#define CRYPTOKI_EXPORTS
+#include "array.h"
#include "attrs.h"
#define P11_DEBUG_FLAG P11_DEBUG_TRUST
#include "debug.h"
#include "dict.h"
#include "library.h"
#include "module.h"
+#include "parser.h"
#include "pkcs11.h"
#include "session.h"
#include "token.h"
#define MANUFACTURER_ID "PKCS#11 Kit "
#define LIBRARY_DESCRIPTION "PKCS#11 Kit Trust Module "
-#define SLOT_DESCRIPTION "System Certificates, Trust Anchors, and Black Lists "
#define TOKEN_LABEL "System Trust Anchors and Policy "
#define TOKEN_MODEL "PKCS#11 Kit "
#define TOKEN_SERIAL_NUMBER "1 "
-/* Arbitrary non-zero and non-one choice */
-#define SYSTEM_SLOT_ID 18UL
+/* Initial slot id: non-zero and non-one */
+#define BASE_SLOT_ID 18UL
static struct _Shared {
p11_dict *sessions;
- p11_token *token;
+ p11_array *tokens;
char *paths;
} gl = { NULL, NULL };
return CKR_OK;
}
+static CK_RV
+lookup_slot_inlock (CK_SLOT_ID id,
+ p11_token **token)
+{
+ /*
+ * These are invalid inputs, that well behaved callers should
+ * not produce, so have them fail precondations
+ */
+
+ return_val_if_fail (gl.tokens != NULL,
+ CKR_CRYPTOKI_NOT_INITIALIZED);
+
+ return_val_if_fail (id >= BASE_SLOT_ID && id - BASE_SLOT_ID < gl.tokens->num,
+ CKR_SLOT_ID_INVALID);
+
+ if (token)
+ *token = gl.tokens->elem[id - BASE_SLOT_ID];
+ return CKR_OK;
+}
+
+static bool
+check_slot (CK_SLOT_ID id)
+{
+ bool ret;
+
+ p11_lock ();
+ ret = lookup_slot_inlock (id, NULL) == CKR_OK;
+ p11_unlock ();
+
+ return ret;
+}
+
+static bool
+create_tokens_inlock (p11_array *tokens,
+ const char *paths)
+{
+ p11_token *token;
+ p11_token *check;
+ CK_SLOT_ID slot;
+ const char *path;
+ char *remaining;
+ char *pos;
+
+ p11_debug ("using paths: %s", paths);
+
+ remaining = strdup (paths);
+ return_val_if_fail (remaining != NULL, false);
+
+ while (remaining) {
+ path = remaining;
+ pos = strchr (remaining, ':');
+ if (pos == NULL) {
+ remaining = NULL;
+ } else {
+ pos[0] = '\0';
+ remaining = pos + 1;
+ }
+
+ if (path[0] != '\0') {
+ slot = BASE_SLOT_ID + tokens->num;
+ token = p11_token_new (slot, path);
+ return_val_if_fail (token != NULL, false);
+
+ if (!p11_array_push (tokens, token))
+ return_val_if_reached (false);
+
+ assert (lookup_slot_inlock (slot, &check) == CKR_OK && check == token);
+ }
+ }
+
+ free (remaining);
+ return true;
+}
+
static void
parse_argument (char *arg)
{
p11_dict_free (gl.sessions);
gl.sessions = NULL;
- p11_token_free (gl.token);
- gl.token = NULL;
+ p11_array_free (gl.tokens);
+ gl.tokens = NULL;
rv = CKR_OK;
}
p11_dict_ulongptr_equal,
NULL, p11_session_free);
- gl.token = p11_token_new (gl.paths ? gl.paths : TRUST_PATHS);
+ gl.tokens = p11_array_new ((p11_destroyer)p11_token_free);
+ if (gl.tokens && !create_tokens_inlock (gl.tokens, gl.paths ? gl.paths : TRUST_PATHS))
+ gl.tokens = NULL;
- if (gl.sessions == NULL || gl.token == NULL) {
+ if (gl.sessions == NULL || gl.tokens == NULL) {
warn_if_reached ();
rv = CKR_GENERAL_ERROR;
}
CK_ULONG_PTR count)
{
CK_RV rv = CKR_OK;
+ int i;
return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD);
/* already failed */
} else if (!slot_list) {
- *count = 1;
+ *count = gl.tokens->num;
rv = CKR_OK;
- } else if (*count < 1) {
- *count = 1;
+ } else if (*count < gl.tokens->num) {
+ *count = gl.tokens->num;
rv = CKR_BUFFER_TOO_SMALL;
} else {
- slot_list[0] = SYSTEM_SLOT_ID;
- *count = 1;
+ for (i = 0; i < gl.tokens->num; i++)
+ slot_list[i] = BASE_SLOT_ID + i;
+ *count = gl.tokens->num;
rv = CKR_OK;
}
CK_SLOT_INFO_PTR info)
{
CK_RV rv = CKR_OK;
+ p11_token *token;
+ const char *path;
+ size_t length;
- return_val_if_fail (id == SYSTEM_SLOT_ID, CKR_SLOT_ID_INVALID);
return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD);
p11_debug ("in");
-
p11_lock ();
- if (!gl.sessions)
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
- p11_unlock ();
-
+ rv = lookup_slot_inlock (id, &token);
if (rv == CKR_OK) {
memset (info, 0, sizeof (*info));
info->firmwareVersion.major = 0;
info->hardwareVersion.minor = 0;
info->flags = CKF_TOKEN_PRESENT;
strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
- strncpy ((char*)info->slotDescription, SLOT_DESCRIPTION, 64);
+
+ /* If too long, copy the first 64 characters into buffer */
+ path = p11_token_get_path (token);
+ length = strlen (path);
+ if (length > sizeof (info->slotDescription))
+ length = sizeof (info->slotDescription);
+ memset (info->slotDescription, ' ', sizeof (info->slotDescription));
+ memcpy (info->slotDescription, path, length);
}
+ p11_unlock ();
p11_debug ("out: 0x%lx", rv);
return rv;
CK_TOKEN_INFO_PTR info)
{
CK_RV rv = CKR_OK;
+ p11_token *token;
+ const char *path;
+ size_t length;
- return_val_if_fail (id == SYSTEM_SLOT_ID, CKR_SLOT_ID_INVALID);
return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD);
p11_debug ("in");
p11_lock ();
- if (!gl.sessions)
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
- p11_unlock ();
-
+ rv = lookup_slot_inlock (id, &token);
if (rv == CKR_OK) {
memset (info, 0, sizeof (*info));
info->firmwareVersion.major = 0;
info->hardwareVersion.minor = 0;
info->flags = CKF_TOKEN_INITIALIZED | CKF_WRITE_PROTECTED;
strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
- strncpy ((char*)info->label, TOKEN_LABEL, 32);
strncpy ((char*)info->model, TOKEN_MODEL, 16);
strncpy ((char*)info->serialNumber, TOKEN_SERIAL_NUMBER, 16);
info->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE;
info->ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION;
info->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION;
info->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION;
+
+ /* If too long, copy the last 32 characters into buffer */
+ path = basename (p11_token_get_path (token));
+ length = strlen (path);
+ if (length > sizeof (info->label))
+ length = sizeof (info->label);
+ memset (info->label, ' ', sizeof (info->label));
+ memcpy (info->label, path, length);
}
+ p11_unlock ();
p11_debug ("out: 0x%lx", rv);
return rv;
CK_MECHANISM_TYPE type,
CK_MECHANISM_INFO_PTR info)
{
- return_val_if_fail (id == SYSTEM_SLOT_ID, CKR_SLOT_ID_INVALID);
return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD);
+ return_val_if_fail (check_slot (id), CKR_SLOT_ID_INVALID);
return_val_if_reached (CKR_MECHANISM_INVALID);
}
CK_ULONG pin_len,
CK_UTF8CHAR_PTR label)
{
- return_val_if_fail (id == SYSTEM_SLOT_ID, CKR_SLOT_ID_INVALID);
+ return_val_if_fail (check_slot (id), CKR_SLOT_ID_INVALID);
return_val_if_reached (CKR_TOKEN_WRITE_PROTECTED);
}
CK_SESSION_HANDLE_PTR handle)
{
p11_session *session;
+ p11_token *token;
CK_RV rv = CKR_OK;
- return_val_if_fail (id == SYSTEM_SLOT_ID, CKR_SLOT_ID_INVALID);
+ return_val_if_fail (check_slot (id), CKR_SLOT_ID_INVALID);
return_val_if_fail (handle != NULL, CKR_ARGUMENTS_BAD);
p11_debug ("in");
p11_lock ();
- if (!gl.sessions) {
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ rv = lookup_slot_inlock (id, &token);
+ if (rv != CKR_OK) {
+ /* fail below */;
} else if (!(flags & CKF_SERIAL_SESSION)) {
rv = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
rv = CKR_TOKEN_WRITE_PROTECTED;
} else {
- session = p11_session_new (gl.token);
+ session = p11_session_new (token);
if (p11_dict_set (gl.sessions, &session->handle, session)) {
rv = CKR_OK;
*handle = session->handle;
static CK_RV
sys_C_CloseAllSessions (CK_SLOT_ID id)
{
- CK_RV rv = CKR_OK;
-
- return_val_if_fail (id == SYSTEM_SLOT_ID, CKR_SLOT_ID_INVALID);
+ CK_SESSION_HANDLE *handle;
+ p11_session *session;
+ p11_token *token;
+ p11_dictiter iter;
+ CK_RV rv;
p11_debug ("in");
p11_lock ();
- if (!gl.sessions) {
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
- } else {
- p11_dict_clear (gl.sessions);
- rv = CKR_OK;
+ rv = lookup_slot_inlock (id, &token);
+ if (rv == CKR_OK) {
+ p11_dict_iterate (gl.sessions, &iter);
+ while (p11_dict_next (&iter, (void **)&handle, (void **)&session)) {
+ if (session->token == token)
+ p11_dict_remove (gl.sessions, handle);
+ }
}
p11_unlock ();
sys_C_GetSessionInfo (CK_SESSION_HANDLE handle,
CK_SESSION_INFO_PTR info)
{
+ p11_session *session;
CK_RV rv;
return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD);
p11_lock ();
- rv = lookup_session (handle, NULL);
+ rv = lookup_session (handle, &session);
+ if (rv == CKR_OK) {
+ info->flags = CKF_SERIAL_SESSION;
+ info->state = CKS_RO_PUBLIC_SESSION;
+ info->slotID = p11_token_get_slot (session->token);
+ info->ulDeviceError = 0;
+ }
+
p11_unlock ();
- if (rv == CKR_OK) {
- info->flags = CKF_SERIAL_SESSION;
- info->slotID = SYSTEM_SLOT_ID;
- info->state = CKS_RO_PUBLIC_SESSION;
- info->ulDeviceError = 0;
- }
-
p11_debug ("out: 0x%lx", rv);
return rv;
/* Refresh from disk if this session hasn't yet */
if (rv == CKR_OK && want_token_objects && !session->loaded) {
session->loaded = CK_TRUE;
- p11_token_load (gl.token);
+ p11_token_load (session->token);
}
if (rv == CKR_OK) {
- objects = p11_token_objects (gl.token);
+ objects = p11_token_objects (session->token);
find = calloc (1, sizeof (FindObjects));
warn_if_fail (find != NULL);
#include "test-data.h"
#include "token.h"
+#include <assert.h>
+
+/*
+ * This is the number of input paths. Should match the
+ * paths below near :
+ *
+ * paths='%s'
+ */
+#define NUM_SLOTS 3
+
struct {
CK_FUNCTION_LIST *module;
- CK_SLOT_ID slot;
- CK_SESSION_HANDLE session;
+ CK_SLOT_ID slots[NUM_SLOTS];
} test;
static void
CuAssertTrue (cu, rv == CKR_OK);
memset (&args, 0, sizeof (args));
- paths = SRCDIR "/input:" SRCDIR "/files/cacert-ca.der";
+ paths = SRCDIR "/input:" SRCDIR "/files/cacert-ca.der:" SRCDIR "/files/testing-server.der";
if (asprintf (&arguments, "paths='%s'", paths) < 0)
CuAssertTrue (cu, false && "not reached");
args.pReserved = arguments;
free (arguments);
- count = 1;
- rv = test.module->C_GetSlotList (CK_TRUE, &test.slot, &count);
- CuAssertTrue (cu, rv == CKR_OK);
- CuAssertTrue (cu, count == 1);
-
- rv = test.module->C_OpenSession (test.slot, CKF_SERIAL_SESSION, NULL, NULL, &test.session);
+ count = NUM_SLOTS;
+ rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count);
CuAssertTrue (cu, rv == CKR_OK);
+ CuAssertTrue (cu, count == NUM_SLOTS);
}
static void
{
CK_RV rv;
- rv = test.module->C_CloseSession (test.session);
- CuAssertTrue (cu, rv == CKR_OK);
-
rv = test.module->C_Finalize (NULL);
CuAssertTrue (cu, rv == CKR_OK);
memset (&test, 0, sizeof (test));
}
+static void
+test_get_slot_list (CuTest *cu)
+{
+ CK_SLOT_ID slots[NUM_SLOTS];
+ CK_ULONG count;
+ CK_RV rv;
+ int i;
+
+ setup (cu);
+
+ rv = test.module->C_GetSlotList (TRUE, NULL, &count);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+ CuAssertIntEquals (cu, NUM_SLOTS, count);
+
+ count = 1;
+ rv = test.module->C_GetSlotList (TRUE, slots, &count);
+ CuAssertIntEquals (cu, CKR_BUFFER_TOO_SMALL, rv);
+ CuAssertIntEquals (cu, NUM_SLOTS, count);
+
+ count = NUM_SLOTS;
+ memset (slots, 0, sizeof (slots));
+ rv = test.module->C_GetSlotList (TRUE, slots, &count);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+ CuAssertIntEquals (cu, NUM_SLOTS, count);
+
+ for (i = 0; i < NUM_SLOTS; i++)
+ CuAssertTrue (cu, slots[i] != 0);
+
+ teardown (cu);
+}
+
+static void
+test_get_slot_info (CuTest *cu)
+{
+ CK_SLOT_ID slots[NUM_SLOTS];
+ CK_SLOT_INFO info;
+ char description[64];
+ CK_ULONG count;
+ CK_RV rv;
+ int i;
+
+ /* These are the paths passed in in setup() */
+ const char *paths[] = {
+ SRCDIR "/input",
+ SRCDIR "/files/cacert-ca.der",
+ SRCDIR "/files/testing-server.der"
+ };
+
+ setup (cu);
+
+ count = NUM_SLOTS;
+ rv = test.module->C_GetSlotList (TRUE, slots, &count);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+ CuAssertIntEquals (cu, NUM_SLOTS, count);
+
+ for (i = 0; i < NUM_SLOTS; i++) {
+ rv = test.module->C_GetSlotInfo (slots[i], &info);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+
+ memset (description, ' ', sizeof (description));
+ assert (strlen (paths[i]) <= sizeof (description));
+ memcpy (description, paths[i], strlen (paths[i]));
+ CuAssertTrue (cu, memcmp (info.slotDescription, description, sizeof (description)) == 0);
+ }
+
+ teardown (cu);
+}
+
+static void
+test_get_token_info (CuTest *cu)
+{
+ CK_SLOT_ID slots[NUM_SLOTS];
+ CK_TOKEN_INFO info;
+ char label[32];
+ CK_ULONG count;
+ CK_RV rv;
+ int i;
+
+ /* These are the paths passed in in setup() */
+ const char *labels[] = {
+ "input",
+ "cacert-ca.der",
+ "testing-server.der"
+ };
+
+ setup (cu);
+
+ count = NUM_SLOTS;
+ rv = test.module->C_GetSlotList (TRUE, slots, &count);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+ CuAssertIntEquals (cu, NUM_SLOTS, count);
+
+ for (i = 0; i < NUM_SLOTS; i++) {
+ rv = test.module->C_GetTokenInfo (slots[i], &info);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+
+ memset (label, ' ', sizeof (label));
+ memcpy (label, labels[i], strlen (labels[i]));
+ CuAssertTrue (cu, memcmp (info.label, label, sizeof (label)) == 0);
+ }
+
+ teardown (cu);
+}
+
+static void
+test_get_session_info (CuTest *cu)
+{
+ CK_SLOT_ID slots[NUM_SLOTS];
+ CK_SESSION_HANDLE sessions[NUM_SLOTS];
+ CK_SESSION_INFO info;
+ CK_ULONG count;
+ CK_RV rv;
+ int i;
+
+ setup (cu);
+
+ count = NUM_SLOTS;
+ rv = test.module->C_GetSlotList (TRUE, slots, &count);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+ CuAssertIntEquals (cu, NUM_SLOTS, count);
+
+ /* Open two sessions with each token */
+ for (i = 0; i < NUM_SLOTS; i++) {
+ rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i]);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+
+ rv = test.module->C_GetSessionInfo (sessions[i], &info);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+
+ CuAssertIntEquals (cu, slots[i], info.slotID);
+ CuAssertIntEquals (cu, CKF_SERIAL_SESSION, info.flags);
+ }
+
+ teardown (cu);
+}
+
+static void
+test_close_all_sessions (CuTest *cu)
+{
+ CK_SLOT_ID slots[NUM_SLOTS];
+ CK_SESSION_HANDLE sessions[NUM_SLOTS][2];
+ CK_SESSION_INFO info;
+ CK_ULONG count;
+ CK_RV rv;
+ int i;
+
+ setup (cu);
+
+ count = NUM_SLOTS;
+ rv = test.module->C_GetSlotList (TRUE, slots, &count);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+ CuAssertIntEquals (cu, NUM_SLOTS, count);
+
+ /* Open two sessions with each token */
+ for (i = 0; i < NUM_SLOTS; i++) {
+ rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][0]);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+
+ rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+
+ rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][1]);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+
+ rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+ }
+
+ /* Close all the sessions on the first token */
+ rv = test.module->C_CloseAllSessions (slots[0]);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+
+ /* Those sessions should be closed */
+ rv = test.module->C_GetSessionInfo (sessions[0][0], &info);
+ CuAssertIntEquals (cu, CKR_SESSION_HANDLE_INVALID, rv);
+ rv = test.module->C_GetSessionInfo (sessions[0][1], &info);
+ CuAssertIntEquals (cu, CKR_SESSION_HANDLE_INVALID, rv);
+
+ /* Other sessions should still be open */
+ for (i = 1; i < NUM_SLOTS; i++) {
+ rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+ rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
+ CuAssertIntEquals (cu, CKR_OK, rv);
+ }
+
+ teardown (cu);
+}
+
static CK_ULONG
find_objects (CuTest *cu,
CK_ATTRIBUTE *match,
+ CK_OBJECT_HANDLE *sessions,
CK_OBJECT_HANDLE *objects,
- CK_ULONG num_objects)
+ CK_ULONG max_objects)
{
+ CK_SESSION_HANDLE session;
CK_RV rv;
+ CK_ULONG found;
CK_ULONG count;
+ int i, j;
- count = p11_attrs_count (match);
+ found = 0;
+ for (i = 0; i < NUM_SLOTS; i++) {
+ rv = test.module->C_OpenSession (test.slots[i], CKF_SERIAL_SESSION, NULL, NULL, &session);
+ CuAssertTrue (cu, rv == CKR_OK);
- rv = test.module->C_FindObjectsInit (test.session, match, count);
- CuAssertTrue (cu, rv == CKR_OK);
- rv = test.module->C_FindObjects (test.session, objects, num_objects, &num_objects);
- CuAssertTrue (cu, rv == CKR_OK);
- rv = test.module->C_FindObjectsFinal (test.session);
- CuAssertTrue (cu, rv == CKR_OK);
+ rv = test.module->C_FindObjectsInit (session, match, p11_attrs_count (match));
+ CuAssertTrue (cu, rv == CKR_OK);
+ rv = test.module->C_FindObjects (session, objects + found, max_objects - found, &count);
+ CuAssertTrue (cu, rv == CKR_OK);
+ rv = test.module->C_FindObjectsFinal (session);
+ CuAssertTrue (cu, rv == CKR_OK);
- return num_objects;
+ for (j = found ; j < found + count; j++)
+ sessions[j] = session;
+ found += count;
+ }
+
+ assert (found < max_objects);
+ return found;
}
static void
check_trust_object_equiv (CuTest *cu,
+ CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE trust,
CK_ATTRIBUTE *cert)
{
{ CKA_INVALID, },
};
- rv = test.module->C_GetAttributeValue (test.session, trust, equiv, 6);
+ rv = test.module->C_GetAttributeValue (session, trust, equiv, 6);
CuAssertTrue (cu, rv == CKR_OK);
test_check_attrs (cu, equiv, cert);
static void
check_trust_object_hashes (CuTest *cu,
+ CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE trust,
CK_ATTRIBUTE *cert)
{
{ CKA_INVALID, },
};
- rv = test.module->C_GetAttributeValue (test.session, trust, hashes, 2);
+ rv = test.module->C_GetAttributeValue (session, trust, hashes, 2);
CuAssertTrue (cu, rv == CKR_OK);
value = p11_attrs_find (cert, CKA_VALUE);
CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST;
CK_ATTRIBUTE klass = { CKA_CLASS, &trust_object, sizeof (trust_object) };
CK_OBJECT_HANDLE objects[2];
+ CK_SESSION_HANDLE sessions[2];
CK_ATTRIBUTE *match;
CK_ATTRIBUTE *attr;
CK_ULONG count;
CuAssertPtrNotNull (cu, attr);
match = p11_attrs_build (NULL, &klass, attr, NULL);
- count = find_objects (cu, match, objects, 2);
+ count = find_objects (cu, match, sessions, objects, 2);
CuAssertIntEquals (cu, 1, count);
- check_trust_object_equiv (cu, objects[0], cert);
- check_trust_object_hashes (cu, objects[0], cert);
+ check_trust_object_equiv (cu, sessions[0], objects[0], cert);
+ check_trust_object_hashes (cu, sessions[0], objects[0], cert);
}
static void
check_certificate (CuTest *cu,
+ CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE handle)
{
unsigned char label[4096]= { 0, };
};
/* Note that we don't pass the CKA_INVALID attribute in */
- rv = test.module->C_GetAttributeValue (test.session, handle, attrs, 15);
+ rv = test.module->C_GetAttributeValue (session, handle, attrs, 15);
CuAssertTrue (cu, rv == CKR_OK);
/* If this is the cacert3 certificate, check its values */
test_check_cacert3_ca (cu, attrs, NULL);
/* Get anchor specific attributes */
- rv = test.module->C_GetAttributeValue (test.session, handle, anchor, 1);
+ rv = test.module->C_GetAttributeValue (session, handle, anchor, 1);
CuAssertTrue (cu, rv == CKR_OK);
/* It lives in the trusted directory */
};
CK_OBJECT_HANDLE objects[16];
+ CK_SESSION_HANDLE sessions[16];
CK_ULONG count;
CK_ULONG i;
setup (cu);
- count = find_objects (cu, match, objects, 16);
- CuAssertIntEquals (cu, 6, count);
+ count = find_objects (cu, match, sessions, objects, 16);
+ CuAssertIntEquals (cu, 7, count);
for (i = 0; i < count; i++)
- check_certificate (cu, objects[i]);
+ check_certificate (cu, sessions[i], objects[i]);
teardown (cu);
}
};
CK_OBJECT_HANDLE objects[16];
+ CK_SESSION_HANDLE sessions[16];
CK_ULONG count;
setup (cu);
- count = find_objects (cu, match, objects, 16);
- CuAssertIntEquals (cu, 1, count);
+ /* One per token */
+ count = find_objects (cu, match, sessions, objects, 16);
+ CuAssertIntEquals (cu, NUM_SLOTS, count);
teardown (cu);
}
p11_library_init ();
p11_debug_init ();
+ SUITE_ADD_TEST (suite, test_get_slot_list);
+ SUITE_ADD_TEST (suite, test_get_slot_info);
+ SUITE_ADD_TEST (suite, test_get_token_info);
+ SUITE_ADD_TEST (suite, test_get_session_info);
+ SUITE_ADD_TEST (suite, test_close_all_sessions);
SUITE_ADD_TEST (suite, test_find_certificates);
SUITE_ADD_TEST (suite, test_find_builtin);
projects / p11-kit / commitdiff