Skip to content

Commit

Permalink
Add tests for p11-kit profile commands
Browse files Browse the repository at this point in the history
Signed-off-by: Zoltan Fridrich <[email protected]>
  • Loading branch information
ZoltanFridrich committed Sep 27, 2023
1 parent 39c4790 commit 026e983
Show file tree
Hide file tree
Showing 10 changed files with 556 additions and 51 deletions.
1 change: 0 additions & 1 deletion common/meson.build
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ libp11_common_sources = [
'message.c',
'path.c',
'pem.c',
'persist.c',
'runtime.c',
'url.c',
'vsock.c'
Expand Down
3 changes: 3 additions & 0 deletions common/persist.c
Original file line number Diff line number Diff line change
Expand Up @@ -384,6 +384,9 @@ format_constant (CK_ATTRIBUTE *attr,
case CKA_MECHANISM_TYPE:
table = p11_constant_mechanisms;
break;
case CKA_PROFILE_ID:
table = p11_constant_profiles;
break;
default:
table = NULL;
};
Expand Down
7 changes: 6 additions & 1 deletion p11-kit/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -538,7 +538,8 @@ check_LTLIBRARIES += \
mock-nine.la \
mock-ten.la \
mock-eleven.la \
mock-twelve.la
mock-twelve.la \
mock-thirteen.la

mock_one_la_SOURCES = p11-kit/mock-module-ep.c
mock_one_la_LIBADD = libp11-test.la libp11-common.la
Expand Down Expand Up @@ -607,6 +608,10 @@ mock_twelve_la_SOURCES = p11-kit/mock-module-ep10.c
mock_twelve_la_LDFLAGS = $(mock_one_la_LDFLAGS)
mock_twelve_la_LIBADD = $(mock_one_la_LIBADD)

mock_thirteen_la_SOURCES = p11-kit/mock-module-ep11.c
mock_thirteen_la_LDFLAGS = $(mock_one_la_LDFLAGS)
mock_thirteen_la_LIBADD = $(mock_one_la_LIBADD)

EXTRA_DIST += \
p11-kit/fixtures \
p11-kit/templates \
Expand Down
4 changes: 4 additions & 0 deletions p11-kit/fixtures/package-modules/thirteen.module
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@

module: mock-thirteen.so
managed: yes
enable-in: p11-kit-testable
9 changes: 7 additions & 2 deletions p11-kit/meson.build
Original file line number Diff line number Diff line change
Expand Up @@ -407,6 +407,10 @@ if get_option('test')
test('test-export-public.sh',
find_program('test-export-public.sh'),
env: p11_kit_tests_env)

test('test-profiles.sh',
find_program('test-profiles.sh'),
env: p11_kit_tests_env)
endif

mock_sources = {
Expand All @@ -423,7 +427,8 @@ if get_option('test')
'mock-nine': ['mock-module-ep7.c'],
'mock-ten': ['mock-module-ep8.c'],
'mock-eleven': ['mock-module-ep9.c'],
'mock-twelve': ['mock-module-ep10.c']
'mock-twelve': ['mock-module-ep10.c'],
'mock-thirteen': ['mock-module-ep11.c']
}

if host_system != 'windows'
Expand All @@ -437,7 +442,7 @@ if get_option('test')
name_suffix: module_suffix,
link_args: p11_module_ldflags,
link_depends: [p11_module_symbol_map],
dependencies: [libp11_test_dep])
dependencies: [libp11_test_dep] + libp11_asn1_deps)
endforeach
endif

Expand Down
204 changes: 204 additions & 0 deletions p11-kit/mock-module-ep11.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,204 @@
/*
* Copyright (c) 2023, Red Hat Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
* * Redistributions in binary form must reproduce the
* above copyright notice, this list of conditions and
* the following disclaimer in the documentation and/or
* other materials provided with the distribution.
* * The names of contributors to this software may not be
* used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*
* Author: Zoltan Fridrich <[email protected]>
*/

#include "config.h"

#define CRYPTOKI_EXPORTS 1
#include "pkcs11.h"

#include "attrs.h"
#include "debug.h"
#include "mock.h"
#include "persist.h"

#include <stdio.h>
#include <string.h>

static const CK_TOKEN_INFO MOCK_TOKEN_INFO = {
"PROFILE LABEL ONE ",
"PROFILE MANUFACTURER ",
"PROFILE MODEL ",
"PROFILE SERIAL ",
CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED,
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
{ 75, 175 },
{ 85, 185 },
{ '1', '9', '9', '9', '0', '5', '2', '5', '0', '9', '1', '9', '5', '9', '0', '0' }
};

static CK_RV
override_C_GetTokenInfo (CK_SLOT_ID slot_id,
CK_TOKEN_INFO_PTR info)
{
return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD);

switch (slot_id) {
case MOCK_SLOT_ONE_ID:
memcpy (info, &MOCK_TOKEN_INFO, sizeof (*info));
return CKR_OK;
case MOCK_SLOT_TWO_ID:
return CKR_TOKEN_NOT_PRESENT;
default:
return CKR_SLOT_ID_INVALID;
}
}

static CK_RV
override_C_Initialize (CK_VOID_PTR init_args)
{
bool ok;
size_t i, size = 0;
void *data = NULL;
const char *filename = "test-profiles.p11-kit";
p11_mmap *map = NULL;
p11_persist *persist = NULL;
p11_array *objects = NULL;
CK_ATTRIBUTE *attrs = NULL;
CK_RV rv;

map = p11_mmap_open (filename, NULL, &data, &size);
if (map == NULL)
return mock_C_Initialize (init_args);

ok = p11_persist_magic (data, size);
return_val_if_fail (ok, CKR_GENERAL_ERROR);

persist = p11_persist_new ();
return_val_if_fail (persist != NULL, CKR_HOST_MEMORY);

objects = p11_array_new (NULL);
return_val_if_fail (objects != NULL, CKR_HOST_MEMORY);

ok = p11_persist_read (persist, filename, (const unsigned char *)data, size, objects);
return_val_if_fail (ok, CKR_GENERAL_ERROR);

rv = mock_C_Initialize (init_args);
for (i = 0; i < objects->num; ++i) {
attrs = p11_attrs_build (objects->elem[i], NULL);
mock_module_add_object (MOCK_SLOT_ONE_ID, attrs);
p11_attrs_free (attrs);
}

p11_array_free (objects);
p11_persist_free (persist);
p11_mmap_close (map);
return rv;
}

static CK_RV
override_C_Finalize (CK_VOID_PTR reserved)
{
bool ok;
FILE *f = NULL;
const char *filename = "test-profiles.out.p11-kit";
p11_buffer buf;
p11_persist *persist = NULL;
CK_SESSION_HANDLE session = 0;
CK_OBJECT_HANDLE object = 0;
CK_ULONG count = 0;
CK_OBJECT_CLASS klass = CKO_PROFILE;
CK_BBOOL token;
CK_PROFILE_ID profile;
CK_ATTRIBUTE template = { CKA_CLASS, &klass, sizeof (klass) };
CK_ATTRIBUTE attrs[] = {
{ CKA_CLASS, &klass, sizeof (klass) },
{ CKA_TOKEN, &token, sizeof (token) },
{ CKA_PROFILE_ID, &profile, sizeof (profile) },
{ CKA_INVALID, NULL, 0 }
};
CK_ULONG n_attrs = sizeof (attrs) / sizeof (attrs[0]);
CK_RV rv;

ok = p11_buffer_init (&buf, 0);
return_val_if_fail (ok, CKR_HOST_MEMORY);

persist = p11_persist_new ();
return_val_if_fail (persist != NULL, CKR_HOST_MEMORY);

rv = mock_C_OpenSession (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session);
return_val_if_fail (rv == CKR_OK, CKR_GENERAL_ERROR);

rv = mock_C_FindObjectsInit (session, &template, 1);
return_val_if_fail (rv == CKR_OK, CKR_GENERAL_ERROR);

while ((rv = mock_C_FindObjects (session, &object, 1, &count)) == CKR_OK && count > 0) {
rv = mock_C_GetAttributeValue (session, object, attrs, n_attrs - 1);
return_val_if_fail (rv == CKR_OK, CKR_GENERAL_ERROR);

ok = p11_persist_write (persist, attrs, &buf);
return_val_if_fail (ok, CKR_GENERAL_ERROR);
}
return_val_if_fail (rv == CKR_OK, CKR_GENERAL_ERROR);

f = fopen (filename, "wb");

Check failure

Code scanning / CodeQL

File created without restricting permissions High

A file may be created here with mode 0666, which would make it world-writable.
return_val_if_fail (f != NULL, CKR_HOST_MEMORY);
fwrite (buf.data, 1, buf.len, f);
fclose (f);

rv = mock_C_FindObjectsFinal (session);
return_val_if_fail (rv == CKR_OK, CKR_GENERAL_ERROR);

rv = mock_C_CloseSession (session);
return_val_if_fail (rv == CKR_OK, CKR_GENERAL_ERROR);

p11_persist_free (persist);
p11_buffer_uninit (&buf);
return mock_C_Finalize (reserved);
}

#ifdef OS_WIN32
__declspec(dllexport)
#endif
CK_RV
C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
{
mock_module_init ();
mock_module.C_Initialize = override_C_Initialize;
mock_module.C_Finalize = override_C_Finalize;
mock_module.C_GetFunctionList = C_GetFunctionList;
mock_module.C_GetTokenInfo = override_C_GetTokenInfo;
if (list == NULL)
return CKR_ARGUMENTS_BAD;
*list = &mock_module;
return CKR_OK;
}
1 change: 0 additions & 1 deletion p11-kit/mock-module-ep9.c
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,6 @@ override_initialize (CK_VOID_PTR init_args)
CK_RV rv = mock_C_Initialize (init_args);
mock_module_add_object (MOCK_SLOT_ONE_ID, cert_attrs);
mock_module_add_object (MOCK_SLOT_ONE_ID, pubkey_attrs);
mock_module_add_profile (MOCK_SLOT_ONE_ID, CKP_PUBLIC_CERTIFICATES_TOKEN);
return rv;
}

Expand Down
17 changes: 17 additions & 0 deletions p11-kit/test-lists.sh
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,23 @@ module: one
user-pin-initialized
clock-on-token
token-initialized
module: thirteen
uri: pkcs11:library-description=MOCK%20LIBRARY;library-manufacturer=MOCK%20MANUFACTURER
library-description: MOCK LIBRARY
library-manufacturer: MOCK MANUFACTURER
library-version: 45.145
token: PROFILE LABEL ONE
uri: pkcs11:model=PROFILE%20MODEL;manufacturer=PROFILE%20MANUFACTURER;serial=PROFILE%20SERIAL;token=PROFILE%20LABEL%20ONE
manufacturer: PROFILE MANUFACTURER
model: PROFILE MODEL
serial-number: PROFILE SERIAL
hardware-version: 75.175
firmware-version: 85.185
flags:
login-required
user-pin-initialized
clock-on-token
token-initialized
module: twelve
uri: pkcs11:library-description=MOCK%20LIBRARY;library-manufacturer=MOCK%20MANUFACTURER
library-description: MOCK LIBRARY
Expand Down
Loading

0 comments on commit 026e983

Please sign in to comment.