Skip to content

Commit

Permalink
Make device be initialized on C_Initialize call
Browse files Browse the repository at this point in the history
return CKR_CRYPTOKI_NOT_INITIALIZED  in other calls when not initialized
  • Loading branch information
sosthene-nitrokey committed Jan 10, 2024
1 parent 631be7e commit ec71b8b
Show file tree
Hide file tree
Showing 16 changed files with 249 additions and 287 deletions.
42 changes: 17 additions & 25 deletions pkcs11/src/api/decrypt.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,6 @@ pub extern "C" fn C_DecryptInit(
) -> cryptoki_sys::CK_RV {
trace!("C_DecryptInit() called");

ensure_init!();

let raw_mech = match unsafe { CkRawMechanism::from_raw_ptr(pMechanism) } {
Some(mech) => mech,
None => {
Expand Down Expand Up @@ -47,8 +45,6 @@ pub extern "C" fn C_Decrypt(
) -> cryptoki_sys::CK_RV {
trace!("C_Decrypt() called");

ensure_init!();

lock_session!(hSession, session);

if pulDataLen.is_null() || pEncryptedData.is_null() {
Expand Down Expand Up @@ -138,8 +134,6 @@ pub extern "C" fn C_DecryptFinal(
) -> cryptoki_sys::CK_RV {
trace!("C_DecryptFinal() called");

ensure_init!();

lock_session!(hSession, session);

if pulLastPartLen.is_null() {
Expand Down Expand Up @@ -204,31 +198,29 @@ pub extern "C" fn C_DecryptVerifyUpdate(
) -> cryptoki_sys::CK_RV {
trace!("C_DecryptVerifyUpdate() called");

ensure_init!();

cryptoki_sys::CKR_FUNCTION_NOT_SUPPORTED
}

#[cfg(test)]
mod tests {

use super::*;
use crate::{backend::slot::set_test_config_env, data::SESSION_MANAGER};
use crate::{backend::slot::init_for_tests, data::SESSION_MANAGER};

fn setup_session() -> cryptoki_sys::CK_SESSION_HANDLE {
SESSION_MANAGER.lock().unwrap().setup_dummy_session()
}

#[test]
fn test_decrypt_init_null_mech() {
set_test_config_env();
init_for_tests();
let rv = C_DecryptInit(0, std::ptr::null_mut(), 0);
assert_eq!(rv, cryptoki_sys::CKR_ARGUMENTS_BAD);
}

#[test]
fn test_decrypt_init_unknown_mech() {
set_test_config_env();
init_for_tests();
let mut mech = cryptoki_sys::CK_MECHANISM {
mechanism: 15000, // doesn't exist
pParameter: std::ptr::null_mut(),
Expand All @@ -241,7 +233,7 @@ mod tests {

#[test]
fn test_decrypt_init_invalid_session() {
set_test_config_env();
init_for_tests();
SESSION_MANAGER.lock().unwrap().delete_session(0);

let mut mech = cryptoki_sys::CK_MECHANISM {
Expand All @@ -256,7 +248,7 @@ mod tests {

#[test]
fn test_decrypt_invalid_session() {
set_test_config_env();
init_for_tests();
SESSION_MANAGER.lock().unwrap().delete_session(0);

let rv = C_Decrypt(
Expand All @@ -271,7 +263,7 @@ mod tests {

#[test]
fn test_decrypt_null_data_len() {
set_test_config_env();
init_for_tests();
let mut pEncryptedData = [0u8; 32];

let session_handle = setup_session();
Expand All @@ -288,7 +280,7 @@ mod tests {

#[test]
fn test_decrypt_null_encrypted_data() {
set_test_config_env();
init_for_tests();
let mut pulDataLen = 0;

let session_handle = setup_session();
Expand All @@ -305,7 +297,7 @@ mod tests {

#[test]
fn test_decrypt_null_data() {
set_test_config_env();
init_for_tests();
let mut pulDataLen = 0;

let session_handle = setup_session();
Expand All @@ -324,7 +316,7 @@ mod tests {

#[test]
fn test_decrypt_update_invalid_session() {
set_test_config_env();
init_for_tests();
SESSION_MANAGER.lock().unwrap().delete_session(0);

let rv = C_DecryptUpdate(
Expand All @@ -339,7 +331,7 @@ mod tests {

#[test]
fn test_decrypt_update_null_encrypted_part() {
set_test_config_env();
init_for_tests();
let session_handle = setup_session();

let mut pulPartLen = 0;
Expand All @@ -357,7 +349,7 @@ mod tests {

#[test]
fn test_decrypt_update_null_part_len() {
set_test_config_env();
init_for_tests();
let session_handle = setup_session();

let mut pEncryptedPart = [0u8; 32];
Expand All @@ -375,7 +367,7 @@ mod tests {

#[test]
fn test_decrypt_update_operation_not_initialized() {
set_test_config_env();
init_for_tests();
let session_handle = setup_session();

let mut pEncryptedPart = [0u8; 32];
Expand All @@ -394,7 +386,7 @@ mod tests {

#[test]
fn test_decrypt_final_invalid_session() {
set_test_config_env();
init_for_tests();
SESSION_MANAGER.lock().unwrap().delete_session(0);

let mut pulLastPartLen = 0;
Expand All @@ -405,7 +397,7 @@ mod tests {

#[test]
fn test_decrypt_final_null_last_part_len() {
set_test_config_env();
init_for_tests();
let session_handle = setup_session();

let mut lastPart = [0u8; 32];
Expand All @@ -416,7 +408,7 @@ mod tests {

#[test]
fn test_decrypt_final_operation_not_initialized() {
set_test_config_env();
init_for_tests();
let session_handle = setup_session();

let mut lastPart = [0u8; 32];
Expand All @@ -428,7 +420,7 @@ mod tests {

// #[test]
// fn test_decrypt_final_null_last_part() {
// set_test_config_env();
// init_for_tests();
// let session_handle = setup_session();

// let mut pulLastPartLen = 0;
Expand All @@ -440,7 +432,7 @@ mod tests {
// unsupported function
#[test]
fn test_decrypt_verify_update() {
set_test_config_env();
init_for_tests();
let rv = C_DecryptVerifyUpdate(
0,
std::ptr::null_mut(),
Expand Down
28 changes: 8 additions & 20 deletions pkcs11/src/api/digest.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,6 @@ pub extern "C" fn C_DigestInit(
) -> cryptoki_sys::CK_RV {
trace!("C_DigestInit() called");

ensure_init!();

if pMechanism.is_null() {
return cryptoki_sys::CKR_ARGUMENTS_BAD;
}
Expand All @@ -28,8 +26,6 @@ pub extern "C" fn C_Digest(
) -> cryptoki_sys::CK_RV {
trace!("C_Digest() called");

ensure_init!();

if pData.is_null() || pDigest.is_null() || pulDigestLen.is_null() {
return cryptoki_sys::CKR_ARGUMENTS_BAD;
}
Expand All @@ -44,8 +40,6 @@ pub extern "C" fn C_DigestUpdate(
) -> cryptoki_sys::CK_RV {
trace!("C_DigestUpdate() called");

ensure_init!();

if pPart.is_null() {
return cryptoki_sys::CKR_ARGUMENTS_BAD;
}
Expand All @@ -60,8 +54,6 @@ pub extern "C" fn C_DigestFinal(
) -> cryptoki_sys::CK_RV {
trace!("C_DigestFinal() called");

ensure_init!();

if pDigest.is_null() || pulDigestLen.is_null() {
return cryptoki_sys::CKR_ARGUMENTS_BAD;
}
Expand All @@ -75,8 +67,6 @@ pub extern "C" fn C_DigestKey(
) -> cryptoki_sys::CK_RV {
trace!("C_DigestKey() called");

ensure_init!();

cryptoki_sys::CKR_FUNCTION_NOT_SUPPORTED
}

Expand All @@ -88,7 +78,6 @@ pub extern "C" fn C_DigestEncryptUpdate(
pulEncryptedPartLen: cryptoki_sys::CK_ULONG_PTR,
) -> cryptoki_sys::CK_RV {
trace!("C_DigestEncryptUpdate() called");
ensure_init!();

cryptoki_sys::CKR_FUNCTION_NOT_SUPPORTED
}
Expand All @@ -101,7 +90,6 @@ pub extern "C" fn C_DecryptDigestUpdate(
pulPartLen: cryptoki_sys::CK_ULONG_PTR,
) -> cryptoki_sys::CK_RV {
trace!("C_DecryptDigestUpdate() called ");
ensure_init!();

cryptoki_sys::CKR_FUNCTION_NOT_SUPPORTED
}
Expand All @@ -110,12 +98,12 @@ pub extern "C" fn C_DecryptDigestUpdate(
mod tests {
use cryptoki_sys::CK_ULONG;

use crate::backend::slot::set_test_config_env;
use crate::backend::slot::init_for_tests;

use super::*;
#[test]
fn test_digest_init() {
set_test_config_env();
init_for_tests();
let rv = C_DigestInit(0, std::ptr::null_mut());
assert_eq!(rv, cryptoki_sys::CKR_ARGUMENTS_BAD);

Expand All @@ -131,7 +119,7 @@ mod tests {

#[test]
fn test_digest() {
set_test_config_env();
init_for_tests();
let rv = C_Digest(
0,
std::ptr::null_mut(),
Expand All @@ -157,7 +145,7 @@ mod tests {

#[test]
fn test_digest_update() {
set_test_config_env();
init_for_tests();
let rv = C_DigestUpdate(0, std::ptr::null_mut(), 0 as CK_ULONG);
assert_eq!(rv, cryptoki_sys::CKR_ARGUMENTS_BAD);

Expand All @@ -169,7 +157,7 @@ mod tests {

#[test]
fn test_digest_final() {
set_test_config_env();
init_for_tests();
let rv = C_DigestFinal(0, std::ptr::null_mut(), std::ptr::null_mut());
assert_eq!(rv, cryptoki_sys::CKR_ARGUMENTS_BAD);

Expand All @@ -182,14 +170,14 @@ mod tests {

#[test]
fn test_digest_key() {
set_test_config_env();
init_for_tests();
let rv = C_DigestKey(0, 0);
assert_eq!(rv, cryptoki_sys::CKR_FUNCTION_NOT_SUPPORTED);
}

#[test]
fn test_digest_encrypt_update() {
set_test_config_env();
init_for_tests();
let mut encrypted_part_len: CK_ULONG = 0;
let mut encrypted_part: Vec<u8> = Vec::new();
let mut part: Vec<u8> = Vec::new();
Expand All @@ -206,7 +194,7 @@ mod tests {

#[test]
fn test_decrypt_digest_update() {
set_test_config_env();
init_for_tests();
let mut encrypted_part_len: CK_ULONG = 0;
let mut encrypted_part: Vec<u8> = Vec::new();
let mut part: Vec<u8> = Vec::new();
Expand Down
Loading

0 comments on commit ec71b8b

Please sign in to comment.