1 /*
2 * p11test_case_usage.c: Check if the usage flags are sane
3 *
4 * Copyright (C) 2016, 2017 Red Hat, Inc.
5 *
6 * Author: Jakub Jelen <jjelen@redhat.com>
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21 #include "p11test_case_usage.h"
22
usage_test(void ** state)23 void usage_test(void **state) {
24 unsigned int i;
25 int errors = 0;
26 token_info_t *info = (token_info_t *) *state;
27
28 test_certs_t objects;
29 objects.count = 0;
30 objects.data = NULL;
31
32 P11TEST_START(info);
33 search_for_all_objects(&objects, info);
34
35 debug_print("Check if the usage flags are sane.\n");
36 for (i = 0; i < objects.count; i++) {
37 /* Ignore if there is missing private key */
38 if (objects.data[i].private_handle == CK_INVALID_HANDLE)
39 continue;
40
41 /* The usage flags are paired */
42 if (objects.data[i].sign && !objects.data[i].verify) {
43 errors++;
44 fprintf(stderr, " [ ERROR %s ] If Sign is set, Verify should be set too.\n",
45 objects.data[i].id_str);
46 }
47 if (objects.data[i].decrypt && !objects.data[i].encrypt) {
48 errors++;
49 fprintf(stderr, " [ ERROR %s ] If Decrypt is set, Encrypt should be set too.\n",
50 objects.data[i].id_str);
51 }
52 if (objects.data[i].unwrap && !objects.data[i].wrap) {
53 errors++;
54 fprintf(stderr, " [ ERROR %s ] If Unwrap is set, Wrap should be set too.\n",
55 objects.data[i].id_str);
56 }
57 if (objects.data[i].derive_pub != objects.data[i].derive_priv) {
58 errors++;
59 fprintf(stderr, " [ ERROR %s ] Derive should be set on both private and public part.\n",
60 objects.data[i].id_str);
61 }
62
63 /* We have at least one usage flag for every key group */
64 if (! objects.data[i].sign && ! objects.data[i].verify &&
65 ! objects.data[i].encrypt && ! objects.data[i].decrypt &&
66 ! objects.data[i].wrap && ! objects.data[i].unwrap &&
67 ! objects.data[i].derive_pub && ! objects.data[i].derive_priv) {
68 errors++;
69 fprintf(stderr, " [ ERROR %s ] Key group should have at least one usage flag.\n",
70 objects.data[i].id_str);
71 }
72 }
73
74 /* print summary */
75 printf("[KEY ID] [LABEL]\n");
76 printf("[ TYPE ] [ SIZE ] [PUBLIC] [SIGN&VERIFY] [ENC&DECRYPT] [WRAP&UNWR] [ DERIVE ] [ALWAYS_AUTH]\n");
77 P11TEST_DATA_ROW(info, 14,
78 's', "KEY ID",
79 's', "LABEL",
80 's', "TYPE",
81 's', "BITS",
82 's', "VERIFY PUBKEY",
83 's', "SIGN",
84 's', "VERIFY",
85 's', "ENCRYPT",
86 's', "DECRYPT",
87 's', "WRAP",
88 's', "UNWRAP",
89 's', "DERIVE PUBLIC",
90 's', "DERIVE PRIVATE",
91 's', "ALWAYS AUTH");
92 for (i = 0; i < objects.count; i++) {
93 printf("\n[%-6s] [%s]\n",
94 objects.data[i].id_str,
95 objects.data[i].label);
96
97 /* Ignore if there is missing private key */
98 if (objects.data[i].private_handle == CK_INVALID_HANDLE)
99 continue;
100
101 printf("[ %s ] [%6lu] [ %s ] [%s%s] [%s%s] [%s %s] [%s%s] [ %s ]\n",
102 (objects.data[i].key_type == CKK_RSA ? "RSA " :
103 objects.data[i].key_type == CKK_EC ? " EC " :
104 objects.data[i].key_type == CKK_EC_EDWARDS ? "EC_E" :
105 objects.data[i].key_type == CKK_EC_MONTGOMERY ? "EC_M" : " ?? "),
106 objects.data[i].bits,
107 objects.data[i].verify_public == 1 ? " ./ " : " ",
108 objects.data[i].sign ? "[./] " : "[ ] ",
109 objects.data[i].verify ? " [./] " : " [ ] ",
110 objects.data[i].encrypt ? "[./] " : "[ ] ",
111 objects.data[i].decrypt ? " [./] " : " [ ] ",
112 objects.data[i].wrap ? "[./]" : "[ ]",
113 objects.data[i].unwrap ? "[./]" : "[ ]",
114 objects.data[i].derive_pub ? "[./]" : "[ ]",
115 objects.data[i].derive_priv ? "[./]" : "[ ]",
116 objects.data[i].always_auth ? "[./]" : "[ ]");
117 P11TEST_DATA_ROW(info, 14,
118 's', objects.data[i].id_str,
119 's', objects.data[i].label,
120 's', (objects.data[i].key_type == CKK_RSA ? "RSA" :
121 objects.data[i].key_type == CKK_EC ? "EC" :
122 objects.data[i].key_type == CKK_EC_EDWARDS ? "EC_E" :
123 objects.data[i].key_type == CKK_EC_MONTGOMERY ? "EC_M" : " ?? "),
124 'd', objects.data[i].bits,
125 's', objects.data[i].verify_public == 1 ? "YES" : "",
126 's', objects.data[i].sign ? "YES" : "",
127 's', objects.data[i].verify ? "YES" : "",
128 's', objects.data[i].encrypt ? "YES" : "",
129 's', objects.data[i].decrypt ? "YES" : "",
130 's', objects.data[i].wrap ? "YES" : "",
131 's', objects.data[i].unwrap ? "YES" : "",
132 's', objects.data[i].derive_pub ? "YES" : "",
133 's', objects.data[i].derive_priv ? "YES" : "",
134 's', objects.data[i].always_auth ? "YES" : "");
135 }
136 printf(" Public == Cert -----^ ^-----^ ^-----^ ^----^ ^---^\n");
137 printf(" Sign & Verify Attributes ------' | | |\n");
138 printf(" Encrypt & Decrypt Attributes ----------------' | |\n");
139 printf(" Wrap & Unwrap Attributes ---------------------------------' |\n");
140 printf(" Public and Private key Derive Attributes -----------------------------'\n");
141
142 clean_all_objects(&objects);
143 if (errors > 0)
144 P11TEST_FAIL(info, "Not all the usage flags were successfully verified. See the verbose log.");
145 P11TEST_PASS(info);
146 }
147