From 7a086ff9ff65818536eb80547337afb1cf88fc4d Mon Sep 17 00:00:00 2001 From: "Ching-Hsin,Lee" Date: Thu, 16 May 2024 02:53:24 +0000 Subject: [PATCH 1/4] Add more unit test to cover code_pkcs11.c --- source/core_pkcs11.c | 62 ++++++------- test/wrapper_utest/core_pkcs11_utest.c | 115 ++++++++++++++++++------- 2 files changed, 107 insertions(+), 70 deletions(-) diff --git a/source/core_pkcs11.c b/source/core_pkcs11.c index 1a968842..5dd1dd17 100644 --- a/source/core_pkcs11.c +++ b/source/core_pkcs11.c @@ -41,35 +41,6 @@ /*-----------------------------------------------------------*/ -/** @brief Open a PKCS #11 Session. - * - * \param[out] pxSession Pointer to the session handle to be created. - * \param[out] xSlotId Slot ID to be used for the session. - * - * \return CKR_OK or PKCS #11 error code. (PKCS #11 error codes are positive). - */ -static CK_RV prvOpenSession( CK_SESSION_HANDLE * pxSession, - CK_SLOT_ID xSlotId ) -{ - CK_RV xResult; - CK_FUNCTION_LIST_PTR pxFunctionList; - - xResult = C_GetFunctionList( &pxFunctionList ); - - if( ( xResult == CKR_OK ) && ( pxFunctionList != NULL ) && ( pxFunctionList->C_OpenSession != NULL ) ) - { - xResult = pxFunctionList->C_OpenSession( xSlotId, - CKF_SERIAL_SESSION | CKF_RW_SESSION, - NULL, /* Application defined pointer. */ - NULL, /* Callback function. */ - pxSession ); - } - - return xResult; -} - -/*-----------------------------------------------------------*/ - CK_RV xGetSlotList( CK_SLOT_ID ** ppxSlotId, CK_ULONG * pxSlotCount ) { @@ -210,9 +181,7 @@ CK_RV xInitializePkcs11Token( void ) xResult = xGetSlotList( &pxSlotId, &xSlotCount ); } - if( ( xResult == CKR_OK ) && - ( NULL != pxFunctionList->C_GetTokenInfo ) && - ( NULL != pxFunctionList->C_InitToken ) ) + if( xResult == CKR_OK ) { /* Check if the token requires further initialization. */ /* MISRA Ref 11.5.1 [Void pointer assignment] */ @@ -270,13 +239,21 @@ CK_RV xInitializePkcs11Session( CK_SESSION_HANDLE * pxSession ) CK_FUNCTION_LIST_PTR pxFunctionList = NULL; CK_ULONG xSlotCount = 0; - xResult = C_GetFunctionList( &pxFunctionList ); - if( pxSession == NULL ) { xResult = CKR_ARGUMENTS_BAD; } + if( xResult == CKR_OK ) + { + xResult = C_GetFunctionList( &pxFunctionList ); + + if( ( xResult == CKR_OK ) && ( pxFunctionList == NULL ) ) + { + xResult = CKR_FUNCTION_FAILED; + } + } + /* Initialize the module. */ if( xResult == CKR_OK ) { @@ -295,19 +272,30 @@ CK_RV xInitializePkcs11Session( CK_SESSION_HANDLE * pxSession ) } /* Open a PKCS #11 session. */ - if( ( xResult == CKR_OK ) && ( pxSlotId != NULL ) && ( xSlotCount >= 1UL ) ) + if( ( xResult == CKR_OK ) && ( xSlotCount >= 1UL ) ) { /* We will take the first slot available. * If your application has multiple slots, insert logic * for selecting an appropriate slot here. */ - xResult = prvOpenSession( pxSession, pxSlotId[ 0 ] ); + if( pxFunctionList->C_OpenSession != NULL ) + { + xResult = pxFunctionList->C_OpenSession( pxSlotId[ 0 ], + CKF_SERIAL_SESSION | CKF_RW_SESSION, + NULL, /* Application defined pointer. */ + NULL, /* Callback function. */ + pxSession ); + } + else + { + xResult = CKR_FUNCTION_FAILED; + } /* Free the memory allocated by xGetSlotList. */ pkcs11configPKCS11_FREE( pxSlotId ); } - if( ( xResult == CKR_OK ) && ( pxFunctionList != NULL ) && ( pxFunctionList->C_Login != NULL ) ) + if( ( xResult == CKR_OK ) && ( pxFunctionList->C_Login != NULL ) ) { xResult = pxFunctionList->C_Login( *pxSession, CKU_USER, diff --git a/test/wrapper_utest/core_pkcs11_utest.c b/test/wrapper_utest/core_pkcs11_utest.c index f26d7f51..b41fea0b 100644 --- a/test/wrapper_utest/core_pkcs11_utest.c +++ b/test/wrapper_utest/core_pkcs11_utest.c @@ -177,32 +177,13 @@ static CK_RV prvSetFunctionList( CK_FUNCTION_LIST_PTR_PTR ppxPtr ) } /*! - * @brief Create a stub for the PKCS #11 function list. - * - * Fails on the fourth call in order to create coverage for a nested branch. + * @brief Return empty function list * */ -static CK_RV prvSetFunctionList2( CK_FUNCTION_LIST_PTR_PTR ppxPtr ) +static CK_RV prvSetFunctionListEmpty( CK_FUNCTION_LIST_PTR_PTR ppxPtr ) { - static uint32_t ulCalls = 0; - CK_RV xResult = CKR_OK; - - ulCalls++; - - /* This case is specifically for the scenario in which prvOpenSession - * receives a failure when accessing C_GetFunctionList, which would be - * the 4th call to C_GetFunctionList in the call stack. */ - if( ulCalls == 4 ) - { - xResult = CKR_ARGUMENTS_BAD; - *ppxPtr = NULL; - } - else - { - *ppxPtr = &prvP11FunctionList; - } - - return xResult; + *ppxPtr = NULL; + return CKR_OK; } /*! @@ -346,6 +327,37 @@ void test_IotPkcs11_xInitializePkcs11BadFunctionList( void ) TEST_ASSERT_EQUAL( CKR_DEVICE_ERROR, xResult ); } +/*! + * @brief xInitializePKCS11 failed due to empty function list. + * + */ +void test_IotPkcs11_xInitializePkcs11EmptyFunctionList( void ) +{ + CK_RV xResult = CKR_OK; + + C_GetFunctionList_IgnoreAndReturn( CKR_OK ); + C_GetFunctionList_Stub( ( void * ) &prvSetFunctionListEmpty ); + xResult = xInitializePKCS11(); + + TEST_ASSERT_EQUAL( CKR_DEVICE_ERROR, xResult ); +} + +/*! + * @brief xInitializePKCS11 failed due to no C_Initialize. + * + */ +void test_IotPkcs11_xInitializePkcs11NoC_Initialize( void ) +{ + CK_RV xResult = CKR_OK; + + vCommonStubs(); + prvP11FunctionList.C_Initialize = NULL; + xResult = xInitializePKCS11(); + prvP11FunctionList.C_Initialize = C_Initialize; + + TEST_ASSERT_EQUAL( CKR_DEVICE_ERROR, xResult ); +} + /*! * @brief xGetSlotList happy path. * @@ -370,6 +382,25 @@ void test_IotPkcs11_xGetSlotList( void ) vPkcs11FreeCb( pxSlotId, 1 ); } +/*! + * @brief xGetSlotList host memory error. + * + */ +void test_IotPkcs11_xGetSlotListHostMemoryError( void ) +{ + CK_RV xResult = CKR_OK; + CK_SLOT_ID_PTR pxSlotId = NULL; + CK_ULONG xSlotCount = 0; + CK_ULONG xExpectedSlotCount = SIZE_MAX; + + vCommonStubs(); + C_GetSlotList_ExpectAnyArgsAndReturn( CKR_OK ); + C_GetSlotList_ReturnThruPtr_pulCount( &xExpectedSlotCount ); + + xResult = xGetSlotList( &pxSlotId, &xSlotCount ); + TEST_ASSERT_EQUAL( CKR_HOST_MEMORY, xResult ); +} + /*! * @brief xGetSlotList failed to get function list. * @@ -721,6 +752,27 @@ void test_IotPkcs11_xInitializePkcs11Session( void ) TEST_ASSERT_EQUAL( CKR_OK, xResult ); } +/*! + * @brief xInitializePkcs11Session C_OpenSession is not supported in the function list. + * + */ +void test_IotPkcs11_xInitializePkcs11SessionNoC_OpenSession( void ) +{ + CK_RV xResult = CKR_OK; + CK_SESSION_HANDLE xHandle = { 0 }; + + vCommonStubs(); + C_GetSlotList_Stub( ( void * ) xGet1Item ); + pvPkcs11Malloc_Stub( pvPkcs11MallocCb ); + vPkcs11Free_Stub( vPkcs11FreeCb ); + + prvP11FunctionList.C_OpenSession = NULL; + xResult = xInitializePkcs11Session( &xHandle ); + prvP11FunctionList.C_OpenSession = C_OpenSession; + + TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); +} + /*! * @brief xInitializePkcs11Session C_Login is a NULL function path. * @@ -753,7 +805,6 @@ void test_IotPkcs11_xInitializePkcs11SessionBadArgs( void ) { CK_RV xResult = CKR_OK; - vCommonStubs(); xResult = xInitializePkcs11Session( NULL ); TEST_ASSERT_EQUAL( CKR_ARGUMENTS_BAD, xResult ); @@ -775,23 +826,21 @@ void test_IotPkcs11_xInitializePkcs11SessionBadFunctionList( void ) } /*! - * @brief xInitializePkcs11Session C_GetFunctionList failure path. + * @brief xInitializePkcs11Session C_GetFunctionList returns empty function list. * - * Fails on the second call to C_GetFunctionList. */ -void test_IotPkcs11_xInitializePkcs11SessionBadFunctionList2( void ) + +void test_IotPkcs11_xInitializePkcs11SessionEmptyFunctionList( void ) { CK_RV xResult = CKR_OK; CK_SESSION_HANDLE xHandle = { 0 }; - C_GetFunctionList_Stub( ( void * ) &prvSetFunctionList2 ); - C_Initialize_IgnoreAndReturn( CKR_OK ); - C_GetSlotList_Stub( ( void * ) xGet1Item ); - pvPkcs11Malloc_Stub( pvPkcs11MallocCb ); - vPkcs11Free_Stub( vPkcs11FreeCb ); + C_GetFunctionList_IgnoreAndReturn( CKR_OK ); + C_GetFunctionList_Stub( ( void * ) &prvSetFunctionListEmpty ); + xResult = xInitializePkcs11Session( &xHandle ); - TEST_ASSERT_EQUAL( CKR_ARGUMENTS_BAD, xResult ); + TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); } /*! From 2104309bfa88dff8841c3cf070c5a9c03da35c61 Mon Sep 17 00:00:00 2001 From: "Ching-Hsin,Lee" Date: Thu, 16 May 2024 03:01:27 +0000 Subject: [PATCH 2/4] Update file size --- docs/doxygen/include/size_table.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/doxygen/include/size_table.md b/docs/doxygen/include/size_table.md index 6d7063ae..af9eaf07 100644 --- a/docs/doxygen/include/size_table.md +++ b/docs/doxygen/include/size_table.md @@ -10,7 +10,7 @@ core_pkcs11.c
0.8K
-
0.8K
+
0.7K
core_pki_utils.c @@ -25,6 +25,6 @@ Total estimates
10.3K
 -
8.6K
 +
8.5K
 From b0e2fbf082deca3462dc1a09e4707b874313854e Mon Sep 17 00:00:00 2001 From: "Ching-Hsin,Lee" Date: Thu, 16 May 2024 03:08:30 +0000 Subject: [PATCH 3/4] Add more unit test --- test/wrapper_utest/core_pkcs11_utest.c | 60 ++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/test/wrapper_utest/core_pkcs11_utest.c b/test/wrapper_utest/core_pkcs11_utest.c index b41fea0b..aeefc446 100644 --- a/test/wrapper_utest/core_pkcs11_utest.c +++ b/test/wrapper_utest/core_pkcs11_utest.c @@ -947,3 +947,63 @@ void test_IotPkcs11_xFindObjectWithLabelAndClassBadFunctionList( void ) TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); } + +/*! + * @brief xFindObjectWithLabelAndClass no C_FindObjectsInit. + * + */ +void test_IotPkcs11_xFindObjectWithLabelAndClassNoC_FindObjectsInit( void ) +{ + CK_RV xResult = CKR_OK; + CK_SESSION_HANDLE xHandle = { 0 }; + CK_OBJECT_HANDLE xPrivateKeyHandle = { 0 }; + + vCommonStubs(); + prvP11FunctionList.C_FindObjectsInit = NULL; + xResult = xFindObjectWithLabelAndClass( xHandle, + pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS, + strlen( pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS ), + CKO_PRIVATE_KEY, &xPrivateKeyHandle ); + prvP11FunctionList.C_FindObjectsInit = C_FindObjectsInit; + TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); +} + +/*! + * @brief xFindObjectWithLabelAndClass no C_FindObjects. + * + */ +void test_IotPkcs11_xFindObjectWithLabelAndClassNoC_FindObjects( void ) +{ + CK_RV xResult = CKR_OK; + CK_SESSION_HANDLE xHandle = { 0 }; + CK_OBJECT_HANDLE xPrivateKeyHandle = { 0 }; + + vCommonStubs(); + prvP11FunctionList.C_FindObjects = NULL; + xResult = xFindObjectWithLabelAndClass( xHandle, + pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS, + strlen( pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS ), + CKO_PRIVATE_KEY, &xPrivateKeyHandle ); + prvP11FunctionList.C_FindObjects = C_FindObjects; + TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); +} + +/*! + * @brief xFindObjectWithLabelAndClass no C_FindObjectsFinal. + * + */ +void test_IotPkcs11_xFindObjectWithLabelAndClassNoC_FindObjectsFinal( void ) +{ + CK_RV xResult = CKR_OK; + CK_SESSION_HANDLE xHandle = { 0 }; + CK_OBJECT_HANDLE xPrivateKeyHandle = { 0 }; + + vCommonStubs(); + prvP11FunctionList.C_FindObjectsFinal = NULL; + xResult = xFindObjectWithLabelAndClass( xHandle, + pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS, + strlen( pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS ), + CKO_PRIVATE_KEY, &xPrivateKeyHandle ); + prvP11FunctionList.C_FindObjectsFinal = C_FindObjectsFinal; + TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); +} From da9e3a84722771f9454ee3428f6a16cfbe57d2ae Mon Sep 17 00:00:00 2001 From: "Ching-Hsin,Lee" Date: Thu, 16 May 2024 04:13:14 +0000 Subject: [PATCH 4/4] Fix for CBMC --- source/core_pkcs11.c | 19 ++--- test/wrapper_utest/core_pkcs11_utest.c | 97 +++++++++++++++++++++++++- 2 files changed, 107 insertions(+), 9 deletions(-) diff --git a/source/core_pkcs11.c b/source/core_pkcs11.c index 5dd1dd17..eb595601 100644 --- a/source/core_pkcs11.c +++ b/source/core_pkcs11.c @@ -164,21 +164,24 @@ CK_RV xInitializePkcs11Token( void ) CK_FLAGS xTokenFlags = 0; CK_TOKEN_INFO_PTR pxTokenInfo = NULL; - xResult = C_GetFunctionList( &pxFunctionList ); + xResult = xInitializePKCS11(); - if( ( pxFunctionList == NULL ) || ( pxFunctionList->C_GetTokenInfo == NULL ) || ( pxFunctionList->C_InitToken == NULL ) ) + if( ( xResult == CKR_OK ) || ( xResult == CKR_CRYPTOKI_ALREADY_INITIALIZED ) ) { - xResult = CKR_FUNCTION_FAILED; + xResult = xGetSlotList( &pxSlotId, &xSlotCount ); } if( xResult == CKR_OK ) { - xResult = xInitializePKCS11(); - } + xResult = C_GetFunctionList( &pxFunctionList ); - if( ( xResult == CKR_OK ) || ( xResult == CKR_CRYPTOKI_ALREADY_INITIALIZED ) ) - { - xResult = xGetSlotList( &pxSlotId, &xSlotCount ); + if( xResult == CKR_OK ) + { + if( ( pxFunctionList == NULL ) || ( pxFunctionList->C_GetTokenInfo == NULL ) || ( pxFunctionList->C_InitToken == NULL ) ) + { + xResult = CKR_FUNCTION_FAILED; + } + } } if( xResult == CKR_OK ) diff --git a/test/wrapper_utest/core_pkcs11_utest.c b/test/wrapper_utest/core_pkcs11_utest.c index aeefc446..a2cd04fc 100644 --- a/test/wrapper_utest/core_pkcs11_utest.c +++ b/test/wrapper_utest/core_pkcs11_utest.c @@ -176,6 +176,58 @@ static CK_RV prvSetFunctionList( CK_FUNCTION_LIST_PTR_PTR ppxPtr ) return CKR_OK; } +/*! + * @brief Create a stub for the PKCS #11 function list. + * + * Fails on the fourth call in order to create coverage for a nested branch. + * + */ +static CK_RV prvSetFunctionList2( CK_FUNCTION_LIST_PTR_PTR ppxPtr ) +{ + static uint32_t ulCalls = 0; + CK_RV xResult = CKR_OK; + + ulCalls++; + + if( ulCalls == 3 ) + { + xResult = CKR_ARGUMENTS_BAD; + *ppxPtr = NULL; + } + else + { + *ppxPtr = &prvP11FunctionList; + } + + return xResult; +} + +/*! + * @brief Create a stub for the PKCS #11 function list. + * + * Fails on the fourth call in order to create coverage for a nested branch. + * + */ +static CK_RV prvSetFunctionList3( CK_FUNCTION_LIST_PTR_PTR ppxPtr ) +{ + static uint32_t ulCalls = 0; + CK_RV xResult = CKR_OK; + + ulCalls++; + + if( ulCalls == 3 ) + { + xResult = CKR_OK; + *ppxPtr = NULL; + } + else + { + *ppxPtr = &prvP11FunctionList; + } + + return xResult; +} + /*! * @brief Return empty function list * @@ -552,6 +604,23 @@ void test_IotPkcs11_xInitializePkcs11TokenAlreadyInit( void ) TEST_ASSERT_EQUAL( CKR_OK, xResult ); } +/*! + * @brief xInitializePkcs11Token xInitializePKCS11 return error. + * + */ +void test_IotPkcs11_xInitializePkcs11TokenInitFailed( void ) +{ + CK_RV xResult = CKR_OK; + + C_GetFunctionList_IgnoreAndReturn( CKR_OK ); + C_GetFunctionList_Stub( ( void * ) &prvSetFunctionList ); + C_Initialize_IgnoreAndReturn( CKR_GENERAL_ERROR ); + + xResult = xInitializePkcs11Token(); + + TEST_ASSERT_EQUAL( CKR_GENERAL_ERROR, xResult ); +} + /*! * @brief xInitializePkcs11Token C_GetTokenInfo failure due to memory constraint. * @@ -617,7 +686,33 @@ void test_IotPkcs11_xInitializePkcs11TokenBadFunctionList( void ) { CK_RV xResult = CKR_OK; - C_GetFunctionList_IgnoreAndReturn( CKR_ARGUMENTS_BAD ); + C_GetFunctionList_IgnoreAndReturn( CKR_OK ); + C_GetFunctionList_Stub( ( void * ) &prvSetFunctionList2 ); + C_Initialize_IgnoreAndReturn( CKR_OK ); + pvPkcs11Malloc_Stub( pvPkcs11MallocCb ); + vPkcs11Free_Stub( vPkcs11FreeCb ); + C_GetSlotList_Stub( ( void * ) xGet1Item ); + + xResult = xInitializePkcs11Token(); + + TEST_ASSERT_EQUAL( CKR_ARGUMENTS_BAD, xResult ); +} + +/*! + * @brief xInitializePkcs11Token failure due to bad C_GetFunctionList. + * + */ +void test_IotPkcs11_xInitializePkcs11TokenEmptyFunctionList( void ) +{ + CK_RV xResult = CKR_OK; + + C_GetFunctionList_IgnoreAndReturn( CKR_OK ); + C_GetFunctionList_Stub( ( void * ) &prvSetFunctionList3 ); + C_Initialize_IgnoreAndReturn( CKR_OK ); + pvPkcs11Malloc_Stub( pvPkcs11MallocCb ); + vPkcs11Free_Stub( vPkcs11FreeCb ); + C_GetSlotList_Stub( ( void * ) xGet1Item ); + xResult = xInitializePkcs11Token(); TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );