From 3404bd8072f1ab02c1ba040fbf9469aa5eed77c6 Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich Date: Fri, 22 Sep 2023 11:11:57 +0200 Subject: [PATCH 1/3] Don't check for slot == 0 as 0 is a valid slot ID Signed-off-by: Zoltan Fridrich --- p11-kit/add-profile.c | 5 ----- p11-kit/generate-keypair.c | 5 ----- 2 files changed, 10 deletions(-) diff --git a/p11-kit/add-profile.c b/p11-kit/add-profile.c index 312556be..fb583c38 100644 --- a/p11-kit/add-profile.c +++ b/p11-kit/add-profile.c @@ -117,12 +117,7 @@ add_profile (const char *token_str, p11_message (_("failed to obtain module")); goto cleanup; } - slot = p11_kit_iter_get_slot (iter); - if (slot == 0) { - p11_message (_("failed to obtain slot")); - goto cleanup; - } rv = module->C_OpenSession (slot, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session); if (rv != CKR_OK) { diff --git a/p11-kit/generate-keypair.c b/p11-kit/generate-keypair.c index d5058a50..d3249457 100644 --- a/p11-kit/generate-keypair.c +++ b/p11-kit/generate-keypair.c @@ -301,12 +301,7 @@ generate_keypair (const char *token_str, p11_message (_("failed to obtain module")); goto cleanup; } - slot = p11_kit_iter_get_slot (iter); - if (slot == 0) { - p11_message (_("failed to obtain slot")); - goto cleanup; - } rv = module->C_OpenSession (slot, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session); if (rv != CKR_OK) { From e9d783d6dc9457f93915b426307fe019b3dc05c9 Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich Date: Fri, 22 Sep 2023 11:08:47 +0200 Subject: [PATCH 2/3] p11-kit tool: make "no matching object/token" error user friendly Signed-off-by: Zoltan Fridrich --- p11-kit/add-profile.c | 5 ++++- p11-kit/delete-object.c | 5 ++++- p11-kit/generate-keypair.c | 5 ++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/p11-kit/add-profile.c b/p11-kit/add-profile.c index fb583c38..69047654 100644 --- a/p11-kit/add-profile.c +++ b/p11-kit/add-profile.c @@ -108,7 +108,10 @@ add_profile (const char *token_str, p11_kit_iter_begin (iter, modules); rv = p11_kit_iter_next (iter); if (rv != CKR_OK) { - p11_message (_("failed to find the token: %s"), p11_kit_strerror (rv)); + if (rv == CKR_CANCEL) + p11_message (_("no matching token")); + else + p11_message (_("failed to find token: %s"), p11_kit_strerror (rv)); goto cleanup; } diff --git a/p11-kit/delete-object.c b/p11-kit/delete-object.c index 598f32b7..5bea952d 100644 --- a/p11-kit/delete-object.c +++ b/p11-kit/delete-object.c @@ -90,7 +90,10 @@ delete_object (const char *token_str) p11_kit_iter_begin (iter, modules); rv = p11_kit_iter_next (iter); if (rv != CKR_OK) { - p11_message (_("failed to find the object: %s"), p11_kit_strerror (rv)); + if (rv == CKR_CANCEL) + p11_message (_("no matching object")); + else + p11_message (_("failed to find object: %s"), p11_kit_strerror (rv)); goto cleanup; } diff --git a/p11-kit/generate-keypair.c b/p11-kit/generate-keypair.c index d3249457..20ead0e6 100644 --- a/p11-kit/generate-keypair.c +++ b/p11-kit/generate-keypair.c @@ -292,7 +292,10 @@ generate_keypair (const char *token_str, p11_kit_iter_begin (iter, modules); rv = p11_kit_iter_next (iter); if (rv != CKR_OK) { - p11_message (_("failed to find the token: %s"), p11_kit_strerror (rv)); + if (rv == CKR_CANCEL) + p11_message (_("no matching token")); + else + p11_message (_("failed to find token: %s"), p11_kit_strerror (rv)); goto cleanup; } From 014325a9bd54acbc464a0628592ea773bbbe289f Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich Date: Tue, 26 Sep 2023 13:12:44 +0200 Subject: [PATCH 3/3] Test for nonexistent tokens in p11-kit commands Signed-off-by: Zoltan Fridrich --- common/test-init.sh.in | 4 ++-- p11-kit/test-objects.sh | 35 ++++++++++++++++++++++++++++++++++- p11-kit/test-profiles.sh | 19 ++++++++++++++++++- 3 files changed, 54 insertions(+), 4 deletions(-) diff --git a/common/test-init.sh.in b/common/test-init.sh.in index 384fb250..517905ee 100644 --- a/common/test-init.sh.in +++ b/common/test-init.sh.in @@ -32,14 +32,14 @@ assert_fail() assert_contains() { - if ! grep -qF $2 $1; then + if ! grep -qF "$2" "$1"; then assert_fail "$1 does not contain $2" fi } assert_not_contains() { - if grep -qF $2 $1; then + if grep -qF "$2" "$1"; then assert_fail "$1 contains $2" fi } diff --git a/p11-kit/test-objects.sh b/p11-kit/test-objects.sh index 8d7e2039..876e20c9 100755 --- a/p11-kit/test-objects.sh +++ b/p11-kit/test-objects.sh @@ -258,5 +258,38 @@ EOF fi } +test_generate_keypair_nonexistent_token() { + cat > list.exp < list.out 2> err.out; then + assert_fail "expected to fail: p11-kit generate-keypair" + fi + + : ${DIFF=diff} + if ! ${DIFF} list.exp list.out > list.diff; then + sed 's/^/# /' list.diff + assert_fail "output contains wrong result" + fi + assert_contains err.out "no matching token" +} + +test_delete_nonexistent_token() { + cat > list.exp < list.out 2> err.out; then + assert_fail "expected to fail: p11-kit delete-object" + fi + + : ${DIFF=diff} + if ! ${DIFF} list.exp list.out > list.diff; then + sed 's/^/# /' list.diff + assert_fail "output contains wrong result" + fi + assert_contains err.out "no matching object" +} + run test_list_all test_list_with_type test_list_exact test_list_nonexistent \ - test_export_cert test_export_pubkey test_generate_keypair + test_export_cert test_export_pubkey test_generate_keypair test_generate_keypair_nonexistent_token \ + test_delete_nonexistent_token diff --git a/p11-kit/test-profiles.sh b/p11-kit/test-profiles.sh index 46f0cb69..4b26b01e 100755 --- a/p11-kit/test-profiles.sh +++ b/p11-kit/test-profiles.sh @@ -33,4 +33,21 @@ EOF fi } -run test_list_profiles +test_add_profile_nonexistent_token() { + cat > list.exp < list.out 2> err.out; then + assert_fail "expected to fail: p11-kit add-profile" + fi + + : ${DIFF=diff} + if ! ${DIFF} list.exp list.out > list.diff; then + sed 's/^/# /' list.diff + assert_fail "output contains wrong results" + fi + assert_contains err.out "no matching token" +} + +run test_list_profiles \ + test_add_profile_nonexistent_token