diff options
Diffstat (limited to 'trust')
-rw-r--r-- | trust/Makefile.am | 2 | ||||
-rw-r--r-- | trust/module.c | 171 | ||||
-rw-r--r-- | trust/parser.c | 10 | ||||
-rw-r--r-- | trust/persist.c | 458 | ||||
-rw-r--r-- | trust/persist.h | 4 | ||||
-rw-r--r-- | trust/session.h | 1 | ||||
-rw-r--r-- | trust/tests/Makefile.am | 7 | ||||
-rw-r--r-- | trust/tests/frob-nss-trust.c | 25 | ||||
-rw-r--r-- | trust/tests/test-builder.c | 446 | ||||
-rw-r--r-- | trust/tests/test-index.c | 395 | ||||
-rw-r--r-- | trust/tests/test-module.c | 595 | ||||
-rw-r--r-- | trust/tests/test-parser.c | 219 | ||||
-rw-r--r-- | trust/tests/test-persist.c | 346 | ||||
-rw-r--r-- | trust/tests/test-token.c | 155 | ||||
-rw-r--r-- | trust/tests/test-trust.c (renamed from trust/tests/test-data.c) | 56 | ||||
-rw-r--r-- | trust/tests/test-trust.h (renamed from trust/tests/test-data.h) | 40 | ||||
-rw-r--r-- | trust/token.c | 47 | ||||
-rw-r--r-- | trust/token.h | 2 |
18 files changed, 1643 insertions, 1336 deletions
diff --git a/trust/Makefile.am b/trust/Makefile.am index 875c8c4..6c2c7c8 100644 --- a/trust/Makefile.am +++ b/trust/Makefile.am @@ -5,7 +5,7 @@ SUBDIRS = . tests COMMON = $(top_srcdir)/common -INCLUDES = \ +AM_CPPFLAGS = \ -I$(top_srcdir) \ -I$(top_srcdir)/common \ -DDATADIR=\"$(datadir)\" \ diff --git a/trust/module.c b/trust/module.c index ba41884..5f8692b 100644 --- a/trust/module.c +++ b/trust/module.c @@ -36,6 +36,7 @@ #define CRYPTOKI_EXPORTS +#include "argv.h" #include "array.h" #include "attrs.h" #define P11_DEBUG_FLAG P11_DEBUG_TRUST @@ -133,6 +134,19 @@ lookup_object_inlock (p11_session *session, return NULL; } +static CK_RV +check_index_writable (p11_session *session, + p11_index *index) +{ + if (index == p11_token_index (session->token)) { + if (!p11_token_is_writable (session->token)) + return CKR_TOKEN_WRITE_PROTECTED; + else if (!session->read_write) + return CKR_SESSION_READ_ONLY; + } + + return CKR_OK; +} static CK_RV lookup_slot_inlock (CK_SLOT_ID id, @@ -249,7 +263,8 @@ create_tokens_inlock (p11_array *tokens, } static void -parse_argument (char *arg) +parse_argument (char *arg, + void *unused) { char *value; @@ -268,78 +283,6 @@ parse_argument (char *arg) } } -static void -parse_arguments (const char *string) -{ - char quote = '\0'; - char *src, *dup, *at, *arg; - - if (!string) - return; - - src = dup = strdup (string); - if (!dup) { - p11_message ("couldn't allocate memory for argument string"); - return; - } - - arg = at = src; - for (src = dup; *src; src++) { - - /* Matching quote */ - if (quote == *src) { - quote = '\0'; - - /* Inside of quotes */ - } else if (quote != '\0') { - if (*src == '\\') { - *at++ = *src++; - if (!*src) { - p11_message ("couldn't parse argument string: %s", string); - goto done; - } - if (*src != quote) - *at++ = '\\'; - } - *at++ = *src; - - /* Space, not inside of quotes */ - } else if (isspace(*src)) { - *at = 0; - parse_argument (arg); - arg = at; - - /* Other character outside of quotes */ - } else { - switch (*src) { - case '\'': - case '"': - quote = *src; - break; - case '\\': - *at++ = *src++; - if (!*src) { - p11_message ("couldn't parse argument string: %s", string); - goto done; - } - /* fall through */ - default: - *at++ = *src; - break; - } - } - } - - - if (at != arg) { - *at = 0; - parse_argument (arg); - } - -done: - free (dup); -} - static CK_RV sys_C_Finalize (CK_VOID_PTR reserved) { @@ -440,7 +383,7 @@ sys_C_Initialize (CK_VOID_PTR init_args) p11_debug ("doing initialization"); if (args->pReserved) - parse_arguments ((const char*)args->pReserved); + p11_argv_parse ((const char*)args->pReserved, parse_argument, NULL); gl.sessions = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, @@ -614,7 +557,7 @@ sys_C_GetTokenInfo (CK_SLOT_ID id, info->firmwareVersion.minor = 0; info->hardwareVersion.major = PACKAGE_MAJOR; info->hardwareVersion.minor = PACKAGE_MINOR; - info->flags = CKF_TOKEN_INITIALIZED | CKF_WRITE_PROTECTED; + info->flags = CKF_TOKEN_INITIALIZED; strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); strncpy ((char*)info->model, TOKEN_MODEL, 16); strncpy ((char*)info->serialNumber, TOKEN_SERIAL_NUMBER, 16); @@ -636,6 +579,9 @@ sys_C_GetTokenInfo (CK_SLOT_ID id, length = sizeof (info->label); memset (info->label, ' ', sizeof (info->label)); memcpy (info->label, label, length); + + if (!p11_token_is_writable (token)) + info->flags |= CKF_WRITE_PROTECTED; } p11_unlock (); @@ -677,8 +623,8 @@ sys_C_InitToken (CK_SLOT_ID id, CK_ULONG pin_len, CK_UTF8CHAR_PTR label) { - return_val_if_fail (check_slot (id), CKR_SLOT_ID_INVALID); - return_val_if_reached (CKR_TOKEN_WRITE_PROTECTED); + p11_debug ("not supported"); + return CKR_FUNCTION_NOT_SUPPORTED; } static CK_RV @@ -715,13 +661,16 @@ sys_C_OpenSession (CK_SLOT_ID id, } else if (!(flags & CKF_SERIAL_SESSION)) { rv = CKR_SESSION_PARALLEL_NOT_SUPPORTED; - } else if (flags & CKF_RW_SESSION) { + } else if ((flags & CKF_RW_SESSION) && + !p11_token_is_writable (token)) { rv = CKR_TOKEN_WRITE_PROTECTED; } else { session = p11_session_new (token); if (p11_dict_set (gl.sessions, &session->handle, session)) { rv = CKR_OK; + if (flags & CKF_RW_SESSION) + session->read_write = true; *handle = session->handle; p11_debug ("session: %lu", *handle); } else { @@ -838,7 +787,8 @@ sys_C_InitPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len) { - return_val_if_reached (CKR_TOKEN_WRITE_PROTECTED); + p11_debug ("not supported"); + return CKR_FUNCTION_NOT_SUPPORTED; } static CK_RV @@ -848,7 +798,8 @@ sys_C_SetPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR new_pin, CK_ULONG new_pin_len) { - return_val_if_reached (CKR_TOKEN_WRITE_PROTECTED); + p11_debug ("not supported"); + return CKR_FUNCTION_NOT_SUPPORTED; } static CK_RV @@ -921,7 +872,8 @@ sys_C_CreateObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE_PTR new_object) { p11_session *session; - CK_BBOOL token; + p11_index *index; + CK_BBOOL val; CK_RV rv; return_val_if_fail (new_object != NULL, CKR_ARGUMENTS_BAD); @@ -932,12 +884,15 @@ sys_C_CreateObject (CK_SESSION_HANDLE handle, rv = lookup_session (handle, &session); if (rv == CKR_OK) { - if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &token) && token) - rv = CKR_TOKEN_WRITE_PROTECTED; + if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &val) && val) + index = p11_token_index (session->token); + else + index = session->index; + rv = check_index_writable (session, index); } if (rv == CKR_OK) - rv = p11_index_add (session->index, template, count, new_object); + rv = p11_index_add (index, template, count, new_object); p11_unlock (); @@ -958,6 +913,7 @@ sys_C_CopyObject (CK_SESSION_HANDLE handle, p11_session *session; CK_ATTRIBUTE *original; CK_ATTRIBUTE *attrs; + p11_index *index; CK_BBOOL val; CK_RV rv; @@ -969,21 +925,22 @@ sys_C_CopyObject (CK_SESSION_HANDLE handle, rv = lookup_session (handle, &session); if (rv == CKR_OK) { - original = lookup_object_inlock (session, object, NULL); + original = lookup_object_inlock (session, object, &index); if (original == NULL) rv = CKR_OBJECT_HANDLE_INVALID; } if (rv == CKR_OK) { - if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &val) && val) - rv = CKR_TOKEN_WRITE_PROTECTED; + if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &val)) + index = val ? p11_token_index (session->token) : session->index; + rv = check_index_writable (session, index); } if (rv == CKR_OK) { attrs = p11_attrs_dup (original); attrs = p11_attrs_buildn (attrs, template, count); attrs = p11_attrs_build (attrs, &token, NULL); - rv = p11_index_take (session->index, attrs, new_object); + rv = p11_index_take (index, attrs, new_object); } p11_unlock (); @@ -998,6 +955,9 @@ sys_C_DestroyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object) { p11_session *session; + CK_ATTRIBUTE *attrs; + p11_index *index; + CK_BBOOL val; CK_RV rv; p11_debug ("in"); @@ -1006,11 +966,19 @@ sys_C_DestroyObject (CK_SESSION_HANDLE handle, rv = lookup_session (handle, &session); if (rv == CKR_OK) { - rv = p11_index_remove (session->index, object); - if (rv == CKR_OBJECT_HANDLE_INVALID) { - if (p11_index_lookup (p11_token_index (session->token), object)) - rv = CKR_TOKEN_WRITE_PROTECTED; + attrs = lookup_object_inlock (session, object, &index); + if (attrs == NULL) + rv = CKR_OBJECT_HANDLE_INVALID; + else + rv = check_index_writable (session, index); + + if (rv == CKR_OK && p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &val) && !val) { + /* TODO: This should be replaced with CKR_ACTION_PROHIBITED */ + rv = CKR_FUNCTION_REJECTED; } + + if (rv == CKR_OK) + rv = p11_index_remove (index, object); } p11_unlock (); @@ -1120,6 +1088,9 @@ sys_C_SetAttributeValue (CK_SESSION_HANDLE handle, CK_ULONG count) { p11_session *session; + CK_ATTRIBUTE *attrs; + p11_index *index; + CK_BBOOL val; CK_RV rv; p11_debug ("in"); @@ -1128,11 +1099,19 @@ sys_C_SetAttributeValue (CK_SESSION_HANDLE handle, rv = lookup_session (handle, &session); if (rv == CKR_OK) { - rv = p11_index_set (session->index, object, template, count); - if (rv == CKR_OBJECT_HANDLE_INVALID) { - if (p11_index_lookup (p11_token_index (session->token), object)) - rv = CKR_TOKEN_WRITE_PROTECTED; + attrs = lookup_object_inlock (session, object, &index); + if (attrs == NULL) { + rv = CKR_OBJECT_HANDLE_INVALID; + + } else if (p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &val) && !val) { + /* TODO: This should be replaced with CKR_ACTION_PROHIBITED */ + rv = CKR_ATTRIBUTE_READ_ONLY; } + + if (rv == CKR_OK) + rv = check_index_writable (session, index); + if (rv == CKR_OK) + rv = p11_index_set (index, object, template, count); } p11_unlock (); diff --git a/trust/parser.c b/trust/parser.c index 7690d6a..21b693b 100644 --- a/trust/parser.c +++ b/trust/parser.c @@ -675,10 +675,14 @@ parse_p11_kit_persist (p11_parser *parser, const unsigned char *data, size_t length) { + CK_BBOOL modifiablev = CK_FALSE; + CK_ATTRIBUTE *attrs; p11_array *objects; bool ret; int i; + CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &modifiablev, sizeof (modifiablev) }; + if (!p11_persist_magic (data, length)) return P11_PARSE_UNRECOGNIZED; @@ -692,8 +696,10 @@ parse_p11_kit_persist (p11_parser *parser, ret = p11_persist_read (parser->persist, parser->basename, data, length, objects); if (ret) { - for (i = 0; i < objects->num; i++) - sink_object (parser, objects->elem[i]); + for (i = 0; i < objects->num; i++) { + attrs = p11_attrs_build (objects->elem[i], &modifiable, NULL); + sink_object (parser, attrs); + } } p11_array_free (objects); diff --git a/trust/persist.c b/trust/persist.c index 69af697..ad80683 100644 --- a/trust/persist.c +++ b/trust/persist.c @@ -41,12 +41,15 @@ #include "lexer.h" #include "pem.h" #include "persist.h" +#include "pkcs11.h" +#include "pkcs11x.h" #include "url.h" #include "basic.asn.h" #include <libtasn1.h> +#include <assert.h> #include <stdlib.h> #include <string.h> @@ -55,12 +58,6 @@ struct _p11_persist { p11_dict *constants; node_asn *asn1_defs; - - /* Used during parsing */ - p11_lexer lexer; - CK_ATTRIBUTE *attrs; - bool result; - bool skip; }; bool @@ -127,6 +124,20 @@ parse_string (p11_lexer *lexer, return true; } +static void +format_string (CK_ATTRIBUTE *attr, + p11_buffer *buf) +{ + const unsigned char *value; + + assert (attr->ulValueLen != CK_UNAVAILABLE_INFORMATION); + + p11_buffer_add (buf, "\"", 1); + value = attr->pValue; + p11_url_encode (value, value + attr->ulValueLen, P11_URL_VERBATIM, buf); + p11_buffer_add (buf, "\"", 1); +} + static bool parse_bool (p11_lexer *lexer, CK_ATTRIBUTE *attr) @@ -152,6 +163,56 @@ parse_bool (p11_lexer *lexer, } static bool +format_bool (CK_ATTRIBUTE *attr, + p11_buffer *buf) +{ + const CK_BBOOL *value; + + if (attr->ulValueLen != sizeof (CK_BBOOL)) + return false; + + switch (attr->type) { + case CKA_TOKEN: + case CKA_PRIVATE: + case CKA_TRUSTED: + case CKA_SENSITIVE: + case CKA_ENCRYPT: + case CKA_DECRYPT: + case CKA_WRAP: + case CKA_UNWRAP: + case CKA_SIGN: + case CKA_SIGN_RECOVER: + case CKA_VERIFY: + case CKA_VERIFY_RECOVER: + case CKA_DERIVE: + case CKA_EXTRACTABLE: + case CKA_LOCAL: + case CKA_NEVER_EXTRACTABLE: + case CKA_ALWAYS_SENSITIVE: + case CKA_MODIFIABLE: + case CKA_SECONDARY_AUTH: + case CKA_ALWAYS_AUTHENTICATE: + case CKA_WRAP_WITH_TRUSTED: + case CKA_RESET_ON_INIT: + case CKA_HAS_RESET: + case CKA_COLOR: + break; + default: + return false; + } + + value = attr->pValue; + if (*value == CK_TRUE) + p11_buffer_add (buf, "true", -1); + else if (*value == CK_FALSE) + p11_buffer_add (buf, "false", -1); + else + return false; + + return true; +} + +static bool parse_ulong (p11_lexer *lexer, CK_ATTRIBUTE *attr) { @@ -172,6 +233,66 @@ parse_ulong (p11_lexer *lexer, } static bool +format_ulong (CK_ATTRIBUTE *attr, + p11_buffer *buf) +{ + char string[sizeof (CK_ULONG) * 4]; + const CK_ULONG *value; + + if (attr->ulValueLen != sizeof (CK_ULONG)) + return false; + + switch (attr->type) { + case CKA_CERTIFICATE_CATEGORY: + case CKA_CERTIFICATE_TYPE: + case CKA_CLASS: + case CKA_JAVA_MIDP_SECURITY_DOMAIN: + case CKA_KEY_GEN_MECHANISM: + case CKA_KEY_TYPE: + case CKA_MECHANISM_TYPE: + case CKA_MODULUS_BITS: + case CKA_PRIME_BITS: + case CKA_SUB_PRIME_BITS: + case CKA_VALUE_BITS: + case CKA_VALUE_LEN: + case CKA_TRUST_DIGITAL_SIGNATURE: + case CKA_TRUST_NON_REPUDIATION: + case CKA_TRUST_KEY_ENCIPHERMENT: + case CKA_TRUST_DATA_ENCIPHERMENT: + case CKA_TRUST_KEY_AGREEMENT: + case CKA_TRUST_KEY_CERT_SIGN: + case CKA_TRUST_CRL_SIGN: + case CKA_TRUST_SERVER_AUTH: + case CKA_TRUST_CLIENT_AUTH: + case CKA_TRUST_CODE_SIGNING: + case CKA_TRUST_EMAIL_PROTECTION: + case CKA_TRUST_IPSEC_END_SYSTEM: + case CKA_TRUST_IPSEC_TUNNEL: + case CKA_TRUST_IPSEC_USER: + case CKA_TRUST_TIME_STAMPING: + case CKA_TRUST_STEP_UP_APPROVED: + case CKA_X_ASSERTION_TYPE: + case CKA_AUTH_PIN_FLAGS: + case CKA_HW_FEATURE_TYPE: + case CKA_PIXEL_X: + case CKA_PIXEL_Y: + case CKA_RESOLUTION: + case CKA_CHAR_ROWS: + case CKA_CHAR_COLUMNS: + case CKA_BITS_PER_PIXEL: + break; + default: + return false; + } + + value = attr->pValue; + snprintf (string, sizeof (string), "%lu", *value); + + p11_buffer_add (buf, string, -1); + return true; +} + +static bool parse_constant (p11_persist *persist, p11_lexer *lexer, CK_ATTRIBUTE *attr) @@ -190,6 +311,70 @@ parse_constant (p11_persist *persist, return true; } +static bool +format_constant (CK_ATTRIBUTE *attr, + p11_buffer *buf) +{ + const p11_constant *table; + const CK_ULONG *value; + const char *nick; + + if (attr->ulValueLen != sizeof (CK_ULONG)) + return false; + + switch (attr->type) { + case CKA_TRUST_DIGITAL_SIGNATURE: + case CKA_TRUST_NON_REPUDIATION: + case CKA_TRUST_KEY_ENCIPHERMENT: + case CKA_TRUST_DATA_ENCIPHERMENT: + case CKA_TRUST_KEY_AGREEMENT: + case CKA_TRUST_KEY_CERT_SIGN: + case CKA_TRUST_CRL_SIGN: + case CKA_TRUST_SERVER_AUTH: + case CKA_TRUST_CLIENT_AUTH: + case CKA_TRUST_CODE_SIGNING: + case CKA_TRUST_EMAIL_PROTECTION: + case CKA_TRUST_IPSEC_END_SYSTEM: + case CKA_TRUST_IPSEC_TUNNEL: + case CKA_TRUST_IPSEC_USER: + case CKA_TRUST_TIME_STAMPING: + table = p11_constant_trusts; + break; + case CKA_CLASS: + table = p11_constant_classes; + break; + case CKA_CERTIFICATE_TYPE: + table = p11_constant_certs; + break; + case CKA_KEY_TYPE: + table = p11_constant_keys; + break; + case CKA_X_ASSERTION_TYPE: + table = p11_constant_asserts; + break; + case CKA_CERTIFICATE_CATEGORY: + table = p11_constant_categories; + break; + case CKA_KEY_GEN_MECHANISM: + case CKA_MECHANISM_TYPE: + table = p11_constant_mechanisms; + break; + default: + table = NULL; + }; + + if (!table) + return false; + + value = attr->pValue; + nick = p11_constant_nick (table, *value); + + if (!nick) + return false; + + p11_buffer_add (buf, nick, -1); + return true; +} static bool parse_oid (p11_persist *persist, @@ -249,6 +434,60 @@ parse_oid (p11_persist *persist, } static bool +format_oid (p11_persist *persist, + CK_ATTRIBUTE *attr, + p11_buffer *buf) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *asn; + char *data; + int len; + int ret; + + if (attr->type != CKA_OBJECT_ID) + return false; + + if (!persist->asn1_defs) { + ret = asn1_array2tree (basic_asn1_tab, &persist->asn1_defs, message); + if (ret != ASN1_SUCCESS) { + p11_debug_precond ("failed to load BASIC definitions: %s: %s\n", + asn1_strerror (ret), message); + return false; + } + } + + ret = asn1_create_element (persist->asn1_defs, "BASIC.ObjectIdentifier", &asn); + if (ret != ASN1_SUCCESS) { + p11_debug_precond ("failed to create ObjectIdentifier element: %s\n", + asn1_strerror (ret)); + return false; + } + + ret = asn1_der_decoding (&asn, attr->pValue, attr->ulValueLen, message); + if (ret != ASN1_SUCCESS) { + p11_debug_precond ("invalid oid value: %s", message); + return false; + } + + len = 0; + ret = asn1_read_value (asn, "", NULL, &len); + return_val_if_fail (ret == ASN1_MEM_ERROR, false); + + data = calloc (len + 1, 1); + return_val_if_fail (data != NULL, false); + + ret = asn1_read_value (asn, "", data, &len); + return_val_if_fail (ret == ASN1_SUCCESS, false); + + asn1_delete_structure (&asn); + + p11_buffer_add (buf, data, len - 1); + free (data); + + return true; +} + +static bool parse_value (p11_persist *persist, p11_lexer *lexer, CK_ATTRIBUTE *attr) @@ -260,16 +499,41 @@ parse_value (p11_persist *persist, parse_oid (persist, lexer, attr); } +static void +format_value (p11_persist *persist, + CK_ATTRIBUTE *attr, + p11_buffer *buf) +{ + assert (attr->ulValueLen != CK_UNAVAILABLE_INFORMATION); + + if (format_bool (attr, buf) || + format_constant (attr, buf) || + format_ulong (attr, buf) || + format_oid (persist, attr, buf)) + return; + + /* Everything else as string */ + format_string (attr, buf); +} + static bool field_to_attribute (p11_persist *persist, - p11_lexer *lexer) + p11_lexer *lexer, + CK_ATTRIBUTE **attrs) { CK_ATTRIBUTE attr = { 0, }; + char *end; - attr.type = p11_constant_resolve (persist->constants, lexer->tok.field.name); - if (attr.type == CKA_INVALID || !p11_constant_name (p11_constant_types, attr.type)) { - p11_lexer_msg (lexer, "invalid or unsupported attribute"); - return false; + end = NULL; + attr.type = strtoul (lexer->tok.field.name, &end, 10); + + /* Not a valid number value, probably a constant */ + if (!end || *end != '\0') { + attr.type = p11_constant_resolve (persist->constants, lexer->tok.field.name); + if (attr.type == CKA_INVALID || !p11_constant_name (p11_constant_types, attr.type)) { + p11_lexer_msg (lexer, "invalid or unsupported attribute"); + return false; + } } if (!parse_value (persist, lexer, &attr)) { @@ -277,51 +541,61 @@ field_to_attribute (p11_persist *persist, return false; } - persist->attrs = p11_attrs_take (persist->attrs, attr.type, - attr.pValue, attr.ulValueLen); + *attrs = p11_attrs_take (*attrs, attr.type, + attr.pValue, attr.ulValueLen); return true; } -static void -on_pem_block (const char *type, - const unsigned char *contents, - size_t length, - void *user_data) +static CK_ATTRIBUTE * +certificate_to_attributes (const unsigned char *der, + size_t length) { CK_OBJECT_CLASS klassv = CKO_CERTIFICATE; CK_CERTIFICATE_TYPE x509 = CKC_X_509; - CK_BBOOL modifiablev = CK_FALSE; - CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &modifiablev, sizeof (modifiablev) }; CK_ATTRIBUTE klass = { CKA_CLASS, &klassv, sizeof (klassv) }; CK_ATTRIBUTE certificate_type = { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }; - CK_ATTRIBUTE value = { CKA_VALUE, }; + CK_ATTRIBUTE value = { CKA_VALUE, (void *)der, length }; + + return p11_attrs_build (NULL, &klass, &certificate_type, &value, NULL); +} - p11_persist *store = user_data; +typedef struct { + p11_lexer *lexer; + CK_ATTRIBUTE *attrs; + bool result; +} parse_block; + +static void +on_pem_block (const char *type, + const unsigned char *contents, + size_t length, + void *user_data) +{ + parse_block *pb = user_data; CK_ATTRIBUTE *attrs; if (strcmp (type, "CERTIFICATE") == 0) { - value.pValue = (void *)contents; - value.ulValueLen = length; - attrs = p11_attrs_build (NULL, &klass, &modifiable, &certificate_type, &value, NULL); - store->attrs = p11_attrs_merge (store->attrs, attrs, false); - store->result = true; + attrs = certificate_to_attributes (contents, length); + pb->attrs = p11_attrs_merge (pb->attrs, attrs, false); + pb->result = true; } else { - p11_lexer_msg (&store->lexer, "unsupported pem block in store"); - store->result = false; + p11_lexer_msg (pb->lexer, "unsupported pem block in store"); + pb->result = false; } } static bool -pem_to_attributes (p11_persist *store, - p11_lexer *lexer) +pem_to_attributes (p11_lexer *lexer, + CK_ATTRIBUTE **attrs) { + parse_block pb = { lexer, *attrs, false }; unsigned int count; count = p11_pem_parse (lexer->tok.pem.begin, lexer->tok.pem.length, - on_pem_block, store); + on_pem_block, &pb); if (count == 0) { p11_lexer_msg (lexer, "invalid pem block"); @@ -330,7 +604,8 @@ pem_to_attributes (p11_persist *store, /* The lexer should have only matched one block */ return_val_if_fail (count == 1, false); - return store->result; + *attrs = pb.attrs; + return pb.result; } bool @@ -340,50 +615,53 @@ p11_persist_read (p11_persist *persist, size_t length, p11_array *objects) { - bool failed = false; + p11_lexer lexer; + CK_ATTRIBUTE *attrs; + bool failed; + bool skip; return_val_if_fail (persist != NULL, false); return_val_if_fail (objects != NULL, false); - persist->skip = false; - persist->result = false; - persist->attrs = NULL; + skip = false; + attrs = NULL; + failed = false; - p11_lexer_init (&persist->lexer, filename, (const char *)data, length); - while (p11_lexer_next (&persist->lexer, &failed)) { - switch (persist->lexer.tok_type) { + p11_lexer_init (&lexer, filename, (const char *)data, length); + while (p11_lexer_next (&lexer, &failed)) { + switch (lexer.tok_type) { case TOK_SECTION: - if (persist->attrs && !p11_array_push (objects, persist->attrs)) + if (attrs && !p11_array_push (objects, attrs)) return_val_if_reached (false); - persist->attrs = NULL; - if (strcmp (persist->lexer.tok.section.name, PERSIST_HEADER) != 0) { - p11_lexer_msg (&persist->lexer, "unrecognized or invalid section header"); - persist->skip = true; + attrs = NULL; + if (strcmp (lexer.tok.section.name, PERSIST_HEADER) != 0) { + p11_lexer_msg (&lexer, "unrecognized or invalid section header"); + skip = true; } else { - persist->attrs = p11_attrs_build (NULL, NULL); - return_val_if_fail (persist->attrs != NULL, false); - persist->skip = false; + attrs = p11_attrs_build (NULL, NULL); + return_val_if_fail (attrs != NULL, false); + skip = false; } failed = false; break; case TOK_FIELD: - if (persist->skip) { + if (skip) { failed = false; - } else if (!persist->attrs) { - p11_lexer_msg (&persist->lexer, "attribute before p11-kit section header"); + } else if (!attrs) { + p11_lexer_msg (&lexer, "attribute before p11-kit section header"); failed = true; } else { - failed = !field_to_attribute (persist, &persist->lexer); + failed = !field_to_attribute (persist, &lexer, &attrs); } break; case TOK_PEM: - if (persist->skip) { + if (skip) { failed = false; - } else if (!persist->attrs) { - p11_lexer_msg (&persist->lexer, "pem block before p11-kit section header"); + } else if (!attrs) { + p11_lexer_msg (&lexer, "pem block before p11-kit section header"); failed = true; } else { - failed = !pem_to_attributes (persist, &persist->lexer); + failed = !pem_to_attributes (&lexer, &attrs); } break; } @@ -392,10 +670,72 @@ p11_persist_read (p11_persist *persist, break; } - if (persist->attrs && !p11_array_push (objects, persist->attrs)) + if (attrs && !p11_array_push (objects, attrs)) return_val_if_reached (false); - persist->attrs = NULL; + attrs = NULL; - p11_lexer_done (&persist->lexer); + p11_lexer_done (&lexer); return !failed; } + +static CK_ATTRIBUTE * +find_certificate_value (CK_ATTRIBUTE *attrs) +{ + CK_OBJECT_CLASS klass; + CK_CERTIFICATE_TYPE type; + + if (!p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) || + klass != CKO_CERTIFICATE) + return NULL; + if (!p11_attrs_find_ulong (attrs, CKA_CERTIFICATE_TYPE, &type) || + type != CKC_X_509) + return NULL; + return p11_attrs_find_valid (attrs, CKA_VALUE); +} + +bool +p11_persist_write (p11_persist *persist, + CK_ATTRIBUTE *attrs, + p11_buffer *buf) +{ + char string[sizeof (CK_ULONG) * 4]; + CK_ATTRIBUTE *cert_value; + const char *nick; + int i; + + cert_value = find_certificate_value (attrs); + + p11_buffer_add (buf, "[" PERSIST_HEADER "]\n", -1); + + for (i = 0; !p11_attrs_terminator (attrs + i); i++) { + + /* These are written later? */ + if (cert_value != NULL && + (attrs[i].type == CKA_CLASS || + attrs[i].type == CKA_CERTIFICATE_TYPE || + attrs[i].type == CKA_VALUE)) + continue; + + if (attrs[i].ulValueLen == CK_UNAVAILABLE_INFORMATION) + continue; + + nick = p11_constant_nick (p11_constant_types, attrs[i].type); + if (nick == NULL) { + snprintf (string, sizeof (string), "%lu", attrs[i].type); + nick = string; + } + + p11_buffer_add (buf, nick, -1); + p11_buffer_add (buf, ": ", 2); + format_value (persist, attrs + i, buf); + p11_buffer_add (buf, "\n", 1); + } + + if (cert_value != NULL) { + if (!p11_pem_write (cert_value->pValue, cert_value->ulValueLen, "CERTIFICATE", buf)) + return_val_if_reached (false); + } + + p11_buffer_add (buf, "\n", 1); + return p11_buffer_ok (buf); +} diff --git a/trust/persist.h b/trust/persist.h index 04762f4..0ef142c 100644 --- a/trust/persist.h +++ b/trust/persist.h @@ -54,6 +54,10 @@ bool p11_persist_read (p11_persist *persist, size_t length, p11_array *objects); +bool p11_persist_write (p11_persist *persist, + CK_ATTRIBUTE *object, + p11_buffer *buf); + void p11_persist_free (p11_persist *persist); #endif /* P11_PERSIST_H_ */ diff --git a/trust/session.h b/trust/session.h index b820770..ec394b1 100644 --- a/trust/session.h +++ b/trust/session.h @@ -48,6 +48,7 @@ typedef struct { p11_builder *builder; p11_token *token; CK_BBOOL loaded; + bool read_write; /* Used by various operations */ p11_session_cleanup cleanup; diff --git a/trust/tests/Makefile.am b/trust/tests/Makefile.am index 90b9fb5..abacab6 100644 --- a/trust/tests/Makefile.am +++ b/trust/tests/Makefile.am @@ -1,24 +1,25 @@ include $(top_srcdir)/build/Makefile.tests -INCLUDES = \ +AM_CPPFLAGS = \ -I$(top_srcdir) \ -I$(srcdir)/.. \ -I$(top_srcdir)/common \ -DDATADIR=\"$(datadir)\" \ -DSYSCONFDIR=\"$(sysconfdir)\" \ - $(CUTEST_CFLAGS) + $(TEST_CFLAGS) noinst_LTLIBRARIES = \ libtestdata.la libtestdata_la_SOURCES = \ - test-data.c test-data.h + test-trust.c test-trust.h LDADD = \ $(top_builddir)/trust/libtrust-testable.la \ $(top_builddir)/common/libp11-data.la \ $(top_builddir)/common/libp11-library.la \ + $(top_builddir)/common/libp11-test.la \ $(top_builddir)/common/libp11-common.la \ $(builddir)/libtestdata.la \ $(LIBTASN1_LIBS) \ diff --git a/trust/tests/frob-nss-trust.c b/trust/tests/frob-nss-trust.c index da76795..a81b5e2 100644 --- a/trust/tests/frob-nss-trust.c +++ b/trust/tests/frob-nss-trust.c @@ -102,7 +102,10 @@ dump_trust_module (const char *path) CK_ULONG count = p11_attrs_count (template); - rv = p11_kit_load_initialize_module (path, &module); + module = p11_kit_module_load (path, 0); + return_val_if_fail (module != NULL, 1); + + rv = p11_kit_module_initialize (module); return_val_if_fail (rv == CKR_OK, 1); iter = p11_kit_iter_new (NULL); @@ -120,7 +123,8 @@ dump_trust_module (const char *path) return_val_if_fail (rv == CKR_CANCEL, 1); - p11_kit_finalize_module (module); + p11_kit_module_finalize (module); + p11_kit_module_release (module); return 0; } @@ -152,10 +156,16 @@ compare_trust_modules (const char *path1, { CKA_INVALID, } }; - rv = p11_kit_load_initialize_module (path1, &module1); + module1 = p11_kit_module_load (path1, 0); + return_val_if_fail (module1 != NULL, 1); + + rv = p11_kit_module_initialize (module1); return_val_if_fail (rv == CKR_OK, 1); - rv = p11_kit_load_initialize_module (path2, &module2); + module2 = p11_kit_module_load (path2, 0); + return_val_if_fail (module2 != NULL, 1); + + rv = p11_kit_module_initialize (module2); return_val_if_fail (rv == CKR_OK, 1); iter = p11_kit_iter_new (NULL); @@ -185,8 +195,11 @@ compare_trust_modules (const char *path1, } return_val_if_fail (rv == CKR_CANCEL, 1); - p11_kit_finalize_module (module1); - p11_kit_finalize_module (module2); + p11_kit_module_finalize (module1); + p11_kit_module_release (module1); + + p11_kit_module_finalize (module2); + p11_kit_module_release (module2); return 0; } diff --git a/trust/tests/test-builder.c b/trust/tests/test-builder.c index a875b96..891c722 100644 --- a/trust/tests/test-builder.c +++ b/trust/tests/test-builder.c @@ -33,7 +33,8 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" +#include "test-trust.h" #include <stdlib.h> #include <stdio.h> @@ -48,8 +49,6 @@ #include "oid.h" #include "pkcs11x.h" -#include "test-data.h" - struct { p11_builder *builder; p11_index *index; @@ -73,17 +72,17 @@ static CK_BBOOL truev = CK_TRUE; static CK_BBOOL falsev = CK_FALSE; static void -setup (CuTest *cu) +setup (void *unused) { test.builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN); - CuAssertPtrNotNull (cu, test.builder); + assert_ptr_not_null (test.builder); test.index = p11_index_new (p11_builder_build, p11_builder_changed, test.builder); - CuAssertPtrNotNull (cu, test.index); + assert_ptr_not_null (test.index); } static void -teardown (CuTest *cu) +teardown (void *unused) { p11_builder_free (test.builder); p11_index_free (test.index); @@ -91,20 +90,16 @@ teardown (CuTest *cu) } static void -test_get_cache (CuTest *cu) +test_get_cache (void) { p11_asn1_cache *cache; - setup (cu); - cache = p11_builder_get_cache (test.builder); - CuAssertPtrEquals (cu, NULL, p11_asn1_cache_get (cache, "blah", (unsigned char *)"blah", 4)); - - teardown (cu); + assert_ptr_eq (NULL, p11_asn1_cache_get (cache, "blah", (unsigned char *)"blah", 4)); } static void -test_build_data (CuTest *cu) +test_build_data (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &data, sizeof (data) }, @@ -128,21 +123,17 @@ test_build_data (CuTest *cu) CK_ATTRIBUTE *merge; CK_RV rv; - setup (cu); - attrs = NULL; merge = p11_attrs_dup (input); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); - test_check_attrs (cu, check, attrs); + test_check_attrs (check, attrs); p11_attrs_free (attrs); - - teardown (cu); } static void -test_build_certificate (CuTest *cu) +test_build_certificate (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &certificate, sizeof (certificate) }, @@ -171,21 +162,17 @@ test_build_certificate (CuTest *cu) CK_ATTRIBUTE *merge; CK_RV rv; - setup (cu); - attrs = NULL; merge = p11_attrs_dup (input); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); - test_check_attrs (cu, expected, attrs); + test_check_attrs (expected, attrs); p11_attrs_free (attrs); - - teardown (cu); } static void -test_build_certificate_empty (CuTest *cu) +test_build_certificate_empty (void) { unsigned char checksum[P11_HASH_SHA1_LEN]; CK_ULONG domain = 0; @@ -223,19 +210,15 @@ test_build_certificate_empty (CuTest *cu) CK_ATTRIBUTE *merge; CK_RV rv; - setup (cu); - p11_hash_sha1 (checksum, test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); attrs = NULL; merge = p11_attrs_dup (input); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); - test_check_attrs (cu, expected, attrs); + test_check_attrs (expected, attrs); p11_attrs_free (attrs); - - teardown (cu); } static const unsigned char entrust_pretend_ca[] = { @@ -312,7 +295,7 @@ static const unsigned char entrust_pretend_ca[] = { }; static void -test_build_certificate_non_ca (CuTest *cu) +test_build_certificate_non_ca (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &certificate, sizeof (certificate) }, @@ -329,20 +312,16 @@ test_build_certificate_non_ca (CuTest *cu) CK_ATTRIBUTE *attrs; CK_RV rv; - setup (cu); - attrs = NULL; rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input)); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); - test_check_attrs (cu, expected, attrs); + test_check_attrs (expected, attrs); p11_attrs_free (attrs); - - teardown (cu); } static void -test_build_certificate_v1_ca (CuTest *cu) +test_build_certificate_v1_ca (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &certificate, sizeof (certificate) }, @@ -359,20 +338,16 @@ test_build_certificate_v1_ca (CuTest *cu) CK_ATTRIBUTE *attrs; CK_RV rv; - setup (cu); - attrs = NULL; rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input)); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); - test_check_attrs (cu, expected, attrs); + test_check_attrs (expected, attrs); p11_attrs_free (attrs); - - teardown (cu); } static void -test_build_certificate_staple_ca (CuTest *cu) +test_build_certificate_staple_ca (void) { CK_ULONG category = 2; /* CA */ @@ -400,28 +375,24 @@ test_build_certificate_staple_ca (CuTest *cu) CK_ATTRIBUTE *attrs; CK_RV rv; - setup (cu); - /* Add a stapled certificate */ rv = p11_index_add (test.index, stapled, 4, NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); attrs = NULL; rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input)); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); /* * Even though the certificate is not a valid CA, the presence of the * stapled certificate extension transforms it into a CA. */ - test_check_attrs (cu, expected, attrs); + test_check_attrs (expected, attrs); p11_attrs_free (attrs); - - teardown (cu); } static void -test_build_certificate_no_type (CuTest *cu) +test_build_certificate_no_type (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &certificate, sizeof (certificate) }, @@ -432,23 +403,19 @@ test_build_certificate_no_type (CuTest *cu) CK_ATTRIBUTE *merge; CK_RV rv; - setup (cu); - p11_message_quiet (); attrs = NULL; merge = p11_attrs_dup (input); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_TEMPLATE_INCOMPLETE, rv); + assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); p11_attrs_free (merge); p11_message_loud (); - - teardown (cu); } static void -test_build_certificate_bad_type (CuTest *cu) +test_build_certificate_bad_type (void) { CK_CERTIFICATE_TYPE type = CKC_WTLS; @@ -462,23 +429,19 @@ test_build_certificate_bad_type (CuTest *cu) CK_ATTRIBUTE *merge; CK_RV rv; - setup (cu); - p11_message_quiet (); attrs = NULL; merge = p11_attrs_dup (input); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_TEMPLATE_INCONSISTENT, rv); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); p11_attrs_free (merge); p11_message_loud (); - - teardown (cu); } static void -test_build_extension (CuTest *cu) +test_build_extension (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, @@ -502,16 +465,12 @@ test_build_extension (CuTest *cu) CK_ATTRIBUTE *attrs; CK_RV rv; - setup (cu); - attrs = NULL; rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input)); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); - test_check_attrs (cu, check, attrs); + test_check_attrs (check, attrs); p11_attrs_free (attrs); - - teardown (cu); } /* This certificate has and end date in 2067 */ @@ -542,7 +501,7 @@ static const unsigned char cert_distant_end_date[] = { }; static void -test_build_distant_end_date (CuTest *cu) +test_build_distant_end_date (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &certificate, sizeof (certificate) }, @@ -560,20 +519,16 @@ test_build_distant_end_date (CuTest *cu) CK_ATTRIBUTE *attrs; CK_RV rv; - setup (cu); - attrs = NULL; rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input)); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); - test_check_attrs (cu, expected, attrs); + test_check_attrs (expected, attrs); p11_attrs_free (attrs); - - teardown (cu); } static void -test_create_not_settable (CuTest *cu) +test_create_not_settable (void) { /* * CKA_TRUSTED cannot be set by the normal user according to spec @@ -591,25 +546,21 @@ test_create_not_settable (CuTest *cu) CK_ATTRIBUTE *merge; CK_RV rv; - setup (cu); - p11_message_quiet (); attrs = NULL; merge = p11_attrs_dup (input); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_ATTRIBUTE_READ_ONLY, rv); + assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); p11_attrs_free (merge); p11_message_loud (); p11_attrs_free (attrs); - - teardown (cu); } static void -test_create_but_loadable (CuTest *cu) +test_create_but_loadable (void) { /* * CKA_TRUSTED cannot be set on creation, but can be set if we're @@ -627,24 +578,20 @@ test_create_but_loadable (CuTest *cu) CK_ATTRIBUTE *attrs; CK_RV rv; - setup (cu); - p11_index_batch (test.index); attrs = NULL; rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input)); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); p11_index_finish (test.index); - test_check_attrs (cu, input, attrs); + test_check_attrs (input, attrs); p11_attrs_free (attrs); - - teardown (cu); } static void -test_create_unsupported (CuTest *cu) +test_create_unsupported (void) { CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY; @@ -657,23 +604,19 @@ test_create_unsupported (CuTest *cu) CK_ATTRIBUTE *merge; CK_RV rv; - setup (cu); - p11_message_quiet (); attrs = NULL; merge = p11_attrs_dup (input); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_TEMPLATE_INCONSISTENT, rv); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); p11_attrs_free (merge); p11_message_loud (); - - teardown (cu); } static void -test_create_generated (CuTest *cu) +test_create_generated (void) { CK_OBJECT_CLASS klass = CKO_NSS_TRUST; @@ -686,23 +629,19 @@ test_create_generated (CuTest *cu) CK_ATTRIBUTE *merge; CK_RV rv; - setup (cu); - p11_message_quiet (); attrs = NULL; merge = p11_attrs_dup (input); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_TEMPLATE_INCONSISTENT, rv); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); p11_attrs_free (merge); p11_message_loud (); - - teardown (cu); } static void -test_create_bad_attribute (CuTest *cu) +test_create_bad_attribute (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &data, sizeof (data) }, @@ -715,23 +654,19 @@ test_create_bad_attribute (CuTest *cu) CK_ATTRIBUTE *merge; CK_RV rv; - setup (cu); - p11_message_quiet (); attrs = NULL; merge = p11_attrs_dup (input); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_TEMPLATE_INCONSISTENT, rv); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); p11_attrs_free (merge); p11_message_loud (); - - teardown (cu); } static void -test_create_missing_attribute (CuTest *cu) +test_create_missing_attribute (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, @@ -742,23 +677,19 @@ test_create_missing_attribute (CuTest *cu) CK_ATTRIBUTE *merge; CK_RV rv; - setup (cu); - p11_message_quiet (); attrs = NULL; merge = p11_attrs_dup (input); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_TEMPLATE_INCOMPLETE, rv); + assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); p11_attrs_free (merge); p11_message_loud (); - - teardown (cu); } static void -test_create_no_class (CuTest *cu) +test_create_no_class (void) { CK_ATTRIBUTE input[] = { { CKA_VALUE, "the value", 9 }, @@ -769,23 +700,19 @@ test_create_no_class (CuTest *cu) CK_ATTRIBUTE *merge; CK_RV rv; - setup (cu); - p11_message_quiet (); attrs = NULL; merge = p11_attrs_dup (input); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_TEMPLATE_INCOMPLETE, rv); + assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); p11_attrs_free (merge); p11_message_loud (); - - teardown (cu); } static void -test_create_token_mismatch (CuTest *cu) +test_create_token_mismatch (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &data, sizeof (data) }, @@ -797,23 +724,19 @@ test_create_token_mismatch (CuTest *cu) CK_ATTRIBUTE *merge; CK_RV rv; - setup (cu); - p11_message_quiet (); attrs = NULL; merge = p11_attrs_dup (input); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_TEMPLATE_INCONSISTENT, rv); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); p11_attrs_free (merge); p11_message_loud (); - - teardown (cu); } static void -test_modify_success (CuTest *cu) +test_modify_success (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &data, sizeof (data) }, @@ -839,23 +762,19 @@ test_modify_success (CuTest *cu) CK_ATTRIBUTE *attrs; CK_RV rv; - setup (cu); - attrs = NULL; rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input)); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (modify)); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); - test_check_attrs (cu, expected, attrs); + test_check_attrs (expected, attrs); p11_attrs_free (attrs); - - teardown (cu); } static void -test_modify_read_only (CuTest *cu) +test_modify_read_only (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &data, sizeof (data) }, @@ -873,29 +792,25 @@ test_modify_read_only (CuTest *cu) CK_ATTRIBUTE *merge; CK_RV rv; - setup (cu); - attrs = NULL; merge = p11_attrs_dup (input); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); p11_message_quiet (); merge = p11_attrs_dup (modify); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_ATTRIBUTE_READ_ONLY, rv); + assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); p11_attrs_free (merge); p11_message_loud (); p11_attrs_free (attrs); - - teardown (cu); } static void -test_modify_unchanged (CuTest *cu) +test_modify_unchanged (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &data, sizeof (data) }, @@ -924,23 +839,19 @@ test_modify_unchanged (CuTest *cu) CK_ATTRIBUTE *attrs; CK_RV rv; - setup (cu); - attrs = NULL; rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input)); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (modify)); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); - test_check_attrs (cu, expected, attrs); + test_check_attrs (expected, attrs); p11_attrs_free (attrs); - - teardown (cu); } static void -test_modify_not_modifiable (CuTest *cu) +test_modify_not_modifiable (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &data, sizeof (data) }, @@ -958,24 +869,20 @@ test_modify_not_modifiable (CuTest *cu) CK_ATTRIBUTE *merge; CK_RV rv; - setup (cu); - attrs = NULL; rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input)); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); p11_message_quiet (); merge = p11_attrs_dup (modify); rv = p11_builder_build (test.builder, test.index, &attrs, merge); - CuAssertIntEquals (cu, CKR_ATTRIBUTE_READ_ONLY, rv); + assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); p11_attrs_free (merge); p11_message_loud (); p11_attrs_free (attrs); - - teardown (cu); } static CK_ATTRIBUTE cacert3_assert_distrust_server[] = { @@ -1059,7 +966,7 @@ static CK_ATTRIBUTE cacert3_assert_distrust_time[] = { }; static void -test_changed_trusted_certificate (CuTest *cu) +test_changed_trusted_certificate (void) { static CK_ATTRIBUTE cacert3_trusted_certificate[] = { { CKA_CLASS, &certificate, sizeof (certificate) }, @@ -1173,38 +1080,34 @@ test_changed_trusted_certificate (CuTest *cu) CK_RV rv; int i; - setup (cu); - /* * A trusted cetrificate, trusted for server and client purposes, * and explicitly rejects the email and timestamping purposes. */ p11_index_batch (test.index); rv = p11_index_take (test.index, p11_attrs_dup (cacert3_trusted_certificate), NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = p11_index_take (test.index, p11_attrs_dup (eku_extension_server_and_client), NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = p11_index_take (test.index, p11_attrs_dup (reject_extension_email), NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); p11_index_finish (test.index); /* The other objects */ for (i = 0; expected[i]; i++) { handle = p11_index_find (test.index, expected[i], 2); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); attrs = p11_index_lookup (test.index, handle); - CuAssertPtrNotNull (cu, attrs); + assert_ptr_not_null (attrs); - test_check_attrs (cu, expected[i], attrs); + test_check_attrs (expected[i], attrs); } - - teardown (cu); } static void -test_changed_distrust_value (CuTest *cu) +test_changed_distrust_value (void) { CK_ATTRIBUTE distrust_cert[] = { { CKA_CLASS, &certificate, sizeof (certificate), }, @@ -1287,37 +1190,33 @@ test_changed_distrust_value (CuTest *cu) CK_RV rv; int i; - setup (cu); - /* * A distrusted certificate with a value, plus some extra * extensions (which should be ignored). */ p11_index_batch (test.index); rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = p11_index_take (test.index, p11_attrs_dup (eku_extension), NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = p11_index_take (test.index, p11_attrs_dup (reject_extension), NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); p11_index_finish (test.index); /* The other objects */ for (i = 0; expected[i]; i++) { handle = p11_index_find (test.index, expected[i], 2); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); attrs = p11_index_lookup (test.index, handle); - CuAssertPtrNotNull (cu, attrs); + assert_ptr_not_null (attrs); - test_check_attrs (cu, expected[i], attrs); + test_check_attrs (expected[i], attrs); } - - teardown (cu); } static void -test_changed_distrust_serial (CuTest *cu) +test_changed_distrust_serial (void) { CK_ATTRIBUTE distrust_cert[] = { { CKA_CLASS, &certificate, sizeof (certificate), }, @@ -1377,29 +1276,25 @@ test_changed_distrust_serial (CuTest *cu) CK_RV rv; int i; - setup (cu); - /* * A distrusted certificate without a value. */ p11_index_batch (test.index); rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); p11_index_finish (test.index); for (i = 0; expected[i]; i++) { handle = p11_index_find (test.index, expected[i], 2); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); attrs = p11_index_lookup (test.index, handle); - CuAssertPtrNotNull (cu, attrs); - test_check_attrs (cu, expected[i], attrs); + assert_ptr_not_null (attrs); + test_check_attrs (expected[i], attrs); } - - teardown (cu); } static void -test_changed_dup_certificates (CuTest *cu) +test_changed_dup_certificates (void) { static CK_ATTRIBUTE trusted_cert[] = { { CKA_CLASS, &certificate, sizeof (certificate) }, @@ -1481,68 +1376,64 @@ test_changed_dup_certificates (CuTest *cu) CK_OBJECT_HANDLE handle; CK_RV rv; - setup (cu); - /* * A trusted certificate, should create trutsed nss trust * and anchor assertions */ p11_index_batch (test.index); rv = p11_index_take (test.index, p11_attrs_dup (trusted_cert), &handle1); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); p11_index_finish (test.index); handle = p11_index_find (test.index, match_nss, -1); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); handle = p11_index_find (test.index, match_assertion, -1); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); handle = p11_index_find (test.index, trusted_nss, -1); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); handle = p11_index_find (test.index, anchor_assertion, -1); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); /* Now we add a distrusted certificate, should update the objects */ p11_index_batch (test.index); rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), &handle2); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); p11_index_finish (test.index); handle = p11_index_find (test.index, trusted_nss, -1); - CuAssertTrue (cu, handle == 0); + assert (handle == 0); handle = p11_index_find (test.index, distrust_nss, -1); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); handle = p11_index_find (test.index, anchor_assertion, -1); - CuAssertTrue (cu, handle == 0); + assert (handle == 0); handle = p11_index_find (test.index, distrust_assertion, -1); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); /* Now remove the trusted cetrificate, should update again */ rv = p11_index_remove (test.index, handle2); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); handle = p11_index_find (test.index, trusted_nss, -1); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); handle = p11_index_find (test.index, distrust_nss, -1); - CuAssertTrue (cu, handle == 0); + assert (handle == 0); handle = p11_index_find (test.index, anchor_assertion, -1); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); handle = p11_index_find (test.index, distrust_assertion, -1); - CuAssertTrue (cu, handle == 0); + assert (handle == 0); /* Now remove the original certificate, unknown nss and no assertions */ rv = p11_index_remove (test.index, handle1); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); handle = p11_index_find (test.index, unknown_nss, -1); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); handle = p11_index_find (test.index, match_assertion, -1); - CuAssertTrue (cu, handle == 0); - - teardown (cu); + assert (handle == 0); } static void -test_changed_without_id (CuTest *cu) +test_changed_without_id (void) { static CK_ATTRIBUTE trusted_without_id[] = { { CKA_CLASS, &certificate, sizeof (certificate) }, @@ -1568,26 +1459,22 @@ test_changed_without_id (CuTest *cu) CK_OBJECT_HANDLE handle; CK_RV rv; - setup (cu); - p11_index_batch (test.index); rv = p11_index_take (test.index, p11_attrs_dup (trusted_without_id), NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); p11_index_finish (test.index); klass = CKO_NSS_TRUST; handle = p11_index_find (test.index, match, -1); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); klass = CKO_X_TRUST_ASSERTION; handle = p11_index_find (test.index, match, -1); - CuAssertTrue (cu, handle != 0); - - teardown (cu); + assert (handle != 0); } static void -test_changed_staple_ca (CuTest *cu) +test_changed_staple_ca (void) { CK_ULONG category = 0; @@ -1616,31 +1503,27 @@ test_changed_staple_ca (CuTest *cu) CK_ATTRIBUTE *attrs; CK_RV rv; - setup (cu); - attrs = NULL; rv = p11_index_take (test.index, p11_attrs_dup (input), NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); /* Not a CA at this point, until we staple */ category = 0; - CuAssertTrue (cu, p11_index_find (test.index, match, -1) == 0); + assert (p11_index_find (test.index, match, -1) == 0); /* Add a stapled basic constraint */ rv = p11_index_add (test.index, stapled, 4, NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); /* Now should be a CA */ category = 2; - CuAssertTrue (cu, p11_index_find (test.index, match, -1) != 0); + assert (p11_index_find (test.index, match, -1) != 0); p11_attrs_free (attrs); - - teardown (cu); } static void -test_changed_staple_ku (CuTest *cu) +test_changed_staple_ku (void) { CK_ATTRIBUTE stapled_ds_and_np[] = { { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, @@ -1684,74 +1567,55 @@ test_changed_staple_ku (CuTest *cu) CK_ATTRIBUTE *attrs; CK_RV rv; - setup (cu); - p11_index_batch (test.index); rv = p11_index_take (test.index, p11_attrs_dup (input), NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = p11_index_take (test.index, p11_attrs_dup (stapled_ds_and_np), NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); p11_index_finish (test.index); handle = p11_index_find (test.index, nss_trust_ds_and_np, 2); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); attrs = p11_index_lookup (test.index, handle); - test_check_attrs (cu, nss_trust_ds_and_np, attrs); - - teardown (cu); + test_check_attrs (nss_trust_ds_and_np, attrs); } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); - /* p11_message_quiet (); */ - - SUITE_ADD_TEST (suite, test_get_cache); - SUITE_ADD_TEST (suite, test_build_data); - SUITE_ADD_TEST (suite, test_build_certificate); - SUITE_ADD_TEST (suite, test_build_certificate_empty); - SUITE_ADD_TEST (suite, test_build_certificate_non_ca); - SUITE_ADD_TEST (suite, test_build_certificate_v1_ca); - SUITE_ADD_TEST (suite, test_build_certificate_staple_ca); - SUITE_ADD_TEST (suite, test_build_certificate_no_type); - SUITE_ADD_TEST (suite, test_build_certificate_bad_type); - SUITE_ADD_TEST (suite, test_build_extension); - SUITE_ADD_TEST (suite, test_build_distant_end_date); - SUITE_ADD_TEST (suite, test_create_not_settable); - SUITE_ADD_TEST (suite, test_create_but_loadable); - SUITE_ADD_TEST (suite, test_create_unsupported); - SUITE_ADD_TEST (suite, test_create_generated); - SUITE_ADD_TEST (suite, test_create_bad_attribute); - SUITE_ADD_TEST (suite, test_create_missing_attribute); - SUITE_ADD_TEST (suite, test_create_no_class); - SUITE_ADD_TEST (suite, test_create_token_mismatch); - SUITE_ADD_TEST (suite, test_modify_success); - SUITE_ADD_TEST (suite, test_modify_read_only); - SUITE_ADD_TEST (suite, test_modify_unchanged); - SUITE_ADD_TEST (suite, test_modify_not_modifiable); - - SUITE_ADD_TEST (suite, test_changed_trusted_certificate); - SUITE_ADD_TEST (suite, test_changed_distrust_value); - SUITE_ADD_TEST (suite, test_changed_distrust_serial); - SUITE_ADD_TEST (suite, test_changed_without_id); - SUITE_ADD_TEST (suite, test_changed_staple_ca); - SUITE_ADD_TEST (suite, test_changed_staple_ku); - SUITE_ADD_TEST (suite, test_changed_dup_certificates); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_fixture (setup, teardown); + p11_test (test_get_cache, "/builder/get_cache"); + p11_test (test_build_data, "/builder/build_data"); + p11_test (test_build_certificate, "/builder/build_certificate"); + p11_test (test_build_certificate_empty, "/builder/build_certificate_empty"); + p11_test (test_build_certificate_non_ca, "/builder/build_certificate_non_ca"); + p11_test (test_build_certificate_v1_ca, "/builder/build_certificate_v1_ca"); + p11_test (test_build_certificate_staple_ca, "/builder/build_certificate_staple_ca"); + p11_test (test_build_certificate_no_type, "/builder/build_certificate_no_type"); + p11_test (test_build_certificate_bad_type, "/builder/build_certificate_bad_type"); + p11_test (test_build_extension, "/builder/build_extension"); + p11_test (test_build_distant_end_date, "/builder/build_distant_end_date"); + p11_test (test_create_not_settable, "/builder/create_not_settable"); + p11_test (test_create_but_loadable, "/builder/create_but_loadable"); + p11_test (test_create_unsupported, "/builder/create_unsupported"); + p11_test (test_create_generated, "/builder/create_generated"); + p11_test (test_create_bad_attribute, "/builder/create_bad_attribute"); + p11_test (test_create_missing_attribute, "/builder/create_missing_attribute"); + p11_test (test_create_no_class, "/builder/create_no_class"); + p11_test (test_create_token_mismatch, "/builder/create_token_mismatch"); + p11_test (test_modify_success, "/builder/modify_success"); + p11_test (test_modify_read_only, "/builder/modify_read_only"); + p11_test (test_modify_unchanged, "/builder/modify_unchanged"); + p11_test (test_modify_not_modifiable, "/builder/modify_not_modifiable"); + + p11_test (test_changed_trusted_certificate, "/builder/changed_trusted_certificate"); + p11_test (test_changed_distrust_value, "/builder/changed_distrust_value"); + p11_test (test_changed_distrust_serial, "/builder/changed_distrust_serial"); + p11_test (test_changed_without_id, "/builder/changed_without_id"); + p11_test (test_changed_staple_ca, "/builder/changed_staple_ca"); + p11_test (test_changed_staple_ku, "/builder/changed_staple_ku"); + p11_test (test_changed_dup_certificates, "/builder/changed_dup_certificates"); + return p11_test_run (argc, argv); } diff --git a/trust/tests/test-index.c b/trust/tests/test-index.c index 8405061..85c44b7 100644 --- a/trust/tests/test-index.c +++ b/trust/tests/test-index.c @@ -33,8 +33,10 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" +#include "test-trust.h" +#include <stdarg.h> #include <stdlib.h> #include <stdio.h> #include <string.h> @@ -44,28 +46,26 @@ #include "index.h" #include "message.h" -#include "test-data.h" - struct { p11_index *index; } test; static void -setup (CuTest *cu) +setup (void *unused) { test.index = p11_index_new (NULL, NULL, NULL); - CuAssertPtrNotNull (cu, test.index); + assert_ptr_not_null (test.index); } static void -teardown (CuTest *cu) +teardown (void *unused) { p11_index_free (test.index); memset (&test, 0, sizeof (test)); } static void -test_take_lookup (CuTest *cu) +test_take_lookup (void) { CK_ATTRIBUTE original[] = { { CKA_LABEL, "yay", 3 }, @@ -78,26 +78,22 @@ test_take_lookup (CuTest *cu) CK_OBJECT_HANDLE handle; CK_RV rv; - setup (cu); - attrs = p11_attrs_dup (original); rv = p11_index_take (test.index, attrs, &handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); check = p11_index_lookup (test.index, handle); - test_check_attrs (cu, original, check); + test_check_attrs (original, check); check = p11_index_lookup (test.index, 1UL); - CuAssertPtrEquals (cu, NULL, check); + assert_ptr_eq (NULL, check); check = p11_index_lookup (test.index, 0UL); - CuAssertPtrEquals (cu, NULL, check); - - teardown (cu); + assert_ptr_eq (NULL, check); } static void -test_add_lookup (CuTest *cu) +test_add_lookup (void) { CK_ATTRIBUTE original[] = { { CKA_LABEL, "yay", 3 }, @@ -109,19 +105,15 @@ test_add_lookup (CuTest *cu) CK_OBJECT_HANDLE handle; CK_RV rv; - setup (cu); - rv = p11_index_add (test.index, original, 2, &handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); check = p11_index_lookup (test.index, handle); - test_check_attrs (cu, original, check); - - teardown (cu); + test_check_attrs (original, check); } static void -test_size (CuTest *cu) +test_size (void) { static CK_ATTRIBUTE original[] = { { CKA_LABEL, "yay", 3 }, @@ -131,20 +123,16 @@ test_size (CuTest *cu) CK_RV rv; - setup (cu); - rv = p11_index_add (test.index, original, 2, NULL); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = p11_index_add (test.index, original, 2, NULL); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = p11_index_add (test.index, original, 2, NULL); - CuAssertTrue (cu, rv == CKR_OK); - - CuAssertIntEquals (cu, 3, p11_index_size (test.index)); + assert (rv == CKR_OK); - teardown (cu); + assert_num_eq (3, p11_index_size (test.index)); } static int @@ -162,7 +150,7 @@ compar_ulong (const void *one, } static void -test_snapshot (CuTest *cu) +test_snapshot (void) { CK_ATTRIBUTE original[] = { { CKA_LABEL, "yay", 3 }, @@ -175,29 +163,26 @@ test_snapshot (CuTest *cu) CK_OBJECT_HANDLE *snapshot; int i; - setup (cu); - for (i = 0; i < NUM; i++) p11_index_add (test.index, original, 2, expected + i); snapshot = p11_index_snapshot (test.index, NULL, NULL, 0); - CuAssertPtrNotNull (cu, snapshot); + assert_ptr_not_null (snapshot); for (i = 0; i < NUM; i++) - CuAssertTrue (cu, snapshot[i] != 0); - CuAssertTrue (cu, snapshot[NUM] == 0); + assert (snapshot[i] != 0); + assert (snapshot[NUM] == 0); qsort (snapshot, NUM, sizeof (CK_OBJECT_HANDLE), compar_ulong); for (i = 0; i < NUM; i++) - CuAssertIntEquals (cu, expected[i], snapshot[i]); + assert_num_eq (expected[i], snapshot[i]); free (snapshot); - teardown (cu); } static void -test_snapshot_base (CuTest *cu) +test_snapshot_base (void) { CK_ATTRIBUTE original[] = { { CKA_LABEL, "yay", 3 }, @@ -211,31 +196,28 @@ test_snapshot_base (CuTest *cu) CK_RV rv; int i; - setup (cu); - for (i = 0; i < NUM; i++) { rv = p11_index_add (test.index, original, 2, expected + i); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); } snapshot = p11_index_snapshot (test.index, test.index, NULL, 0); - CuAssertPtrNotNull (cu, snapshot); + assert_ptr_not_null (snapshot); for (i = 0; i < NUM * 2; i++) - CuAssertTrue (cu, snapshot[i] != 0); - CuAssertTrue (cu, snapshot[NUM * 2] == 0); + assert (snapshot[i] != 0); + assert (snapshot[NUM * 2] == 0); qsort (snapshot, NUM * 2, sizeof (CK_OBJECT_HANDLE), compar_ulong); for (i = 0; i < NUM * 2; i++) - CuAssertIntEquals (cu, expected[i / 2], snapshot[i]); + assert_num_eq (expected[i / 2], snapshot[i]); free (snapshot); - teardown (cu); } static void -test_remove (CuTest *cu) +test_remove (void) { CK_ATTRIBUTE original[] = { { CKA_LABEL, "yay", 3 }, @@ -248,29 +230,25 @@ test_remove (CuTest *cu) CK_OBJECT_HANDLE handle; CK_RV rv; - setup (cu); - attrs = p11_attrs_dup (original); rv = p11_index_take (test.index, attrs, &handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); check = p11_index_lookup (test.index, handle); - CuAssertPtrEquals (cu, attrs, check); + assert_ptr_eq (attrs, check); rv = p11_index_remove (test.index, 1UL); - CuAssertTrue (cu, rv == CKR_OBJECT_HANDLE_INVALID); + assert (rv == CKR_OBJECT_HANDLE_INVALID); rv = p11_index_remove (test.index, handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); check = p11_index_lookup (test.index, handle); - CuAssertPtrEquals (cu, NULL, check); - - teardown (cu); + assert_ptr_eq (NULL, check); } static void -test_set (CuTest *cu) +test_set (void) { CK_ATTRIBUTE original[] = { { CKA_LABEL, "yay", 3 }, @@ -291,29 +269,25 @@ test_set (CuTest *cu) CK_OBJECT_HANDLE handle; CK_RV rv; - setup (cu); - attrs = p11_attrs_dup (original); rv = p11_index_take (test.index, attrs, &handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); check = p11_index_lookup (test.index, handle); - test_check_attrs (cu, original, check); + test_check_attrs (original, check); rv = p11_index_set (test.index, handle, &change, 1); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); check = p11_index_lookup (test.index, handle); - test_check_attrs (cu, changed, check); + test_check_attrs (changed, check); rv = p11_index_set (test.index, 1UL, &change, 1); - CuAssertTrue (cu, rv == CKR_OBJECT_HANDLE_INVALID); - - teardown (cu); + assert (rv == CKR_OBJECT_HANDLE_INVALID); } static void -test_update (CuTest *cu) +test_update (void) { CK_ATTRIBUTE original[] = { { CKA_LABEL, "yay", 3 }, @@ -334,31 +308,27 @@ test_update (CuTest *cu) CK_OBJECT_HANDLE handle; CK_RV rv; - setup (cu); - attrs = p11_attrs_dup (original); rv = p11_index_take (test.index, attrs, &handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); check = p11_index_lookup (test.index, handle); - test_check_attrs (cu, original, check); + test_check_attrs (original, check); attrs = p11_attrs_build (NULL, &change, NULL); rv = p11_index_update (test.index, handle, attrs); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); check = p11_index_lookup (test.index, handle); - test_check_attrs (cu, changed, check); + test_check_attrs (changed, check); attrs = p11_attrs_build (NULL, &change, NULL); rv = p11_index_update (test.index, 1L, attrs); - CuAssertTrue (cu, rv == CKR_OBJECT_HANDLE_INVALID); - - teardown (cu); + assert (rv == CKR_OBJECT_HANDLE_INVALID); } static void -test_find (CuTest *tc) +test_find (void) { CK_ATTRIBUTE first[] = { { CKA_LABEL, "yay", 3 }, @@ -399,31 +369,27 @@ test_find (CuTest *tc) CK_OBJECT_HANDLE two; CK_OBJECT_HANDLE three; - setup (tc); - p11_index_add (test.index, first, 2, &one); p11_index_add (test.index, second, 2, &two); p11_index_add (test.index, third, 2, &three); check = p11_index_find (test.index, match3, -1); - CuAssertIntEquals (tc, three, check); + assert_num_eq (three, check); check = p11_index_find (test.index, match3, 1); - CuAssertIntEquals (tc, three, check); + assert_num_eq (three, check); check = p11_index_find (test.index, match_any, -1); - CuAssertTrue (tc, check == one || check == two || check == three); + assert (check == one || check == two || check == three); check = p11_index_find (test.index, match_any, 1); - CuAssertTrue (tc, check == one || check == two || check == three); + assert (check == one || check == two || check == three); check = p11_index_find (test.index, match_none, -1); - CuAssertIntEquals (tc, 0, check); + assert_num_eq (0, check); check = p11_index_find (test.index, match_none, 2); - CuAssertIntEquals (tc, 0, check); - - teardown (tc); + assert_num_eq (0, check); } static bool @@ -464,7 +430,7 @@ handles_are (CK_OBJECT_HANDLE *handles, } static void -test_find_all (CuTest *tc) +test_find_all (void) { CK_ATTRIBUTE first[] = { { CKA_LABEL, "odd", 3 }, @@ -513,44 +479,40 @@ test_find_all (CuTest *tc) CK_OBJECT_HANDLE two; CK_OBJECT_HANDLE three; - setup (tc); - p11_index_add (test.index, first, 3, &one); p11_index_add (test.index, second, 3, &two); p11_index_add (test.index, third, 3, &three); check = p11_index_find_all (test.index, match_3, -1); - CuAssertTrue (tc, handles_are (check, three, 0UL)); + assert (handles_are (check, three, 0UL)); free (check); check = p11_index_find_all (test.index, match_none, -1); - CuAssertTrue (tc, handles_are (check, 0UL)); + assert (handles_are (check, 0UL)); free (check); check = p11_index_find_all (test.index, match_odd, -1); - CuAssertTrue (tc, handles_are (check, one, three, 0UL)); + assert (handles_are (check, one, three, 0UL)); free (check); check = p11_index_find_all (test.index, match_any, -1); - CuAssertTrue (tc, handles_are (check, one, two, three, 0UL)); + assert (handles_are (check, one, two, three, 0UL)); free (check); check = p11_index_find_all (test.index, match_none, -1); - CuAssertPtrNotNull (tc, check); - CuAssertIntEquals (tc, 0, check[0]); + assert_ptr_not_null (check); + assert_num_eq (0, check[0]); free (check); /* A double check of this method */ one = 0UL; check = &one; - CuAssertTrue (tc, !handles_are (check, 29292929, 0UL)); - CuAssertTrue (tc, !handles_are (NULL, 0UL)); - - teardown (tc); + assert (!handles_are (check, 29292929, 0UL)); + assert (!handles_are (NULL, 0UL)); } static void -test_find_realloc (CuTest *tc) +test_find_realloc (void) { CK_ATTRIBUTE attrs[] = { { CKA_LABEL, "odd", 3 }, @@ -566,24 +528,21 @@ test_find_realloc (CuTest *tc) CK_OBJECT_HANDLE *check; int i; - setup (tc); - for (i = 0; i < 1000; i++) p11_index_add (test.index, attrs, 3, NULL); check = p11_index_find_all (test.index, match, -1); - CuAssertPtrNotNull (tc, check); + assert_ptr_not_null (check); for (i = 0; i < 1000; i++) - CuAssertTrue (tc, check[i] != 0); - CuAssertIntEquals (tc, 0, check[1000]); + assert (check[i] != 0); + assert_num_eq (0, check[1000]); free (check); - teardown (tc); } static void -test_replace_all (CuTest *tc) +test_replace_all (void) { CK_ATTRIBUTE first[] = { { CKA_LABEL, "odd", 3 }, @@ -647,16 +606,14 @@ test_replace_all (CuTest *tc) p11_array *array; CK_RV rv; - setup (tc); - p11_index_add (test.index, first, 3, &one); - CuAssertTrue (tc, one != 0); + assert (one != 0); p11_index_add (test.index, second, 3, &two); - CuAssertTrue (tc, two != 0); + assert (two != 0); p11_index_add (test.index, third, 3, &three); - CuAssertTrue (tc, three != 0); + assert (three != 0); p11_index_add (test.index, fifth, 3, &five); - CuAssertTrue (tc, five != 0); + assert (five != 0); array = p11_array_new (p11_attrs_free); p11_array_push (array, p11_attrs_buildn (NULL, eins, 3)); @@ -664,38 +621,36 @@ test_replace_all (CuTest *tc) p11_array_push (array, p11_attrs_buildn (NULL, neun, 3)); rv = p11_index_replace_all (test.index, match, CKA_VALUE, array); - CuAssertTrue (tc, rv == CKR_OK); + assert (rv == CKR_OK); - CuAssertIntEquals (tc, 0, array->num); + assert_num_eq (0, array->num); p11_array_free (array); /* eins should have replaced one */ check = p11_index_find (test.index, eins, -1); - CuAssertIntEquals (tc, one, check); + assert_num_eq (one, check); /* two should still be around */ check = p11_index_find (test.index, second, -1); - CuAssertIntEquals (tc, two, check); + assert_num_eq (two, check); /* three should have been removed */ check = p11_index_find (test.index, third, -1); - CuAssertIntEquals (tc, 0, check); + assert_num_eq (0, check); /* five should have been removed */ check = p11_index_find (test.index, fifth, -1); - CuAssertIntEquals (tc, 0, check); + assert_num_eq (0, check); /* sieben should have been added */ check = p11_index_find (test.index, sieben, -1); - CuAssertTrue (tc, check != one && check != two && check != three && check != five); + assert (check != one && check != two && check != three && check != five); /* neun should have been added */ check = p11_index_find (test.index, neun, -1); - CuAssertTrue (tc, check != one && check != two && check != three && check != five); - - CuAssertIntEquals (tc, 4, p11_index_size (test.index)); + assert (check != one && check != two && check != three && check != five); - teardown (tc); + assert_num_eq (4, p11_index_size (test.index)); } @@ -705,17 +660,16 @@ on_build_populate (void *data, CK_ATTRIBUTE **attrs, CK_ATTRIBUTE *merge) { - CuTest *cu = data; - CK_ATTRIBUTE override[] = { { CKA_APPLICATION, "vigorous", 8 }, { CKA_LABEL, "naay", 4 }, { CKA_INVALID }, }; - CuAssertPtrNotNull (cu, index); - CuAssertPtrNotNull (cu, attrs); - CuAssertPtrNotNull (cu, merge); + assert_str_eq (data, "blah"); + assert_ptr_not_null (index); + assert_ptr_not_null (attrs); + assert_ptr_not_null (merge); *attrs = p11_attrs_merge (*attrs, merge, true); *attrs = p11_attrs_merge (*attrs, p11_attrs_dup (override), true); @@ -723,7 +677,7 @@ on_build_populate (void *data, } static void -test_build_populate (CuTest *cu) +test_build_populate (void) { CK_ATTRIBUTE original[] = { { CKA_LABEL, "yay", 3 }, @@ -744,24 +698,24 @@ test_build_populate (CuTest *cu) p11_index *index; CK_RV rv; - index = p11_index_new (on_build_populate, NULL, cu); - CuAssertPtrNotNull (cu, index); + index = p11_index_new (on_build_populate, NULL, "blah"); + assert_ptr_not_null (index); rv = p11_index_add (index, original, 2, &handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); check = p11_index_lookup (index, handle); - CuAssertPtrNotNull (cu, check); + assert_ptr_not_null (check); - test_check_attrs (cu, after, check); + test_check_attrs (after, check); rv = p11_index_set (index, handle, original, 2); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); check = p11_index_lookup (index, handle); - CuAssertPtrNotNull (cu, check); + assert_ptr_not_null (check); - test_check_attrs (cu, after, check); + test_check_attrs (after, check); p11_index_free (index); } @@ -772,14 +726,13 @@ on_build_fail (void *data, CK_ATTRIBUTE **attrs, CK_ATTRIBUTE *merge) { - CuTest *cu = data; - CK_ATTRIBUTE check[] = { { CKA_LABEL, "nay", 3 }, { CKA_INVALID } }; - CuAssertPtrNotNull (cu, merge); + assert_str_eq (data, "testo"); + assert_ptr_not_null (merge); if (p11_attrs_match (merge, check)) return CKR_DEVICE_ERROR; @@ -790,7 +743,7 @@ on_build_fail (void *data, static void -test_build_fail (CuTest *cu) +test_build_fail (void) { CK_ATTRIBUTE okay[] = { { CKA_LABEL, "yay", 3 }, @@ -808,20 +761,20 @@ test_build_fail (CuTest *cu) p11_index *index; CK_RV rv; - index = p11_index_new (on_build_fail, NULL, cu); - CuAssertPtrNotNull (cu, index); + index = p11_index_new (on_build_fail, NULL, "testo"); + assert_ptr_not_null (index); rv = p11_index_add (index, okay, 2, &handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = p11_index_add (index, fails, 2, NULL); - CuAssertTrue (cu, rv == CKR_DEVICE_ERROR); + assert (rv == CKR_DEVICE_ERROR); rv = p11_index_set (index, handle, fails, 2); - CuAssertTrue (cu, rv == CKR_DEVICE_ERROR); + assert (rv == CKR_DEVICE_ERROR); rv = p11_index_set (index, handle, okay, 2); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); p11_index_free (index); } @@ -836,8 +789,6 @@ on_change_check (void *data, CK_OBJECT_HANDLE handle, CK_ATTRIBUTE *attrs) { - CuTest *cu = data; - CK_ATTRIBUTE check[] = { { CKA_LABEL, "yay", 3 }, { CKA_VALUE, "eight", 5 }, @@ -845,22 +796,23 @@ on_change_check (void *data, }; - CuAssertPtrNotNull (cu, index); - CuAssertPtrNotNull (cu, attrs); + assert_str_eq (data, "change-check"); + assert_ptr_not_null (index); + assert_ptr_not_null (attrs); if (!on_change_batching) { if (on_change_removing) - CuAssertIntEquals (cu, 0, handle); + assert_num_eq (0, handle); else - CuAssertTrue (cu, handle != 0); + assert (handle != 0); } - test_check_attrs (cu, check, attrs); + test_check_attrs (check, attrs); on_change_called++; } static void -test_change_called (CuTest *cu) +test_change_called (void) { CK_ATTRIBUTE original[] = { { CKA_LABEL, "yay", 3 }, @@ -873,39 +825,39 @@ test_change_called (CuTest *cu) p11_index *index; CK_RV rv; - index = p11_index_new (NULL, on_change_check, cu); - CuAssertPtrNotNull (cu, index); + index = p11_index_new (NULL, on_change_check, "change-check"); + assert_ptr_not_null (index); on_change_removing = false; on_change_called = 0; rv = p11_index_add (index, original, 2, NULL); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); - CuAssertIntEquals (cu, 1, on_change_called); + assert_num_eq (1, on_change_called); rv = p11_index_add (index, original, 2, NULL); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); - CuAssertIntEquals (cu, 2, on_change_called); + assert_num_eq (2, on_change_called); rv = p11_index_add (index, original, 2, &handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); - CuAssertIntEquals (cu, 3, on_change_called); + assert_num_eq (3, on_change_called); on_change_removing = true; rv = p11_index_remove (index, handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); - CuAssertIntEquals (cu, 4, on_change_called); + assert_num_eq (4, on_change_called); p11_index_free (index); } static void -test_change_batch (CuTest *cu) +test_change_batch (void) { CK_ATTRIBUTE original[] = { { CKA_LABEL, "yay", 3 }, @@ -918,38 +870,38 @@ test_change_batch (CuTest *cu) p11_index *index; CK_RV rv; - index = p11_index_new (NULL, on_change_check, cu); - CuAssertPtrNotNull (cu, index); + index = p11_index_new (NULL, on_change_check, "change-check"); + assert_ptr_not_null (index); on_change_batching = true; on_change_called = 0; p11_index_batch (index); - CuAssertTrue (cu, p11_index_in_batch (index)); + assert (p11_index_in_batch (index)); rv = p11_index_add (index, original, 2, NULL); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); - CuAssertIntEquals (cu, 0, on_change_called); + assert_num_eq (0, on_change_called); rv = p11_index_add (index, original, 2, NULL); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); - CuAssertIntEquals (cu, 0, on_change_called); + assert_num_eq (0, on_change_called); rv = p11_index_add (index, original, 2, &handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); - CuAssertIntEquals (cu, 0, on_change_called); + assert_num_eq (0, on_change_called); /* Nested batch is a noop */ p11_index_batch (index); rv = p11_index_remove (index, handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); - CuAssertIntEquals (cu, 0, on_change_called); + assert_num_eq (0, on_change_called); /* * Batch finishes when first finish call is called, @@ -957,18 +909,18 @@ test_change_batch (CuTest *cu) */ p11_index_finish (index); - CuAssertTrue (cu, !p11_index_in_batch (index)); + assert (!p11_index_in_batch (index)); /* * Only three calls, because later operations on the * same handle override the earlier one. */ - CuAssertIntEquals (cu, 3, on_change_called); + assert_num_eq (3, on_change_called); /* This is a noop */ p11_index_finish (index); - CuAssertTrue (cu, !p11_index_in_batch (index)); + assert (!p11_index_in_batch (index)); p11_index_free (index); } @@ -979,7 +931,6 @@ on_change_nested (void *data, CK_OBJECT_HANDLE handle, CK_ATTRIBUTE *attrs) { - CuTest *cu = data; CK_RV rv; CK_ATTRIBUTE second[] = { @@ -989,15 +940,16 @@ on_change_nested (void *data, }; + assert_str_eq (data, "change-nested"); on_change_called++; /* A nested call */ rv = p11_index_add (index, second, 2, NULL); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); } static void -test_change_nested (CuTest *cu) +test_change_nested (void) { CK_ATTRIBUTE original[] = { { CKA_LABEL, "yay", 3 }, @@ -1009,61 +961,50 @@ test_change_nested (CuTest *cu) p11_index *index; CK_RV rv; - index = p11_index_new (NULL, on_change_nested, cu); - CuAssertPtrNotNull (cu, index); + index = p11_index_new (NULL, on_change_nested, "change-nested"); + assert_ptr_not_null (index); on_change_called = 0; rv = p11_index_add (index, original, 2, NULL); - CuAssertTrue (cu, rv == CKR_OK); - CuAssertIntEquals (cu, 1, on_change_called); + assert (rv == CKR_OK); + assert_num_eq (1, on_change_called); on_change_called = 0; p11_index_batch (index); rv = p11_index_add (index, original, 2, NULL); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); p11_index_finish (index); - CuAssertIntEquals (cu, 1, on_change_called); + assert_num_eq (1, on_change_called); p11_index_free (index); } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); p11_message_quiet (); - SUITE_ADD_TEST (suite, test_add_lookup); - SUITE_ADD_TEST (suite, test_take_lookup); - SUITE_ADD_TEST (suite, test_size); - SUITE_ADD_TEST (suite, test_remove); - SUITE_ADD_TEST (suite, test_snapshot); - SUITE_ADD_TEST (suite, test_snapshot_base); - SUITE_ADD_TEST (suite, test_set); - SUITE_ADD_TEST (suite, test_update); - SUITE_ADD_TEST (suite, test_find); - SUITE_ADD_TEST (suite, test_find_all); - SUITE_ADD_TEST (suite, test_find_realloc); - SUITE_ADD_TEST (suite, test_replace_all); - SUITE_ADD_TEST (suite, test_build_populate); - SUITE_ADD_TEST (suite, test_build_fail); - SUITE_ADD_TEST (suite, test_change_called); - SUITE_ADD_TEST (suite, test_change_batch); - SUITE_ADD_TEST (suite, test_change_nested); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_fixture (setup, teardown); + p11_test (test_add_lookup, "/index/add_lookup"); + p11_test (test_take_lookup, "/index/take_lookup"); + p11_test (test_size, "/index/size"); + p11_test (test_remove, "/index/remove"); + p11_test (test_snapshot, "/index/snapshot"); + p11_test (test_snapshot_base, "/index/snapshot_base"); + p11_test (test_set, "/index/set"); + p11_test (test_update, "/index/update"); + p11_test (test_find, "/index/find"); + p11_test (test_find_all, "/index/find_all"); + p11_test (test_find_realloc, "/index/find_realloc"); + p11_test (test_replace_all, "/index/replace_all"); + + p11_fixture (NULL, NULL); + p11_test (test_build_populate, "/index/build_populate"); + p11_test (test_build_fail, "/index/build_fail"); + p11_test (test_change_called, "/index/change_called"); + p11_test (test_change_batch, "/index/change_batch"); + p11_test (test_change_nested, "/index/change_nested"); + return p11_test_run (argc, argv); } diff --git a/trust/tests/test-module.c b/trust/tests/test-module.c index 472263a..3d6c00b 100644 --- a/trust/tests/test-module.c +++ b/trust/tests/test-module.c @@ -32,21 +32,21 @@ * Author: Stef Walter <stefw@gnome.org> */ +#define CRYPTOKI_EXPORTS + #include "config.h" -#include "CuTest.h" +#include "test.h" +#include "test-trust.h" #include <stdlib.h> #include <stdio.h> #include <string.h> -#define CRYPTOKI_EXPORTS - #include "attrs.h" #include "hash.h" #include "library.h" #include "path.h" #include "pkcs11x.h" -#include "test-data.h" #include "token.h" #include <assert.h> @@ -60,14 +60,17 @@ #define NUM_SLOTS 3 static CK_OBJECT_CLASS data = CKO_DATA; +static CK_BBOOL vtrue = CK_TRUE; +static CK_BBOOL vfalse = CK_FALSE; struct { CK_FUNCTION_LIST *module; CK_SLOT_ID slots[NUM_SLOTS]; + char *directory; } test; static void -setup (CuTest *cu) +setup (void *unused) { CK_C_INITIALIZE_ARGS args; const char *paths; @@ -79,89 +82,122 @@ setup (CuTest *cu) /* This is the entry point of the trust module, linked to this test */ rv = C_GetFunctionList (&test.module); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); memset (&args, 0, sizeof (args)); paths = SRCDIR "/input" P11_PATH_SEP \ SRCDIR "/files/self-signed-with-ku.der" P11_PATH_SEP \ SRCDIR "/files/thawte.pem"; if (asprintf (&arguments, "paths='%s'", paths) < 0) - CuAssertTrue (cu, false && "not reached"); + assert (false && "not reached"); args.pReserved = arguments; args.flags = CKF_OS_LOCKING_OK; rv = test.module->C_Initialize (&args); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); free (arguments); count = NUM_SLOTS; rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count); - CuAssertTrue (cu, rv == CKR_OK); - CuAssertTrue (cu, count == NUM_SLOTS); + assert (rv == CKR_OK); + assert (count == NUM_SLOTS); } static void -teardown (CuTest *cu) +teardown (void *unused) { CK_RV rv; rv = test.module->C_Finalize (NULL); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); + + free (test.directory); memset (&test, 0, sizeof (test)); } static void -test_get_slot_list (CuTest *cu) +setup_writable (void *unused) +{ + CK_C_INITIALIZE_ARGS args; + char *arguments; + CK_ULONG count; + CK_RV rv; + + memset (&test, 0, sizeof (test)); + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&test.module); + assert (rv == CKR_OK); + + test.directory = p11_path_expand ("$TEMP/test-module.XXXXXX"); + if (!mkdtemp (test.directory)) + assert_not_reached (); + + memset (&args, 0, sizeof (args)); + if (asprintf (&arguments, "paths='%s'", test.directory) < 0) + assert (false && "not reached"); + args.pReserved = arguments; + args.flags = CKF_OS_LOCKING_OK; + + rv = test.module->C_Initialize (&args); + assert (rv == CKR_OK); + + free (arguments); + + count = 1; + rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count); + assert_num_eq (rv, CKR_OK); + assert_num_eq (count, 1); +} + +static void +test_get_slot_list (void) { CK_SLOT_ID slots[NUM_SLOTS]; CK_ULONG count; CK_RV rv; int i; - setup (cu); - rv = test.module->C_GetSlotList (TRUE, NULL, &count); - CuAssertIntEquals (cu, CKR_OK, rv); - CuAssertIntEquals (cu, NUM_SLOTS, count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); count = 1; rv = test.module->C_GetSlotList (TRUE, slots, &count); - CuAssertIntEquals (cu, CKR_BUFFER_TOO_SMALL, rv); - CuAssertIntEquals (cu, NUM_SLOTS, count); + assert_num_eq (CKR_BUFFER_TOO_SMALL, rv); + assert_num_eq (NUM_SLOTS, count); count = NUM_SLOTS; memset (slots, 0, sizeof (slots)); rv = test.module->C_GetSlotList (TRUE, slots, &count); - CuAssertIntEquals (cu, CKR_OK, rv); - CuAssertIntEquals (cu, NUM_SLOTS, count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); for (i = 0; i < NUM_SLOTS; i++) - CuAssertTrue (cu, slots[i] != 0); - - teardown (cu); + assert (slots[i] != 0); } static void -test_null_initialize (CuTest *cu) +test_null_initialize (void) { CK_FUNCTION_LIST *module; CK_RV rv; /* This is the entry point of the trust module, linked to this test */ rv = C_GetFunctionList (&module); - CuAssertTrue (cu, rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = module->C_Initialize (NULL); - CuAssertTrue (cu, rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = module->C_Finalize (NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); } static void -test_multi_initialize (CuTest *cu) +test_multi_initialize (void) { static CK_C_INITIALIZE_ARGS args = { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; @@ -174,42 +210,42 @@ test_multi_initialize (CuTest *cu) /* This is the entry point of the trust module, linked to this test */ rv = C_GetFunctionList (&module); - CuAssertTrue (cu, rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = module->C_Initialize (&args); - CuAssertTrue (cu, rv == CKR_OK); + assert_num_eq (rv, CKR_OK); count = 8; rv = module->C_GetSlotList (CK_TRUE, slots, &count); - CuAssertTrue (cu, rv == CKR_OK); - CuAssertTrue (cu, count > 0); + assert_num_eq (rv, CKR_OK); + assert_num_cmp (count, >, 0); rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - CuAssertTrue (cu, rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = module->C_GetSessionInfo (session, &info); - CuAssertTrue (cu, rv == CKR_OK); - CuAssertTrue (cu, info.slotID == slots[0]); + assert_num_eq (rv, CKR_OK); + assert_num_eq (info.slotID, slots[0]); rv = module->C_Initialize (&args); - CuAssertTrue (cu, rv == CKR_OK); + assert_num_eq (rv, CKR_OK); rv = module->C_GetSessionInfo (session, &info); - CuAssertTrue (cu, rv == CKR_OK); - CuAssertTrue (cu, info.slotID == slots[0]); + assert_num_eq (rv, CKR_OK); + assert_num_eq (info.slotID, slots[0]); rv = module->C_Finalize (NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = module->C_Finalize (NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = module->C_Finalize (NULL); - CuAssertIntEquals (cu, CKR_CRYPTOKI_NOT_INITIALIZED, rv); + assert_num_eq (CKR_CRYPTOKI_NOT_INITIALIZED, rv); } static void -test_get_slot_info (CuTest *cu) +test_get_slot_info (void) { CK_SLOT_ID slots[NUM_SLOTS]; CK_SLOT_INFO info; @@ -226,30 +262,26 @@ test_get_slot_info (CuTest *cu) SRCDIR "/files/thawte.pem" }; - setup (cu); - count = NUM_SLOTS; rv = test.module->C_GetSlotList (TRUE, slots, &count); - CuAssertIntEquals (cu, CKR_OK, rv); - CuAssertIntEquals (cu, NUM_SLOTS, count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); for (i = 0; i < NUM_SLOTS; i++) { rv = test.module->C_GetSlotInfo (slots[i], &info); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); memset (description, ' ', sizeof (description)); length = strlen(paths[i]); if (length > sizeof (description)) length = sizeof (description); memcpy (description, paths[i], length); - CuAssertTrue (cu, memcmp (info.slotDescription, description, sizeof (description)) == 0); + assert (memcmp (info.slotDescription, description, sizeof (description)) == 0); } - - teardown (cu); } static void -test_get_token_info (CuTest *cu) +test_get_token_info (void) { CK_C_INITIALIZE_ARGS args; CK_FUNCTION_LIST *module; @@ -269,7 +301,7 @@ test_get_token_info (CuTest *cu) /* This is the entry point of the trust module, linked to this test */ rv = C_GetFunctionList (&module); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); memset (&args, 0, sizeof (args)); args.pReserved = "paths='" \ @@ -279,28 +311,28 @@ test_get_token_info (CuTest *cu) args.flags = CKF_OS_LOCKING_OK; rv = module->C_Initialize (&args); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); count = NUM_SLOTS; rv = module->C_GetSlotList (CK_TRUE, slots, &count); - CuAssertTrue (cu, rv == CKR_OK); - CuAssertTrue (cu, count == NUM_SLOTS); + assert (rv == CKR_OK); + assert (count == NUM_SLOTS); for (i = 0; i < NUM_SLOTS; i++) { rv = module->C_GetTokenInfo (slots[i], &info); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); memset (label, ' ', sizeof (label)); memcpy (label, labels[i], strlen (labels[i])); - CuAssertTrue (cu, memcmp (info.label, label, sizeof (label)) == 0); + assert (memcmp (info.label, label, sizeof (label)) == 0); } rv = module->C_Finalize (NULL); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); } static void -test_get_session_info (CuTest *cu) +test_get_session_info (void) { CK_SLOT_ID slots[NUM_SLOTS]; CK_SESSION_HANDLE sessions[NUM_SLOTS]; @@ -309,30 +341,26 @@ test_get_session_info (CuTest *cu) CK_RV rv; int i; - setup (cu); - count = NUM_SLOTS; rv = test.module->C_GetSlotList (TRUE, slots, &count); - CuAssertIntEquals (cu, CKR_OK, rv); - CuAssertIntEquals (cu, NUM_SLOTS, count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); /* Open two sessions with each token */ for (i = 0; i < NUM_SLOTS; i++) { rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i]); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_GetSessionInfo (sessions[i], &info); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); - CuAssertIntEquals (cu, slots[i], info.slotID); - CuAssertIntEquals (cu, CKF_SERIAL_SESSION, info.flags); + assert_num_eq (slots[i], info.slotID); + assert_num_eq (CKF_SERIAL_SESSION, info.flags); } - - teardown (cu); } static void -test_close_all_sessions (CuTest *cu) +test_close_all_sessions (void) { CK_SLOT_ID slots[NUM_SLOTS]; CK_SESSION_HANDLE sessions[NUM_SLOTS][2]; @@ -341,52 +369,47 @@ test_close_all_sessions (CuTest *cu) CK_RV rv; int i; - setup (cu); - count = NUM_SLOTS; rv = test.module->C_GetSlotList (TRUE, slots, &count); - CuAssertIntEquals (cu, CKR_OK, rv); - CuAssertIntEquals (cu, NUM_SLOTS, count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); /* Open two sessions with each token */ for (i = 0; i < NUM_SLOTS; i++) { rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][0]); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_GetSessionInfo (sessions[i][0], &info); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][1]); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_GetSessionInfo (sessions[i][0], &info); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); } /* Close all the sessions on the first token */ rv = test.module->C_CloseAllSessions (slots[0]); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); /* Those sessions should be closed */ rv = test.module->C_GetSessionInfo (sessions[0][0], &info); - CuAssertIntEquals (cu, CKR_SESSION_HANDLE_INVALID, rv); + assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv); rv = test.module->C_GetSessionInfo (sessions[0][1], &info); - CuAssertIntEquals (cu, CKR_SESSION_HANDLE_INVALID, rv); + assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv); /* Other sessions should still be open */ for (i = 1; i < NUM_SLOTS; i++) { rv = test.module->C_GetSessionInfo (sessions[i][0], &info); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_GetSessionInfo (sessions[i][0], &info); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); } - - teardown (cu); } static CK_ULONG -find_objects (CuTest *cu, - CK_ATTRIBUTE *match, +find_objects (CK_ATTRIBUTE *match, CK_OBJECT_HANDLE *sessions, CK_OBJECT_HANDLE *objects, CK_ULONG max_objects) @@ -400,14 +423,14 @@ find_objects (CuTest *cu, found = 0; for (i = 0; i < NUM_SLOTS; i++) { rv = test.module->C_OpenSession (test.slots[i], CKF_SERIAL_SESSION, NULL, NULL, &session); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = test.module->C_FindObjectsInit (session, match, p11_attrs_count (match)); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = test.module->C_FindObjects (session, objects + found, max_objects - found, &count); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = test.module->C_FindObjectsFinal (session); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); for (j = found ; j < found + count; j++) sessions[j] = session; @@ -419,8 +442,7 @@ find_objects (CuTest *cu, } static void -check_trust_object_equiv (CuTest *cu, - CK_SESSION_HANDLE session, +check_trust_object_equiv (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE trust, CK_ATTRIBUTE *cert) { @@ -444,14 +466,13 @@ check_trust_object_equiv (CuTest *cu, }; rv = test.module->C_GetAttributeValue (session, trust, equiv, 6); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); - test_check_attrs (cu, equiv, cert); + test_check_attrs (equiv, cert); } static void -check_trust_object_hashes (CuTest *cu, - CK_SESSION_HANDLE session, +check_trust_object_hashes (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE trust, CK_ATTRIBUTE *cert) { @@ -468,21 +489,20 @@ check_trust_object_hashes (CuTest *cu, }; rv = test.module->C_GetAttributeValue (session, trust, hashes, 2); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); value = p11_attrs_find_valid (cert, CKA_VALUE); - CuAssertPtrNotNull (cu, value); + assert_ptr_not_null (value); p11_hash_md5 (check, value->pValue, value->ulValueLen, NULL); - CuAssertTrue (cu, memcmp (md5, check, sizeof (md5)) == 0); + assert (memcmp (md5, check, sizeof (md5)) == 0); p11_hash_sha1 (check, value->pValue, value->ulValueLen, NULL); - CuAssertTrue (cu, memcmp (sha1, check, sizeof (sha1)) == 0); + assert (memcmp (sha1, check, sizeof (sha1)) == 0); } static void -check_has_trust_object (CuTest *cu, - CK_ATTRIBUTE *cert) +check_has_trust_object (CK_ATTRIBUTE *cert) { CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST; CK_ATTRIBUTE klass = { CKA_CLASS, &trust_object, sizeof (trust_object) }; @@ -493,21 +513,20 @@ check_has_trust_object (CuTest *cu, CK_ULONG count; attr = p11_attrs_find_valid (cert, CKA_ID); - CuAssertPtrNotNull (cu, attr); + assert_ptr_not_null (attr); match = p11_attrs_build (NULL, &klass, attr, NULL); - count = find_objects (cu, match, sessions, objects, 2); - CuAssertIntEquals (cu, 1, count); + count = find_objects (match, sessions, objects, 2); + assert_num_eq (1, count); - check_trust_object_equiv (cu, sessions[0], objects[0], cert); - check_trust_object_hashes (cu, sessions[0], objects[0], cert); + check_trust_object_equiv (sessions[0], objects[0], cert); + check_trust_object_hashes (sessions[0], objects[0], cert); p11_attrs_free (match); } static void -check_certificate (CuTest *cu, - CK_SESSION_HANDLE session, +check_certificate (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE handle) { unsigned char label[4096]= { 0, }; @@ -548,7 +567,7 @@ check_certificate (CuTest *cu, /* Note that we don't pass the CKA_INVALID attribute in */ rv = test.module->C_GetAttributeValue (session, handle, attrs, 15); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); /* If this is the cacert3 certificate, check its values */ if (memcmp (value, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)) == 0) { @@ -565,25 +584,25 @@ check_certificate (CuTest *cu, { CKA_INVALID, }, }; - test_check_cacert3_ca (cu, attrs, NULL); + test_check_cacert3_ca (attrs, NULL); /* Get anchor specific attributes */ rv = test.module->C_GetAttributeValue (session, handle, anchor, 1); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); /* It lives in the trusted directory */ - test_check_attrs (cu, check, anchor); + test_check_attrs (check, anchor); /* Other certificates, we can't check the values */ } else { - test_check_object (cu, attrs, CKO_CERTIFICATE, NULL); + test_check_object (attrs, CKO_CERTIFICATE, NULL); } - check_has_trust_object (cu, attrs); + check_has_trust_object (attrs); } static void -test_find_certificates (CuTest *cu) +test_find_certificates (void) { CK_OBJECT_CLASS klass = CKO_CERTIFICATE; @@ -597,23 +616,17 @@ test_find_certificates (CuTest *cu) CK_ULONG count; CK_ULONG i; - setup (cu); - - count = find_objects (cu, match, sessions, objects, 16); - CuAssertIntEquals (cu, 8, count); + count = find_objects (match, sessions, objects, 16); + assert_num_eq (8, count); for (i = 0; i < count; i++) - check_certificate (cu, sessions[i], objects[i]); - - teardown (cu); + check_certificate (sessions[i], objects[i]); } static void -test_find_builtin (CuTest *cu) +test_find_builtin (void) { CK_OBJECT_CLASS klass = CKO_NSS_BUILTIN_ROOT_LIST; - CK_BBOOL vtrue = CK_TRUE; - CK_BBOOL vfalse = CK_FALSE; CK_ATTRIBUTE match[] = { { CKA_CLASS, &klass, sizeof (klass) }, @@ -627,17 +640,13 @@ test_find_builtin (CuTest *cu) CK_SESSION_HANDLE sessions[16]; CK_ULONG count; - setup (cu); - /* One per token */ - count = find_objects (cu, match, sessions, objects, 16); - CuAssertIntEquals (cu, NUM_SLOTS, count); - - teardown (cu); + count = find_objects (match, sessions, objects, 16); + assert_num_eq (NUM_SLOTS, count); } static void -test_session_object (CuTest *cu) +test_session_object (void) { CK_ATTRIBUTE original[] = { { CKA_CLASS, &data, sizeof (data) }, @@ -651,22 +660,18 @@ test_session_object (CuTest *cu) CK_ULONG size; CK_RV rv; - setup (cu); - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = test.module->C_CreateObject (session, original, 2, &handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = test.module->C_GetObjectSize (session, handle, &size); - CuAssertTrue (cu, rv == CKR_OK); - - teardown (cu); + assert (rv == CKR_OK); } static void -test_session_find (CuTest *cu) +test_session_find (void) { CK_ATTRIBUTE original[] = { { CKA_CLASS, &data, sizeof (data) }, @@ -681,30 +686,26 @@ test_session_find (CuTest *cu) CK_ULONG count; CK_RV rv; - setup (cu); - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_CreateObject (session, original, 2, &handle); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_FindObjectsInit (session, original, 2); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_FindObjects (session, &check, 1, &count); - CuAssertIntEquals (cu, CKR_OK, rv); - CuAssertIntEquals (cu, 1, count); - CuAssertIntEquals (cu, handle, check); + assert_num_eq (CKR_OK, rv); + assert_num_eq (1, count); + assert_num_eq (handle, check); rv = test.module->C_FindObjectsFinal (session); - CuAssertIntEquals (cu, CKR_OK, rv); - - teardown (cu); + assert_num_eq (CKR_OK, rv); } static void -test_session_find_no_attr (CuTest *cu) +test_session_find_no_attr (void) { CK_ATTRIBUTE original[] = { { CKA_CLASS, &data, sizeof (data) }, @@ -724,71 +725,59 @@ test_session_find_no_attr (CuTest *cu) CK_ULONG count; CK_RV rv; - setup (cu); - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_CreateObject (session, original, 3, &handle); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_FindObjectsInit (session, match, 1); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_FindObjects (session, &check, 1, &count); - CuAssertIntEquals (cu, CKR_OK, rv); - CuAssertIntEquals (cu, 0, count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (0, count); rv = test.module->C_FindObjectsFinal (session); - CuAssertIntEquals (cu, CKR_OK, rv); - - teardown (cu); + assert_num_eq (CKR_OK, rv); } static void -test_lookup_invalid (CuTest *cu) +test_lookup_invalid (void) { CK_SESSION_HANDLE session; CK_ULONG size; CK_RV rv; - setup (cu); - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = test.module->C_GetObjectSize (session, 88888, &size); - CuAssertTrue (cu, rv == CKR_OBJECT_HANDLE_INVALID); - - teardown (cu); + assert (rv == CKR_OBJECT_HANDLE_INVALID); } static void -test_remove_token (CuTest *cu) +test_remove_token (void) { CK_SESSION_HANDLE session; CK_OBJECT_HANDLE handle; CK_ULONG count; CK_RV rv; - setup (cu); - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - CuAssertTrue (cu, rv == CKR_OK); + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); rv = test.module->C_FindObjectsInit (session, NULL, 0); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = test.module->C_FindObjects (session, &handle, 1, &count); - CuAssertTrue (cu, rv == CKR_OK); - CuAssertIntEquals (cu, 1, count); + assert (rv == CKR_OK); + assert_num_eq (1, count); rv = test.module->C_DestroyObject (session, handle); - CuAssertTrue (cu, rv == CKR_TOKEN_WRITE_PROTECTED); - - teardown (cu); + assert_num_eq (rv, CKR_FUNCTION_REJECTED); } static void -test_setattr_token (CuTest *cu) +test_setattr_token (void) { CK_ATTRIBUTE original[] = { { CKA_CLASS, &data, sizeof (data) }, @@ -802,26 +791,22 @@ test_setattr_token (CuTest *cu) CK_ULONG count; CK_RV rv; - setup (cu); - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - CuAssertTrue (cu, rv == CKR_OK); + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); rv = test.module->C_FindObjectsInit (session, NULL, 0); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = test.module->C_FindObjects (session, &handle, 1, &count); - CuAssertTrue (cu, rv == CKR_OK); - CuAssertIntEquals (cu, 1, count); + assert (rv == CKR_OK); + assert_num_eq (1, count); rv = test.module->C_SetAttributeValue (session, handle, original, 2); - CuAssertTrue (cu, rv == CKR_TOKEN_WRITE_PROTECTED); - - teardown (cu); + assert_num_eq (rv, CKR_ATTRIBUTE_READ_ONLY); } static void -test_session_copy (CuTest *cu) +test_session_copy (void) { CK_ATTRIBUTE original[] = { { CKA_CLASS, &data, sizeof (data) }, @@ -836,25 +821,21 @@ test_session_copy (CuTest *cu) CK_ULONG size; CK_RV rv; - setup (cu); - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_CreateObject (session, original, 2, &handle); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_CopyObject (session, handle, original, 2, ©); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_GetObjectSize (session, copy, &size); - CuAssertIntEquals (cu, CKR_OK, rv); - - teardown (cu); + assert_num_eq (CKR_OK, rv); } static void -test_session_setattr (CuTest *cu) +test_session_setattr (void) { CK_ATTRIBUTE original[] = { { CKA_CLASS, &data, sizeof (data) }, @@ -867,22 +848,18 @@ test_session_setattr (CuTest *cu) CK_OBJECT_HANDLE handle; CK_RV rv; - setup (cu); - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = test.module->C_CreateObject (session, original, 2, &handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = test.module->C_SetAttributeValue (session, handle, original, 2); - CuAssertTrue (cu, rv == CKR_OK); - - teardown (cu); + assert (rv == CKR_OK); } static void -test_session_remove (CuTest *cu) +test_session_remove (void) { CK_ATTRIBUTE original[] = { { CKA_CLASS, &data, sizeof (data) }, @@ -895,25 +872,21 @@ test_session_remove (CuTest *cu) CK_OBJECT_HANDLE handle; CK_RV rv; - setup (cu); - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = test.module->C_CreateObject (session, original, 2, &handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = test.module->C_DestroyObject (session, handle); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); rv = test.module->C_DestroyObject (session, handle); - CuAssertTrue (cu, rv == CKR_OBJECT_HANDLE_INVALID); - - teardown (cu); + assert (rv == CKR_OBJECT_HANDLE_INVALID); } static void -test_find_serial_der_decoded (CuTest *cu) +test_find_serial_der_decoded (void) { CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; @@ -946,39 +919,35 @@ test_find_serial_der_decoded (CuTest *cu) * See work_around_broken_nss_serial_number_lookups(). */ - setup (cu); - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_CreateObject (session, object, 2, &handle); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); /* Do a standard find for the same object */ rv = test.module->C_FindObjectsInit (session, object, 2); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_FindObjects (session, &check, 1, &count); - CuAssertIntEquals (cu, CKR_OK, rv); - CuAssertIntEquals (cu, 1, count); - CuAssertIntEquals (cu, handle, check); + assert_num_eq (CKR_OK, rv); + assert_num_eq (1, count); + assert_num_eq (handle, check); rv = test.module->C_FindObjectsFinal (session); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); /* Do a find for the serial number decoded */ rv = test.module->C_FindObjectsInit (session, match_decoded, 2); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_FindObjects (session, &check, 1, &count); - CuAssertIntEquals (cu, CKR_OK, rv); - CuAssertIntEquals (cu, 1, count); - CuAssertIntEquals (cu, handle, check); + assert_num_eq (CKR_OK, rv); + assert_num_eq (1, count); + assert_num_eq (handle, check); rv = test.module->C_FindObjectsFinal (session); - CuAssertIntEquals (cu, CKR_OK, rv); - - teardown (cu); + assert_num_eq (CKR_OK, rv); } static void -test_find_serial_der_mismatch (CuTest *cu) +test_find_serial_der_mismatch (void) { CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; @@ -1000,109 +969,135 @@ test_find_serial_der_mismatch (CuTest *cu) CK_ULONG count; CK_RV rv; - setup (cu); - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_CreateObject (session, object, 2, &handle); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); /* Do a find with a null serial number, no match */ rv = test.module->C_FindObjectsInit (session, match, 2); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_FindObjects (session, &check, 1, &count); - CuAssertIntEquals (cu, CKR_OK, rv); - CuAssertIntEquals (cu, 0, count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (0, count); rv = test.module->C_FindObjectsFinal (session); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); /* Do a find with a wrong length, no match */ match[0].pValue = "at"; match[0].ulValueLen = 2; rv = test.module->C_FindObjectsInit (session, match, 2); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_FindObjects (session, &check, 1, &count); - CuAssertIntEquals (cu, CKR_OK, rv); - CuAssertIntEquals (cu, 0, count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (0, count); rv = test.module->C_FindObjectsFinal (session); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); /* Do a find with a right length, wrong value, no match */ match[0].pValue = "one"; match[0].ulValueLen = 3; rv = test.module->C_FindObjectsInit (session, match, 2); - CuAssertIntEquals (cu, CKR_OK, rv); + assert_num_eq (CKR_OK, rv); rv = test.module->C_FindObjects (session, &check, 1, &count); - CuAssertIntEquals (cu, CKR_OK, rv); - CuAssertIntEquals (cu, 0, count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (0, count); rv = test.module->C_FindObjectsFinal (session); - CuAssertIntEquals (cu, CKR_OK, rv); - - teardown (cu); + assert_num_eq (CKR_OK, rv); } static void -test_login_logout (CuTest *cu) +test_login_logout (void) { CK_SESSION_HANDLE session; CK_RV rv; - setup (cu); - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - CuAssertTrue (cu, rv == CKR_OK); + assert (rv == CKR_OK); /* Just testing our stubs for now */ rv = test.module->C_Login (session, CKU_USER, NULL, 0); - CuAssertTrue (cu, rv == CKR_USER_TYPE_INVALID); + assert (rv == CKR_USER_TYPE_INVALID); rv = test.module->C_Logout (session); - CuAssertTrue (cu, rv == CKR_USER_NOT_LOGGED_IN); + assert (rv == CKR_USER_NOT_LOGGED_IN); +} + +static void +test_token_writable (void) +{ + CK_TOKEN_INFO info; + CK_RV rv; + + rv = test.module->C_GetTokenInfo (test.slots[0], &info); - teardown (cu); + assert_num_eq (rv, CKR_OK); + assert_num_eq (info.flags & CKF_WRITE_PROTECTED, 0); } -int -main (void) +static void +test_session_read_only_create (void) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_RV rv; - putenv ("P11_KIT_STRICT=1"); + /* Read-only session */ + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, + NULL, NULL, &session); + assert (rv == CKR_OK); + + /* Create a token object */ + rv = test.module->C_CreateObject (session, original, 4, &handle); + assert_num_eq (rv, CKR_SESSION_READ_ONLY); +} + +int +main (int argc, + char *argv[]) +{ p11_library_init (); - SUITE_ADD_TEST (suite, test_null_initialize); - SUITE_ADD_TEST (suite, test_multi_initialize); - SUITE_ADD_TEST (suite, test_get_slot_list); - SUITE_ADD_TEST (suite, test_get_slot_info); - SUITE_ADD_TEST (suite, test_get_token_info); - SUITE_ADD_TEST (suite, test_get_session_info); - SUITE_ADD_TEST (suite, test_close_all_sessions); - SUITE_ADD_TEST (suite, test_find_certificates); - SUITE_ADD_TEST (suite, test_find_builtin); - SUITE_ADD_TEST (suite, test_lookup_invalid); - SUITE_ADD_TEST (suite, test_remove_token); - SUITE_ADD_TEST (suite, test_setattr_token); - SUITE_ADD_TEST (suite, test_session_object); - SUITE_ADD_TEST (suite, test_session_find); - SUITE_ADD_TEST (suite, test_session_find_no_attr); - SUITE_ADD_TEST (suite, test_session_copy); - SUITE_ADD_TEST (suite, test_session_remove); - SUITE_ADD_TEST (suite, test_session_setattr); - SUITE_ADD_TEST (suite, test_find_serial_der_decoded); - SUITE_ADD_TEST (suite, test_find_serial_der_mismatch); - SUITE_ADD_TEST (suite, test_login_logout); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_fixture (setup, teardown); + p11_test (test_get_slot_list, "/module/get_slot_list"); + p11_test (test_get_slot_info, "/module/get_slot_info"); + + p11_fixture (NULL, NULL); + p11_test (test_null_initialize, "/module/initialize-null"); + p11_test (test_multi_initialize, "/module/initialize-multi"); + p11_test (test_get_token_info, "/module/get_token_info"); + + p11_fixture (setup, teardown); + p11_test (test_get_session_info, "/module/get_session_info"); + p11_test (test_close_all_sessions, "/module/close_all_sessions"); + p11_test (test_find_certificates, "/module/find_certificates"); + p11_test (test_find_builtin, "/module/find_builtin"); + p11_test (test_lookup_invalid, "/module/lookup_invalid"); + p11_test (test_remove_token, "/module/remove_token"); + p11_test (test_setattr_token, "/module/setattr_token"); + p11_test (test_session_object, "/module/session_object"); + p11_test (test_session_find, "/module/session_find"); + p11_test (test_session_find_no_attr, "/module/session_find_no_attr"); + p11_test (test_session_copy, "/module/session_copy"); + p11_test (test_session_remove, "/module/session_remove"); + p11_test (test_session_setattr, "/module/session_setattr"); + p11_test (test_find_serial_der_decoded, "/module/find_serial_der_decoded"); + p11_test (test_find_serial_der_mismatch, "/module/find_serial_der_mismatch"); + p11_test (test_login_logout, "/module/login_logout"); + + p11_fixture (setup_writable, teardown); + p11_test (test_token_writable, "/module/token-writable"); + p11_test (test_session_read_only_create, "/module/session-read-only-create"); + + return p11_test_run (argc, argv); } diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c index 147823a..2b60254 100644 --- a/trust/tests/test-parser.c +++ b/trust/tests/test-parser.c @@ -33,7 +33,8 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" +#include "test-trust.h" #include <stdlib.h> #include <stdio.h> @@ -47,7 +48,6 @@ #include "oid.h" #include "parser.h" #include "pkcs11x.h" -#include "test-data.h" struct { p11_parser *parser; @@ -56,16 +56,16 @@ struct { } test; static void -setup (CuTest *cu) +setup (void *unused) { test.index = p11_index_new (NULL, NULL, NULL); test.cache = p11_asn1_cache_new (); test.parser = p11_parser_new (test.index, test.cache); - CuAssertPtrNotNull (cu, test.parser); + assert_ptr_not_null (test.parser); } static void -teardown (CuTest *cu) +teardown (void *unused) { p11_parser_free (test.parser); p11_index_free (test.index); @@ -94,7 +94,7 @@ parsed_attrs (CK_ATTRIBUTE *match) } static void -test_parse_der_certificate (CuTest *cu) +test_parse_der_certificate (void) { CK_ATTRIBUTE *cert; int ret; @@ -109,23 +109,19 @@ test_parse_der_certificate (CuTest *cu) { CKA_INVALID }, }; - setup (cu); - ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", P11_PARSE_FLAG_NONE); - CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret); + assert_num_eq (P11_PARSE_SUCCESS, ret); /* Should have gotten certificate */ - CuAssertIntEquals (cu, 1, p11_index_size (test.index)); + assert_num_eq (1, p11_index_size (test.index)); cert = parsed_attrs (certificate_match); - test_check_attrs (cu, expected, cert); - - teardown (cu); + test_check_attrs (expected, cert); } static void -test_parse_pem_certificate (CuTest *cu) +test_parse_pem_certificate (void) { CK_ATTRIBUTE *cert; int ret; @@ -140,23 +136,19 @@ test_parse_pem_certificate (CuTest *cu) { CKA_INVALID }, }; - setup (cu); - ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.pem", P11_PARSE_FLAG_NONE); - CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret); + assert_num_eq (P11_PARSE_SUCCESS, ret); /* Should have gotten certificate */ - CuAssertIntEquals (cu, 1, p11_index_size (test.index)); + assert_num_eq (1, p11_index_size (test.index)); cert = parsed_attrs (certificate_match); - test_check_attrs (cu, expected, cert); - - teardown (cu); + test_check_attrs (expected, cert); } static void -test_parse_p11_kit_persist (CuTest *cu) +test_parse_p11_kit_persist (void) { CK_ATTRIBUTE *cert; int ret; @@ -171,23 +163,19 @@ test_parse_p11_kit_persist (CuTest *cu) { CKA_INVALID }, }; - setup (cu); - ret = p11_parse_file (test.parser, SRCDIR "/input/verisign-v1.p11-kit", P11_PARSE_FLAG_NONE); - CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret); + assert_num_eq (P11_PARSE_SUCCESS, ret); /* Should have gotten certificate */ - CuAssertIntEquals (cu, 1, p11_index_size (test.index)); + assert_num_eq (1, p11_index_size (test.index)); cert = parsed_attrs (certificate_match); - test_check_attrs (cu, expected, cert); - - teardown (cu); + test_check_attrs (expected, cert); } static void -test_parse_openssl_trusted (CuTest *cu) +test_parse_openssl_trusted (void) { CK_ATTRIBUTE cacert3[] = { { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, @@ -228,40 +216,36 @@ test_parse_openssl_trusted (CuTest *cu) int ret; int i; - setup (cu); - ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3-trusted.pem", P11_PARSE_FLAG_ANCHOR); - CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret); + assert_num_eq (P11_PARSE_SUCCESS, ret); /* * Should have gotten: * - 1 certificate * - 2 stapled extensions */ - CuAssertIntEquals (cu, 3, p11_index_size (test.index)); + assert_num_eq (3, p11_index_size (test.index)); /* The certificate */ cert = parsed_attrs (certificate_match); - test_check_attrs (cu, expected[0], cert); + test_check_attrs (expected[0], cert); /* The other objects */ for (i = 1; expected[i]; i++) { handle = p11_index_find (test.index, expected[i], 2); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); object = p11_index_lookup (test.index, handle); - CuAssertPtrNotNull (cu, object); + assert_ptr_not_null (object); - test_check_attrs (cu, expected[i], object); - test_check_id (cu, cert, object); + test_check_attrs (expected[i], object); + test_check_id (cert, object); } - - teardown (cu); } static void -test_parse_openssl_distrusted (CuTest *cu) +test_parse_openssl_distrusted (void) { CK_ATTRIBUTE distrust_cert[] = { { CKA_CLASS, &certificate, sizeof (certificate), }, @@ -301,42 +285,38 @@ test_parse_openssl_distrusted (CuTest *cu) int ret; int i; - setup (cu); - /* * OpenSSL style is to litter the blacklist in with the anchors, * so we parse this as an anchor, but expect it to be blacklisted */ ret = p11_parse_file (test.parser, SRCDIR "/files/distrusted.pem", P11_PARSE_FLAG_ANCHOR); - CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret); + assert_num_eq (P11_PARSE_SUCCESS, ret); /* * Should have gotten: * - 1 certificate * - 2 stapled extensions */ - CuAssertIntEquals (cu, 3, p11_index_size (test.index)); + assert_num_eq (3, p11_index_size (test.index)); cert = parsed_attrs (certificate_match); - test_check_attrs (cu, expected[0], cert); + test_check_attrs (expected[0], cert); /* The other objects */ for (i = 1; expected[i]; i++) { handle = p11_index_find (test.index, expected[i], 2); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); object = p11_index_lookup (test.index, handle); - CuAssertPtrNotNull (cu, object); + assert_ptr_not_null (object); - test_check_attrs (cu, expected[i], object); - test_check_id (cu, cert, object); + test_check_attrs (expected[i], object); + test_check_id (cert, object); } - - teardown (cu); } static void -test_parse_anchor (CuTest *cu) +test_parse_anchor (void) { CK_ATTRIBUTE cacert3[] = { { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, @@ -351,26 +331,22 @@ test_parse_anchor (CuTest *cu) CK_ATTRIBUTE *cert; int ret; - setup (cu); - ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", P11_PARSE_FLAG_ANCHOR); - CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret); + assert_num_eq (P11_PARSE_SUCCESS, ret); /* * Should have gotten: * - 1 certificate */ - CuAssertIntEquals (cu, 1, p11_index_size (test.index)); + assert_num_eq (1, p11_index_size (test.index)); cert = parsed_attrs (certificate_match); - test_check_attrs (cu, cacert3, cert); - - teardown (cu); + test_check_attrs (cacert3, cert); } static void -test_parse_thawte (CuTest *cu) +test_parse_thawte (void) { CK_ATTRIBUTE *cert; int ret; @@ -384,61 +360,49 @@ test_parse_thawte (CuTest *cu) { CKA_INVALID }, }; - setup (cu); - ret = p11_parse_file (test.parser, SRCDIR "/files/thawte.pem", P11_PARSE_FLAG_NONE); - CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret); + assert_num_eq (P11_PARSE_SUCCESS, ret); /* Should have gotten certificate */ - CuAssertIntEquals (cu, 1, p11_index_size (test.index)); + assert_num_eq (1, p11_index_size (test.index)); cert = parsed_attrs (certificate_match); - test_check_attrs (cu, expected, cert); - - teardown (cu); + test_check_attrs (expected, cert); } /* TODO: A certificate that uses generalTime needs testing */ static void -test_parse_invalid_file (CuTest *cu) +test_parse_invalid_file (void) { int ret; - setup (cu); - p11_message_quiet (); ret = p11_parse_file (test.parser, "/nonexistant", P11_PARSE_FLAG_NONE); - CuAssertIntEquals (cu, P11_PARSE_FAILURE, ret); + assert_num_eq (P11_PARSE_FAILURE, ret); p11_message_loud (); - - teardown (cu); } static void -test_parse_unrecognized (CuTest *cu) +test_parse_unrecognized (void) { int ret; - setup (cu); - p11_message_quiet (); ret = p11_parse_file (test.parser, SRCDIR "/files/unrecognized-file.txt", P11_PARSE_FLAG_NONE); - CuAssertIntEquals (cu, P11_PARSE_UNRECOGNIZED, ret); + assert_num_eq (P11_PARSE_UNRECOGNIZED, ret); p11_message_loud (); - - teardown (cu); } static void -test_duplicate (CuTest *cu) +test_duplicate (void) { CK_ATTRIBUTE cacert3[] = { { CKA_CLASS, &certificate, sizeof (certificate) }, @@ -454,36 +418,33 @@ test_duplicate (CuTest *cu) CK_ATTRIBUTE *cert; int ret; - setup (cu); - ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", 0); - CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret); + assert_num_eq (P11_PARSE_SUCCESS, ret); p11_message_quiet (); /* This shouldn't be added, should print a message */ ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", 0); - CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret); + assert_num_eq (P11_PARSE_SUCCESS, ret); - CuAssertTrue (cu, strstr (p11_message_last (), "duplicate") != NULL); + assert (strstr (p11_message_last (), "duplicate") != NULL); p11_message_loud (); /* Should only be one certificate since the above two are identical */ handles = p11_index_find_all (test.index, cacert3, 2); - CuAssertPtrNotNull (cu, handles); - CuAssertTrue (cu, handles[0] != 0); - CuAssertTrue (cu, handles[1] == 0); + assert_ptr_not_null (handles); + assert (handles[0] != 0); + assert (handles[1] == 0); cert = p11_index_lookup (test.index, handles[0]); - test_check_attrs (cu, cacert3, cert); + test_check_attrs (cacert3, cert); free (handles); - teardown (cu); } static void -test_duplicate_priority (CuTest *cu) +test_duplicate_priority (void) { CK_ATTRIBUTE cacert3[] = { { CKA_CLASS, &certificate, sizeof (certificate) }, @@ -515,29 +476,27 @@ test_duplicate_priority (CuTest *cu) CK_ATTRIBUTE *cert; int ret; - setup (cu); - ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", 0); - CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret); + assert_num_eq (P11_PARSE_SUCCESS, ret); p11_message_quiet (); /* This shouldn't be added, should print a message */ ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", P11_PARSE_FLAG_ANCHOR); - CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret); + assert_num_eq (P11_PARSE_SUCCESS, ret); - CuAssertTrue (cu, strstr (p11_message_last (), "duplicate") != NULL); + assert (strstr (p11_message_last (), "duplicate") != NULL); p11_message_loud (); /* We should now find the trusted certificate */ handles = p11_index_find_all (test.index, cacert3, 2); - CuAssertPtrNotNull (cu, handles); - CuAssertTrue (cu, handles[0] != 0); - CuAssertTrue (cu, handles[1] == 0); + assert_ptr_not_null (handles); + assert (handles[0] != 0); + assert (handles[1] == 0); cert = p11_index_lookup (test.index, handles[0]); - test_check_attrs (cu, trusted, cert); + test_check_attrs (trusted, cert); free (handles); /* Now add a distrutsed one, this should override the trusted */ @@ -546,51 +505,35 @@ test_duplicate_priority (CuTest *cu) ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", P11_PARSE_FLAG_BLACKLIST); - CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret); + assert_num_eq (P11_PARSE_SUCCESS, ret); p11_message_loud (); /* We should now find the distrusted certificate */ handles = p11_index_find_all (test.index, cacert3, 2); - CuAssertPtrNotNull (cu, handles); - CuAssertTrue (cu, handles[0] != 0); - CuAssertTrue (cu, handles[1] == 0); + assert_ptr_not_null (handles); + assert (handles[0] != 0); + assert (handles[1] == 0); cert = p11_index_lookup (test.index, handles[0]); - test_check_attrs (cu, distrust, cert); + test_check_attrs (distrust, cert); free (handles); - - teardown (cu); } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); - - SUITE_ADD_TEST (suite, test_parse_der_certificate); - SUITE_ADD_TEST (suite, test_parse_pem_certificate); - SUITE_ADD_TEST (suite, test_parse_p11_kit_persist); - SUITE_ADD_TEST (suite, test_parse_openssl_trusted); - SUITE_ADD_TEST (suite, test_parse_openssl_distrusted); - SUITE_ADD_TEST (suite, test_parse_anchor); - SUITE_ADD_TEST (suite, test_parse_thawte); - SUITE_ADD_TEST (suite, test_parse_invalid_file); - SUITE_ADD_TEST (suite, test_parse_unrecognized); - SUITE_ADD_TEST (suite, test_duplicate); - SUITE_ADD_TEST (suite, test_duplicate_priority); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_fixture (setup, teardown); + p11_test (test_parse_der_certificate, "/parser/parse_der_certificate"); + p11_test (test_parse_pem_certificate, "/parser/parse_pem_certificate"); + p11_test (test_parse_p11_kit_persist, "/parser/parse_p11_kit_persist"); + p11_test (test_parse_openssl_trusted, "/parser/parse_openssl_trusted"); + p11_test (test_parse_openssl_distrusted, "/parser/parse_openssl_distrusted"); + p11_test (test_parse_anchor, "/parser/parse_anchor"); + p11_test (test_parse_thawte, "/parser/parse_thawte"); + p11_test (test_parse_invalid_file, "/parser/parse_invalid_file"); + p11_test (test_parse_unrecognized, "/parser/parse_unrecognized"); + p11_test (test_duplicate, "/parser/duplicate"); + p11_test (test_duplicate_priority, "/parser/duplicate_priority"); + return p11_test_run (argc, argv); } diff --git a/trust/tests/test-persist.c b/trust/tests/test-persist.c index ee73331..107f131 100644 --- a/trust/tests/test-persist.c +++ b/trust/tests/test-persist.c @@ -33,8 +33,10 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" +#include "test-trust.h" +#include <stdarg.h> #include <stdlib.h> #include <stdio.h> #include <string.h> @@ -48,10 +50,8 @@ #include "pkcs11.h" #include "pkcs11x.h" -#include "test-data.h" - static void -test_magic (CuTest *tc) +test_magic (void) { const char *input = "[p11-kit-object-v1]\n" "class: data\n" @@ -64,10 +64,10 @@ test_magic (CuTest *tc) "value: \"blah\"\n" "application: \"test-persist\"\n"; - CuAssertTrue (tc, p11_persist_magic ((unsigned char *)input, strlen (input))); - CuAssertTrue (tc, !p11_persist_magic ((unsigned char *)input, 5)); - CuAssertTrue (tc, p11_persist_magic ((unsigned char *)other, strlen (other))); - CuAssertTrue (tc, !p11_persist_magic ((unsigned char *)"blah", 4)); + assert (p11_persist_magic ((unsigned char *)input, strlen (input))); + assert (!p11_persist_magic ((unsigned char *)input, 5)); + assert (p11_persist_magic ((unsigned char *)other, strlen (other))); + assert (!p11_persist_magic ((unsigned char *)"blah", 4)); } static p11_array * @@ -94,9 +94,9 @@ args_to_array (void *arg, } static void -check_read_msg (CuTest *tc, - const char *file, +check_read_msg (const char *file, int line, + const char *function, const char *input, p11_array *expected) { @@ -108,14 +108,18 @@ check_read_msg (CuTest *tc, objects = p11_array_new (p11_attrs_free); if (p11_persist_read (persist, "test", (const unsigned char *)input, strlen (input), objects)) { - CuAssert_Line (tc, file, line, "decoding should have failed", expected != NULL); + if (expected == NULL) + p11_test_fail (file, line, function, "decoding should have failed"); for (i = 0; i < expected->num; i++) { - CuAssert_Line (tc, file, line, "too few objects read", i < objects->num); - test_check_attrs_msg (tc, file, line, expected->elem[i], objects->elem[i]); + if (i >= objects->num) + p11_test_fail (file, line, function, "too few objects read"); + test_check_attrs_msg (file, line, function, expected->elem[i], objects->elem[i]); } - CuAssert_Line (tc, file, line, "too many objects read", i == objects->num); + if (i != objects->num) + p11_test_fail (file, line, function, "too many objects read"); } else { - CuAssert_Line (tc, file, line, "decoding failed", expected == NULL); + if (expected != NULL) + p11_test_fail (file, line, function, "decoding failed"); } p11_array_free (objects); @@ -123,11 +127,43 @@ check_read_msg (CuTest *tc, p11_array_free (expected); } -#define check_read_success(tc, input, objs) \ - check_read_msg (tc, __FILE__, __LINE__, input, args_to_array objs) +static void +check_write_msg (const char *file, + int line, + const char *function, + const char *expected, + p11_array *input) +{ + p11_persist *persist; + p11_buffer buf; + int i; + + persist = p11_persist_new (); + p11_buffer_init_null (&buf, 0); + + for (i = 0; i < input->num; i++) { + if (!p11_persist_write (persist, input->elem[i], &buf)) + p11_test_fail (file, line, function, "persist write failed"); + } -#define check_read_failure(tc, input) \ - check_read_msg (tc, __FILE__, __LINE__, input, NULL) + if (strcmp (buf.data, expected) != 0) { + p11_test_fail (file, line, function, "persist doesn't match: (\n%s----\n%s\n)", \ + expected, (char *)buf.data); + } + + p11_buffer_uninit (&buf); + p11_array_free (input); + p11_persist_free (persist); +} + +#define check_read_success(input, objs) \ + check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, args_to_array objs) + +#define check_read_failure(input) \ + check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, NULL) + +#define check_write_success(expected, inputs) \ + check_write_msg (__FILE__, __LINE__, __FUNCTION__, expected, args_to_array inputs) static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; static CK_CERTIFICATE_TYPE x509 = CKC_X_509; @@ -137,53 +173,55 @@ static CK_BBOOL truev = CK_TRUE; static CK_BBOOL falsev = CK_FALSE; static void -test_simple (CuTest *tc) +test_simple (void) { - const char *input = "[p11-kit-object-v1]\n" + const char *output = "[p11-kit-object-v1]\n" "class: data\n" "value: \"blah\"\n" - "application: \"test-persist\"\n"; + "application: \"test-persist\"\n\n"; - CK_ATTRIBUTE expected[] = { + CK_ATTRIBUTE attrs[] = { { CKA_CLASS, &data, sizeof (data) }, { CKA_VALUE, "blah", 4 }, { CKA_APPLICATION, "test-persist", 12 }, { CKA_INVALID }, }; - check_read_success (tc, input, (expected, NULL)); + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); } static void -test_number (CuTest *tc) +test_number (void) { - const char *input = "[p11-kit-object-v1]\n" + const char *output = "[p11-kit-object-v1]\n" "class: data\n" - "value: 29202390\n" - "application: \"test-persist\"\n"; + "value-len: 29202390\n" + "application: \"test-persist\"\n\n"; CK_ULONG value = 29202390; - CK_ATTRIBUTE expected[] = { + CK_ATTRIBUTE attrs[] = { { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE, &value, sizeof (value) }, + { CKA_VALUE_LEN, &value, sizeof (value) }, { CKA_APPLICATION, "test-persist", 12 }, { CKA_INVALID }, }; - check_read_success (tc, input, (expected, NULL)); + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); } static void -test_bool (CuTest *tc) +test_bool (void) { - const char *input = "[p11-kit-object-v1]\n" + const char *output = "[p11-kit-object-v1]\n" "class: data\n" "private: true\n" "modifiable: false\n" - "application: \"test-persist\"\n"; + "application: \"test-persist\"\n\n"; - CK_ATTRIBUTE expected[] = { + CK_ATTRIBUTE attrs[] = { { CKA_CLASS, &data, sizeof (data) }, { CKA_PRIVATE, &truev, sizeof (truev) }, { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, @@ -191,72 +229,143 @@ test_bool (CuTest *tc) { CKA_INVALID }, }; - check_read_success (tc, input, (expected, NULL)); + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); } static void -test_oid (CuTest *tc) +test_oid (void) { - const char *input = "[p11-kit-object-v1]\n" + const char *output = "[p11-kit-object-v1]\n" "class: data\n" - "object-id: 1.2.3.4"; + "object-id: 1.2.3.4\n\n"; - CK_ATTRIBUTE expected[] = { + CK_ATTRIBUTE attrs[] = { { CKA_CLASS, &data, sizeof (data) }, { CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 }, { CKA_INVALID }, }; - check_read_success (tc, input, (expected, NULL)); + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); } static void -test_constant (CuTest *tc) +test_constant (void) { - const char *input = "[p11-kit-object-v1]\n" + const char *output = "[p11-kit-object-v1]\n" "class: data\n" - "trust-server-auth: nss-trust-unknown"; + "certificate-type: x-509-attr-cert\n" + "key-type: rsa\n" + "x-assertion-type: x-pinned-certificate\n" + "certificate-category: authority\n" + "mechanism-type: rsa-pkcs-key-pair-gen\n" + "trust-server-auth: nss-trust-unknown\n\n"; CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; + CK_CERTIFICATE_TYPE type = CKC_X_509_ATTR_CERT; + CK_X_ASSERTION_TYPE ass = CKT_X_PINNED_CERTIFICATE; + CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_KEY_PAIR_GEN; + CK_ULONG category = 2; + CK_KEY_TYPE key = CKK_RSA; - CK_ATTRIBUTE expected[] = { + CK_ATTRIBUTE attrs[] = { { CKA_CLASS, &data, sizeof (data) }, + { CKA_CERTIFICATE_TYPE, &type, sizeof (type) }, + { CKA_KEY_TYPE, &key, sizeof (key) }, + { CKA_X_ASSERTION_TYPE, &ass, sizeof (ass) }, + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_MECHANISM_TYPE, &mech, sizeof (mech) }, { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, { CKA_INVALID }, }; - check_read_success (tc, input, (expected, NULL)); + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); } static void -test_multiple (CuTest *tc) +test_unknown (void) { - const char *input = "[p11-kit-object-v1]\n" + const char *output = "[p11-kit-object-v1]\n" "class: data\n" - "object-id: 1.2.3.4\n" + "38383838: \"the-value-here\"\n\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &data, sizeof (data) }, + { 38383838, "the-value-here", 14 }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_multiple (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "object-id: 1.2.3.4\n\n" "[p11-kit-object-v1]\n" "class: nss-trust\n" - "trust-server-auth: nss-trust-unknown"; + "trust-server-auth: nss-trust-unknown\n\n"; CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; - CK_ATTRIBUTE expected1[] = { + CK_ATTRIBUTE attrs1[] = { { CKA_CLASS, &data, sizeof (data) }, { CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 }, { CKA_INVALID }, }; - CK_ATTRIBUTE expected2[] = { + CK_ATTRIBUTE attrs2[] = { { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, { CKA_INVALID }, }; - check_read_success (tc, input, (expected1, expected2, NULL)); + check_read_success (output, (attrs1, attrs2, NULL)); + check_write_success (output, (attrs1, attrs2, NULL)); } static void -test_pem_block (CuTest *tc) +test_pem_block (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "id: \"292c92\"\n" + "trusted: true\n" + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" + "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" + "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" + "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" + "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" + "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" + "-----END CERTIFICATE-----\n" + "\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_ID, "292c92", 6, }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, &verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_pem_middle (void) { const char *input = "[p11-kit-object-v1]\n" "class: certificate\n" @@ -286,11 +395,11 @@ test_pem_block (CuTest *tc) { CKA_INVALID }, }; - check_read_success (tc, input, (expected, NULL)); + check_read_success (input, (expected, NULL)); } static void -test_pem_invalid (CuTest *tc) +test_pem_invalid (void) { const char *input = "[p11-kit-object-v1]\n" "class: certificate\n" @@ -311,13 +420,13 @@ test_pem_invalid (CuTest *tc) p11_message_quiet (); - check_read_failure (tc, input); + check_read_failure (input); p11_message_loud (); } static void -test_pem_unsupported (CuTest *tc) +test_pem_unsupported (void) { const char *input = "[p11-kit-object-v1]\n" "class: certificate\n" @@ -327,13 +436,13 @@ test_pem_unsupported (CuTest *tc) p11_message_quiet (); - check_read_failure (tc, input); + check_read_failure (input); p11_message_loud (); } static void -test_pem_first (CuTest *tc) +test_pem_first (void) { const char *input = "-----BEGIN BLOCK1-----\n" "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" @@ -343,13 +452,13 @@ test_pem_first (CuTest *tc) p11_message_quiet (); - check_read_failure (tc, input); + check_read_failure (input); p11_message_loud (); } static void -test_skip_unknown (CuTest *tc) +test_skip_unknown (void) { const char *input = "[version-2]\n" "class: data\n" @@ -371,13 +480,13 @@ test_skip_unknown (CuTest *tc) p11_message_quiet (); - check_read_success (tc, input, (expected2, NULL)); + check_read_success (input, (expected2, NULL)); p11_message_loud (); } static void -test_bad_value (CuTest *tc) +test_bad_value (void) { const char *input = "[p11-kit-object-v1]\n" "class: data\n" @@ -385,13 +494,13 @@ test_bad_value (CuTest *tc) p11_message_quiet (); - check_read_failure (tc, input); + check_read_failure (input); p11_message_loud (); } static void -test_bad_oid (CuTest *tc) +test_bad_oid (void) { const char *input = "[p11-kit-object-v1]\n" "class: data\n" @@ -399,13 +508,13 @@ test_bad_oid (CuTest *tc) p11_message_quiet (); - check_read_failure (tc, input); + check_read_failure (input); p11_message_loud (); } static void -test_bad_field (CuTest *tc) +test_bad_field (void) { const char *input = "[p11-kit-object-v1]\n" "class: data\n" @@ -413,13 +522,13 @@ test_bad_field (CuTest *tc) p11_message_quiet (); - check_read_failure (tc, input); + check_read_failure (input); p11_message_loud (); } static void -test_attribute_first (CuTest *tc) +test_attribute_first (void) { const char *input = "class: data\n" "[p11-kit-object-v1]\n" @@ -427,45 +536,72 @@ test_attribute_first (CuTest *tc) p11_message_quiet (); - check_read_failure (tc, input); + check_read_failure (input); p11_message_loud (); } +static void +test_not_boolean (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "private: \"x\"\n\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_PRIVATE, "x", 1 }, + { CKA_INVALID }, + }; + + check_write_success (output, (attrs, NULL)); +} + +static void +test_not_ulong (void) +{ + char buffer[sizeof (CK_ULONG) + 1]; + char *output; + + CK_ATTRIBUTE attrs[] = { + { CKA_BITS_PER_PIXEL, "xx", 2 }, + { CKA_VALUE, buffer, sizeof (CK_ULONG) }, + { CKA_INVALID }, + }; + + memset (buffer, 'x', sizeof (buffer)); + buffer[sizeof (CK_ULONG)] = 0; + + if (asprintf (&output, "[p11-kit-object-v1]\n" + "bits-per-pixel: \"xx\"\n" + "value: \"%s\"\n\n", buffer) < 0) + assert_not_reached (); + + check_write_success (output, (attrs, NULL)); + free (output); +} + int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); - - SUITE_ADD_TEST (suite, test_magic); - SUITE_ADD_TEST (suite, test_simple); - SUITE_ADD_TEST (suite, test_number); - SUITE_ADD_TEST (suite, test_bool); - SUITE_ADD_TEST (suite, test_oid); - SUITE_ADD_TEST (suite, test_constant); - SUITE_ADD_TEST (suite, test_multiple); - SUITE_ADD_TEST (suite, test_pem_block); - SUITE_ADD_TEST (suite, test_pem_invalid); - SUITE_ADD_TEST (suite, test_pem_unsupported); - SUITE_ADD_TEST (suite, test_pem_first); - SUITE_ADD_TEST (suite, test_bad_value); - SUITE_ADD_TEST (suite, test_bad_oid); - SUITE_ADD_TEST (suite, test_bad_field); - SUITE_ADD_TEST (suite, test_skip_unknown); - SUITE_ADD_TEST (suite, test_attribute_first); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_test (test_magic, "/persist/magic"); + p11_test (test_simple, "/persist/simple"); + p11_test (test_number, "/persist/number"); + p11_test (test_bool, "/persist/bool"); + p11_test (test_oid, "/persist/oid"); + p11_test (test_constant, "/persist/constant"); + p11_test (test_unknown, "/persist/unknown"); + p11_test (test_multiple, "/persist/multiple"); + p11_test (test_pem_block, "/persist/pem_block"); + p11_test (test_pem_middle, "/persist/pem-middle"); + p11_test (test_pem_invalid, "/persist/pem_invalid"); + p11_test (test_pem_unsupported, "/persist/pem_unsupported"); + p11_test (test_pem_first, "/persist/pem_first"); + p11_test (test_bad_value, "/persist/bad_value"); + p11_test (test_bad_oid, "/persist/bad_oid"); + p11_test (test_bad_field, "/persist/bad_field"); + p11_test (test_skip_unknown, "/persist/skip_unknown"); + p11_test (test_attribute_first, "/persist/attribute_first"); + p11_test (test_not_boolean, "/persist/not-boolean"); + p11_test (test_not_ulong, "/persist/not-ulong"); + return p11_test_run (argc, argv); } diff --git a/trust/tests/test-token.c b/trust/tests/test-token.c index ffd733f..d372814 100644 --- a/trust/tests/test-token.c +++ b/trust/tests/test-token.c @@ -33,7 +33,8 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" +#include "test-trust.h" #include <stdlib.h> #include <stdio.h> @@ -41,9 +42,9 @@ #include "attrs.h" #include "debug.h" +#include "path.h" #include "pkcs11x.h" #include "message.h" -#include "test-data.h" #include "token.h" struct { @@ -51,40 +52,35 @@ struct { } test; static void -setup (CuTest *cu, - const char *path) +setup (void *path) { test.token = p11_token_new (333, path, "Label"); - CuAssertPtrNotNull (cu, test.token); + assert_ptr_not_null (test.token); } static void -teardown (CuTest *cu) +teardown (void *path) { p11_token_free (test.token); memset (&test, 0, sizeof (test)); } static void -test_token_load (CuTest *cu) +test_token_load (void *path) { p11_index *index; int count; - setup (cu, SRCDIR "/input"); - count = p11_token_load (test.token); - CuAssertIntEquals (cu, 7, count); + assert_num_eq (7, count); /* A certificate and trust object for each parsed object + builtin */ index = p11_token_index (test.token); - CuAssertTrue (cu, ((count - 1) * 2) + 1 <= p11_index_size (index)); - - teardown (cu); + assert (((count - 1) * 2) + 1 <= p11_index_size (index)); } static void -test_token_flags (CuTest *cu) +test_token_flags (void *path) { CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; CK_BBOOL falsev = CK_FALSE; @@ -178,78 +174,125 @@ test_token_flags (CuTest *cu) CK_ATTRIBUTE *object; int i; - setup (cu, SRCDIR "/input"); - if (p11_token_load (test.token) < 0) - CuFail (cu, "should not be reached"); + assert_not_reached (); /* The other objects */ for (i = 0; expected[i]; i++) { handle = p11_index_find (p11_token_index (test.token), expected[i], 2); - CuAssertTrue (cu, handle != 0); + assert (handle != 0); object = p11_index_lookup (p11_token_index (test.token), handle); - CuAssertPtrNotNull (cu, object); + assert_ptr_not_null (object); - test_check_attrs (cu, expected[i], object); + test_check_attrs (expected[i], object); } +} - teardown (cu); +static void +test_token_path (void *path) +{ + assert_str_eq (path, p11_token_get_path (test.token)); } static void -test_token_path (CuTest *cu) +test_token_label (void *path) { - setup (cu, "/wheee"); + assert_str_eq ("Label", p11_token_get_label (test.token)); +} + +static void +test_token_slot (void *path) +{ + assert_num_eq (333, p11_token_get_slot (test.token)); +} + +static void +test_not_writable (void) +{ + p11_token *token; - CuAssertStrEquals (cu, "/wheee", p11_token_get_path (test.token)); + token = p11_token_new (333, "/", "Label"); + assert (!p11_token_is_writable (token)); + p11_token_free (token); - teardown (cu); + token = p11_token_new (333, "", "Label"); + assert (!p11_token_is_writable (token)); + p11_token_free (token); + + token = p11_token_new (333, "/non-existant", "Label"); + assert (!p11_token_is_writable (token)); + p11_token_free (token); } static void -test_token_label (CuTest *cu) +test_writable_exists (void) { - setup (cu, "/wheee"); + char *directory; + p11_token *token; + + directory = p11_path_expand ("$TEMP/test-module.XXXXXX"); + if (!mkdtemp (directory)) + assert_not_reached (); + + token = p11_token_new (333, directory, "Label"); - CuAssertStrEquals (cu, "Label", p11_token_get_label (test.token)); + /* A writable directory since we created it */ + assert (p11_token_is_writable (token)); - teardown (cu); + p11_token_free (token); + + if (rmdir (directory) < 0) + assert_not_reached (); + + free (directory); } static void -test_token_slot (CuTest *cu) +test_writable_no_exist (void) { - setup (cu, "/unneeded"); + char *directory; + p11_token *token; + char *path; + + directory = p11_path_expand ("$TEMP/test-module.XXXXXX"); + if (!mkdtemp (directory)) + assert_not_reached (); - CuAssertIntEquals (cu, 333, p11_token_get_slot (test.token)); + path = p11_path_build (directory, "subdir", NULL); + assert (path != NULL); - teardown (cu); + token = p11_token_new (333, path, "Label"); + free (path); + + /* A writable directory since parent is writable */ + assert (p11_token_is_writable (token)); + + p11_token_free (token); + + if (rmdir (directory) < 0) + assert_not_reached (); + + free (directory); } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); - - SUITE_ADD_TEST (suite, test_token_load); - SUITE_ADD_TEST (suite, test_token_flags); - SUITE_ADD_TEST (suite, test_token_path); - SUITE_ADD_TEST (suite, test_token_label); - SUITE_ADD_TEST (suite, test_token_slot); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_fixture (setup, teardown); + p11_testx (test_token_load, SRCDIR "/input", "/token/load"); + p11_testx (test_token_flags, SRCDIR "/input", "/token/flags"); + + p11_fixture (setup, teardown); + p11_testx (test_token_path, "/wheee", "/token/path"); + p11_testx (test_token_label, "/wheee", "/token/label"); + p11_testx (test_token_slot, "/unneeded", "/token/slot"); + + p11_fixture (NULL, NULL); + p11_test (test_not_writable, "/token/not-writable"); + p11_test (test_writable_exists, "/token/writable-exists"); + p11_test (test_writable_no_exist, "/token/writable-no-exist"); + + return p11_test_run (argc, argv); } diff --git a/trust/tests/test-data.c b/trust/tests/test-trust.c index 6c55fd0..6a22946 100644 --- a/trust/tests/test-data.c +++ b/trust/tests/test-trust.c @@ -33,10 +33,10 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include "attrs.h" -#include "test-data.h" +#include "test-trust.h" #include <assert.h> #include <stdlib.h> @@ -44,9 +44,9 @@ #include <string.h> void -test_check_object_msg (CuTest *cu, - const char *file, +test_check_object_msg (const char *file, int line, + const char *function, CK_ATTRIBUTE *attrs, CK_OBJECT_CLASS klass, const char *label) @@ -61,13 +61,13 @@ test_check_object_msg (CuTest *cu, { CKA_INVALID }, }; - test_check_attrs_msg (cu, file, line, expected, attrs); + test_check_attrs_msg (file, line, function, expected, attrs); } void -test_check_cacert3_ca_msg (CuTest *cu, - const char *file, +test_check_cacert3_ca_msg (const char *file, int line, + const char *function, CK_ATTRIBUTE *attrs, const char *label) { @@ -87,14 +87,14 @@ test_check_cacert3_ca_msg (CuTest *cu, { CKA_INVALID }, }; - test_check_object_msg (cu, file, line, attrs, CKO_CERTIFICATE, label); - test_check_attrs_msg (cu, file, line, expected, attrs); + test_check_object_msg (file, line, function, attrs, CKO_CERTIFICATE, label); + test_check_attrs_msg (file, line, function, expected, attrs); } void -test_check_id_msg (CuTest *cu, - const char *file, +test_check_id_msg (const char *file, int line, + const char *function, CK_ATTRIBUTE *expected, CK_ATTRIBUTE *attr) { @@ -104,13 +104,13 @@ test_check_id_msg (CuTest *cu, one = p11_attrs_find (expected, CKA_ID); two = p11_attrs_find (attr, CKA_ID); - test_check_attr_msg (cu, file, line, CKA_INVALID, one, two); + test_check_attr_msg (file, line, function, CKA_INVALID, one, two); } void -test_check_attrs_msg (CuTest *cu, - const char *file, +test_check_attrs_msg (const char *file, int line, + const char *function, CK_ATTRIBUTE *expected, CK_ATTRIBUTE *attrs) { @@ -122,39 +122,31 @@ test_check_attrs_msg (CuTest *cu, while (!p11_attrs_terminator (expected)) { attr = p11_attrs_find (attrs, expected->type); - test_check_attr_msg (cu, file, line, klass, expected, attr); + test_check_attr_msg (file, line, function, klass, expected, attr); expected++; } } void -test_check_attr_msg (CuTest *cu, - const char *file, +test_check_attr_msg (const char *file, int line, + const char *function, CK_OBJECT_CLASS klass, CK_ATTRIBUTE *expected, CK_ATTRIBUTE *attr) { - char *message; assert (expected != NULL); if (attr == NULL) { - asprintf (&message, "expected %s but found NULL", - p11_attr_to_string (expected, klass)); - CuFail_Line (cu, file, line, "attribute does not match", message); + p11_test_fail (file, line, function, + "attribute does not match: (expected %s but found NULL)", + p11_attr_to_string (expected, klass)); } if (!p11_attr_equal (attr, expected)) { - asprintf (&message, "expected %s but found %s", - p11_attr_to_string (expected, klass), - p11_attr_to_string (attr, klass)); - CuFail_Line (cu, file, line, "attribute does not match", message); + p11_test_fail (file, line, function, + "attribute does not match: (expected %s but found %s)", + p11_attr_to_string (expected, klass), + attr ? p11_attr_to_string (attr, klass) : "(null)"); } } - -void -test_fail_attrs_match (CuTest *cu, - const char *file, - const char *line, - CK_ATTRIBUTE *expect, - CK_ATTRIBUTE *attrs); diff --git a/trust/tests/test-data.h b/trust/tests/test-trust.h index 275dd70..672ae64 100644 --- a/trust/tests/test-data.h +++ b/trust/tests/test-trust.h @@ -39,50 +39,50 @@ #ifndef TEST_DATA_H_ #define TEST_DATA_H_ -#define test_check_object(cu, attrs, klass, label) \ - test_check_object_msg (cu, __FILE__, __LINE__, attrs, klass, label) +#define test_check_object(attrs, klass, label) \ + test_check_object_msg (__FILE__, __LINE__, __FUNCTION__, attrs, klass, label) -void test_check_object_msg (CuTest *cu, - const char *file, +void test_check_object_msg (const char *file, int line, + const char *function, CK_ATTRIBUTE *attrs, CK_OBJECT_CLASS klass, const char *label); -#define test_check_cacert3_ca(cu, attrs, label) \ - test_check_cacert3_ca_msg (cu, __FILE__, __LINE__, attrs, label) +#define test_check_cacert3_ca(attrs, label) \ + test_check_cacert3_ca_msg (__FILE__, __LINE__, __FUNCTION__, attrs, label) -void test_check_cacert3_ca_msg (CuTest *cu, - const char *file, +void test_check_cacert3_ca_msg (const char *file, int line, + const char *function, CK_ATTRIBUTE *attrs, const char *label); -#define test_check_attrs(cu, expected, attrs) \ - test_check_attrs_msg (cu, __FILE__, __LINE__, expected, attrs) +#define test_check_attrs(expected, attrs) \ + test_check_attrs_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs) -void test_check_attrs_msg (CuTest *cu, - const char *file, +void test_check_attrs_msg (const char *file, int line, + const char *function, CK_ATTRIBUTE *expected, CK_ATTRIBUTE *attrs); -#define test_check_attr(cu, expected, attr) \ - test_check_attr_msg (cu, __FILE__, __LINE__, CKA_INVALID, expected, attr) +#define test_check_attr(expected, attr) \ + test_check_attr_msg (__FILE__, __LINE__, __FUNCTION__, CKA_INVALID, expected, attr) -void test_check_attr_msg (CuTest *cu, - const char *file, +void test_check_attr_msg (const char *file, int line, + const char *function, CK_OBJECT_CLASS klass, CK_ATTRIBUTE *expected, CK_ATTRIBUTE *attr); -#define test_check_id(cu, expected, attrs) \ - test_check_id_msg (cu, __FILE__, __LINE__, expected, attrs) +#define test_check_id(expected, attrs) \ + test_check_id_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs) -void test_check_id_msg (CuTest *cu, - const char *file, +void test_check_id_msg (const char *file, int line, + const char *function, CK_ATTRIBUTE *expected, CK_ATTRIBUTE *attr); diff --git a/trust/token.c b/trust/token.c index f48f66b..c5991df 100644 --- a/trust/token.c +++ b/trust/token.c @@ -65,6 +65,9 @@ struct _p11_token { char *label; CK_SLOT_ID slot; int loaded; + + bool checked_writable; + bool is_writable; }; static int @@ -314,3 +317,47 @@ p11_token_index (p11_token *token) return_val_if_fail (token != NULL, NULL); return token->index; } + +static bool +check_writable_directory (const char *path) +{ + struct stat sb; + char *parent; + bool ret; + + if (access (path, W_OK) == 0) + return stat (path, &sb) == 0 && S_ISDIR (sb.st_mode); + + switch (errno) { + case EACCES: + return false; + case ENOENT: + parent = p11_path_parent (path); + if (parent == NULL) + ret = false; + else + ret = check_writable_directory (parent); + free (parent); + return ret; + default: + p11_message ("couldn't access: %s: %s", path, strerror (errno)); + return false; + } +} + +bool +p11_token_is_writable (p11_token *token) +{ + /* + * This function attempts to determine whether a later write + * to this token will succeed so we can setup the appropriate + * token flags. Yes, it is racy, but that's inherent to the problem. + */ + + if (!token->checked_writable) { + token->is_writable = check_writable_directory (token->path); + token->checked_writable = true; + } + + return token->is_writable; +} diff --git a/trust/token.h b/trust/token.h index d7375e7..49140bb 100644 --- a/trust/token.h +++ b/trust/token.h @@ -57,4 +57,6 @@ const char * p11_token_get_label (p11_token *token); CK_SLOT_ID p11_token_get_slot (p11_token *token); +bool p11_token_is_writable (p11_token *token); + #endif /* P11_TOKEN_H_ */ |