data); + rv = (module->C_DecryptFinal) (session, data, &length); + assert_num_eq (rv, CKR_OPERATION_NOT_INITIALIZED); teardown_mock_module (module); } @@ -913,6 +1076,7 @@ test_digest (void) CK_FUNCTION_LIST_PTR module; CK_SESSION_HANDLE session = 0; CK_MECHANISM mech = { CKM_MOCK_COUNT, NULL, 0 }; + CK_MECHANISM mech_bad = { CKM_MOCK_PREFIX, NULL, 0 }; CK_BYTE digest[128]; CK_ULONG length; CK_RV rv; @@ -920,46 +1084,71 @@ test_digest (void) module = setup_mock_module (&session); rv = (module->C_DigestInit) (0, &mech); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_DigestInit) (session, &mech_bad); + assert_num_eq (rv, CKR_MECHANISM_INVALID); rv = (module->C_DigestInit) (session, &mech); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); + + /* null mechanism cancels the operation */ + rv = (module->C_DigestInit) (session, NULL); + assert_num_eq (rv, CKR_OK); length = sizeof (digest); rv = (module->C_Digest) (0, (CK_BYTE_PTR)"bLAH", 4, digest, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (digest); rv = (module->C_Digest) (session, (CK_BYTE_PTR)"BLAh", 4, digest, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OPERATION_NOT_INITIALIZED); + + rv = (module->C_DigestInit) (session, &mech); + assert_num_eq (rv, CKR_OK); + + /* just get the length */ + length = sizeof (digest); + rv = (module->C_Digest) (session, (CK_BYTE_PTR)"BLAh", 4, NULL, &length); + assert_num_eq (rv, CKR_OK); + assert_num_eq (length, 1); + + length = 0; + rv = (module->C_Digest) (session, (CK_BYTE_PTR)"BLAh", 4, digest, &length); + assert_num_eq (rv, CKR_BUFFER_TOO_SMALL); + assert_num_eq (length, 1); + + length = sizeof (digest); + rv = (module->C_Digest) (session, (CK_BYTE_PTR)"BLAh", 4, digest, &length); + assert_num_eq (rv, CKR_OK); assert_num_eq (1, length); assert (memcmp (digest, "4", 1) == 0); rv = (module->C_DigestInit) (session, &mech); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_DigestUpdate) (0, (CK_BYTE_PTR)"blah", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); /* Adds the the value of object handle to hash: 6 */ assert_num_eq (6, MOCK_PUBLIC_KEY_PREFIX); rv = (module->C_DigestKey) (session, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"Other", 5); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); length = sizeof (digest); rv = (module->C_DigestFinal) (0, digest, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (digest); rv = (module->C_DigestFinal) (session, digest, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); assert_num_eq (2, length); assert (memcmp (digest, "16", 2) == 0); @@ -980,50 +1169,72 @@ test_sign (void) module = setup_mock_module (&session); rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_SignInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); - rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); + /* NULL mechanisms cancel the operation */ + rv = (module->C_SignInit) (session, NULL, MOCK_PRIVATE_KEY_PREFIX); + assert_num_eq (rv, CKR_OK); length = sizeof (signature); rv = (module->C_Sign) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (signature); + rv = (module->C_Sign) (session, (CK_BYTE_PTR)"bLAH", 4, signature, &length); + assert_num_eq (rv, CKR_OPERATION_NOT_INITIALIZED); + + rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); + assert_num_eq (rv, CKR_OK); + + rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); + assert_num_eq (rv, CKR_OK); + + /* just get the length */ + length = sizeof (signature); + rv = (module->C_Sign) (session, (CK_BYTE_PTR)"BLAh", 4, NULL, &length); + assert_num_eq (rv, CKR_OK); + assert_num_eq (13, length); + + length = 1; rv = (module->C_Sign) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_BUFFER_TOO_SMALL); + assert_num_eq (13, length); + + length = sizeof (signature); + rv = (module->C_Sign) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); + assert_num_eq (rv, CKR_OK); assert_num_eq (13, length); assert (memcmp (signature, "prefix:value4", 13) == 0); rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_SignUpdate) (0, (CK_BYTE_PTR)"blah", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"Other", 5); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); length = sizeof (signature); rv = (module->C_SignFinal) (0, signature, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (signature); rv = (module->C_SignFinal) (session, signature, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); assert_num_eq (14, length); assert (memcmp (signature, "prefix:value10", 2) == 0); @@ -1044,24 +1255,47 @@ test_sign_recover (void) module = setup_mock_module (&session); rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_SignRecoverInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); rv = (module->C_SignRecoverInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); - rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); + /* NULL mech cancels the operation */ + rv = (module->C_SignRecoverInit) (session, NULL, MOCK_PRIVATE_KEY_PREFIX); + assert_num_eq (rv, CKR_OK); length = sizeof (signature); rv = (module->C_SignRecover) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (signature); rv = (module->C_SignRecover) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OPERATION_NOT_INITIALIZED); + + rv = (module->C_SignRecoverInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); + assert_num_eq (rv, CKR_OK); + + rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); + assert_num_eq (rv, CKR_OK); + + /* just get the length */ + length = 0; + rv = (module->C_SignRecover) (session, (CK_BYTE_PTR)"BLAh", 4, NULL, &length); + assert_num_eq (rv, CKR_OK); + assert_num_eq (16, length); + + /* just get the length */ + length = 1; + rv = (module->C_SignRecover) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); + assert_num_eq (rv, CKR_BUFFER_TOO_SMALL); + assert_num_eq (16, length); + + length = sizeof (signature); + rv = (module->C_SignRecover) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); + assert_num_eq (rv, CKR_OK); assert_num_eq (16, length); assert (memcmp (signature, "prefix:valueBLAh", 16) == 0); @@ -1082,39 +1316,49 @@ test_verify (void) module = setup_mock_module (&session); rv = (module->C_VerifyInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); + + /* NULL mech cancels operation */ + rv = (module->C_VerifyInit) (session, NULL, MOCK_PUBLIC_KEY_PREFIX); + assert_num_eq (rv, CKR_OK); length = 13; memcpy (signature, "prefix:value4", length); rv = (module->C_Verify) (0, (CK_BYTE_PTR)"bLAH", 4, signature, 5); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); rv = (module->C_Verify) (session, (CK_BYTE_PTR)"BLAh", 4, signature, length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OPERATION_NOT_INITIALIZED); rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); + + rv = (module->C_Verify) (session, (CK_BYTE_PTR)"BLAh", 4, signature, length); + assert_num_eq (rv, CKR_OK); + + rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); + assert_num_eq (rv, CKR_OK); rv = (module->C_VerifyUpdate) (0, (CK_BYTE_PTR)"blah", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"Other", 5); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); length = 14; memcpy (signature, "prefix:value10", length); rv = (module->C_VerifyFinal) (session, signature, 5); - assert (rv == CKR_SIGNATURE_LEN_RANGE); + assert_num_eq (rv, CKR_SIGNATURE_LEN_RANGE); rv = (module->C_VerifyFinal) (session, signature, length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); teardown_mock_module (module); } @@ -1132,18 +1376,41 @@ test_verify_recover (void) module = setup_mock_module (&session); rv = (module->C_VerifyRecoverInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); rv = (module->C_VerifyRecoverInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); + + /* NULL mech cancels operation */ + rv = (module->C_VerifyRecoverInit) (session, NULL, MOCK_PUBLIC_KEY_PREFIX); + assert_num_eq (rv, CKR_OK); length = sizeof (data); rv = (module->C_VerifyRecover) (0, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (data); rv = (module->C_VerifyRecover) (session, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OPERATION_NOT_INITIALIZED); + + rv = (module->C_VerifyRecoverInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); + assert_num_eq (rv, CKR_OK); + + /* just get the size */ + length = sizeof (data); + rv = (module->C_VerifyRecover) (session, (CK_BYTE_PTR)"prefix:valueBLah", 16, NULL, &length); + assert_num_eq (rv, CKR_OK); + assert_num_eq (4, length); + + /* Still too short */ + length = 1; + rv = (module->C_VerifyRecover) (session, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length); + assert_num_eq (rv, CKR_BUFFER_TOO_SMALL); + assert_num_eq (4, length); + + length = sizeof (data); + rv = (module->C_VerifyRecover) (session, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length); + assert_num_eq (rv, CKR_OK); assert_num_eq (4, length); assert (memcmp (data, "BLah", 4) == 0); @@ -1165,29 +1432,29 @@ test_digest_encrypt (void) module = setup_mock_module (&session); rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_DigestInit) (session, &dmech); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); length = sizeof (data); rv = (module->C_DigestEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (data); rv = (module->C_DigestEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); assert_num_eq (4, length); assert (memcmp (data, "BLAH", 4) == 0); length = sizeof (data); rv = (module->C_EncryptFinal) (session, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); length = sizeof (data); rv = (module->C_DigestFinal) (session, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); assert_num_eq (1, length); assert (memcmp (data, "4", 1) == 0); @@ -1209,32 +1476,32 @@ test_decrypt_digest (void) module = setup_mock_module (&session); rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_DigestInit) (session, &dmech); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); length = sizeof (data); rv = (module->C_DecryptDigestUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (data); rv = (module->C_DecryptDigestUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); assert_num_eq (4, length); assert (memcmp (data, "blah", 4) == 0); length = sizeof (data); rv = (module->C_DecryptFinal) (session, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); length = sizeof (data); rv = (module->C_DigestFinal) (session, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); assert_num_eq (1, length); assert (memcmp (data, "4", 1) == 0); @@ -1256,35 +1523,35 @@ test_sign_encrypt (void) module = setup_mock_module (&session); rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_SignInit) (session, &smech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); length = sizeof (data); rv = (module->C_SignEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (data); rv = (module->C_SignEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); assert_num_eq (4, length); assert (memcmp (data, "BLAH", 4) == 0); length = sizeof (data); rv = (module->C_EncryptFinal) (session, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); length = sizeof (data); rv = (module->C_SignFinal) (session, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); assert_num_eq (8, length); assert (memcmp (data, "p:value4", 1) == 0); @@ -1306,31 +1573,31 @@ test_decrypt_verify (void) module = setup_mock_module (&session); rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_VerifyInit) (session, &vmech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); length = sizeof (data); rv = (module->C_DecryptVerifyUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); + assert_num_eq (rv, CKR_SESSION_HANDLE_INVALID); length = sizeof (data); rv = (module->C_DecryptVerifyUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); assert_num_eq (4, length); assert (memcmp (data, "blah", 4) == 0); length = sizeof (data); rv = (module->C_DecryptFinal) (session, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = (module->C_VerifyFinal) (session, (CK_BYTE_PTR)"p:value4", 8); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_OK); teardown_mock_module (module); } @@ -1486,13 +1753,26 @@ test_wrap_key (void) length = sizeof (data); rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length); - assert (rv == CKR_MECHANISM_PARAM_INVALID); + assert_num_eq (rv, CKR_MECHANISM_PARAM_INVALID); mech.pParameter = "wrap"; mech.ulParameterLen = 4; + /* just get the length */ + length = sizeof (data); + rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, NULL, &length); + assert_num_eq (rv, CKR_OK); + assert_num_eq (5, length); + + /* still not large enough */ + length = 1; rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length); - assert (rv == CKR_OK); + assert_num_eq (rv, CKR_BUFFER_TOO_SMALL); + assert_num_eq (5, length); + + + rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length); + assert_num_eq (rv, CKR_OK); assert_num_eq (5, length); assert (memcmp (data, "value", 5) == 0); @@ -1661,7 +1941,9 @@ test_mock_add_tests (const char *prefix) p11_test (test_get_attribute_value, "%s/test_get_attribute_value", prefix); p11_test (test_set_attribute_value, "%s/test_set_attribute_value", prefix); p11_test (test_create_object, "%s/test_create_object", prefix); + p11_test (test_create_object_private, "%s/test_create_object_private", prefix); p11_test (test_copy_object, "%s/test_copy_object", prefix); + p11_test (test_copy_object_private, "%s/test_copy_object_private", prefix); p11_test (test_destroy_object, "%s/test_destroy_object", prefix); p11_test (test_get_object_size, "%s/test_get_object_size", prefix); p11_test (test_find_objects, "%s/test_find_objects", prefix); diff --git a/p11-kit/test-modules.c b/p11-kit/test-modules.c index 317a54f43..23ec157a3 100644 --- a/p11-kit/test-modules.c +++ b/p11-kit/test-modules.c @@ -99,41 +99,6 @@ test_no_duplicates (void) finalize_and_free_modules (modules); } -static void -test_exceed_max (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - p11_dict *paths; - p11_dict *funcs; - char *path; - int i; - - modules = initialize_and_get_modules (); - paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - - /* The loaded modules should not contain duplicates */ - for (i = 0; modules[i] != NULL; i++) { - path = p11_kit_config_option (modules[i], "module"); - - if (p11_dict_get (funcs, modules[i])) - assert_fail ("found duplicate function list pointer", NULL); - if (p11_dict_get (paths, path)) - assert_fail ("found duplicate path name", NULL); - - if (!p11_dict_set (funcs, modules[i], "")) - assert_not_reached (); - if (!p11_dict_set (paths, path, "")) - assert_not_reached (); - - free (path); - } - - p11_dict_free (paths); - p11_dict_free (funcs); - finalize_and_free_modules (modules); -} - static CK_FUNCTION_LIST_PTR lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules, const char *name) @@ -498,7 +463,6 @@ main (int argc, p11_test (test_filename, "/modules/test_filename"); p11_test (test_no_duplicates, "/modules/test_no_duplicates"); - p11_test (test_exceed_max, "/modules/test_exceed_max"); p11_test (test_disable, "/modules/test_disable"); p11_test (test_disable_later, "/modules/test_disable_later"); p11_test (test_enable, "/modules/test_enable");