Add more pkcs11 tests

PKCS11.md

@@ -6,12 +6,12 @@ and set the following environment variables:
 
 ```
 TEST_PKCS11_LIB = <path-to-shared-lib>
-TEST_PKCS11_TOKEN_LABEL = <token-label>
-TEST_PKCS11_PIN = <pin-for-logging-into-token>
-TEST_PKCS11_PKEY_LABEL = <private-key-label>
-TEST_PKCS11_CERT_FILE = <path-to-PEM-encoded-certificate>
-TEST_PKCS11_CA_FILE = <path-to-PEM-encoded-CA-file-needed-to-trust-certificate>
+TEST_PKCS11_TOKEN_DIR = <path-to-softhsm-token-dir>
 ```
+TEST_PKCS11_LIB is used by the tests to peform pkcs11 operations.
+
+TEST_PKCS11_TOKEN_DIR is used by the tests to clear the softhsm tokens before a test begins. This is achieved by cleaning the token directory <b>NOTE: Any tokens created outside the tests will be cleaned up along with all the objects/keys on it as part of the tests.</b> 
+
 
 ## The suggested way to set up your machine
 1)  Install [SoftHSM2](https://www.opendnssec.org/softhsm/) via brew / apt / apt-get / yum:
@@ -31,7 +31,14 @@ TEST_PKCS11_CA_FILE = <path-to-PEM-encoded-CA-file-needed-to-trust-certificate>
         directories.tokendir = /usr/local/var/lib/softhsm/tokens/
         ```
 
-2)  Create token and private key.
+2)  Set env vars like so:
+    ```
+    TEST_PKCS11_LIB = <path to libsofthsm2.so>
+    TEST_PKCS11_TOKEN_DIR = /usr/local/var/lib/softhsm/tokens/
+    ```
+
+
+3)  [Example to import your keys, Not used by tests] Create token and private key
 
     You can use any values for the labels, pin, key, cert, CA etc.
     Here are copy-paste friendly commands for using files available in this repo.
@@ -44,13 +51,5 @@ TEST_PKCS11_CA_FILE = <path-to-PEM-encoded-CA-file-needed-to-trust-certificate>
     ```
     > softhsm2-util --import tests/resources/unittests.p8 --slot <slot-with-token> --label my-test-key --id BEEFCAFE --pin 0000
     ```
+    <b>WARN: All tokens created outside the tests would be cleaned up as part of the tests, Use a separate token directory for running the tests if you would like to keep your tokens intact.</b>
 
-3)  Set env vars like so:
-    ```
-    TEST_PKCS11_LIB = <path to libsofthsm2.so>
-    TEST_PKCS11_TOKEN_LABEL = my-test-token
-    TEST_PKCS11_PIN = 0000
-    TEST_PKCS11_PKEY_LABEL = my-test-key
-    TEST_PKCS11_CERT_FILE = <path to aws-c-io>/tests/resources/unittests.crt
-    TEST_PKCS11_CA_FILE = <path to aws-c-io>/tests/resources/unittests.crt
-    ```

include/aws/io/private/pkcs11_private.h

@@ -8,8 +8,35 @@
 #include <aws/io/io.h>
 
 struct aws_pkcs11_lib;
+#include <aws/io/shared_library.h>
+#include <aws/common/ref_count.h>
+
+/* These defines must exist before the official PKCS#11 headers are included */
+#define CK_PTR *
+#define NULL_PTR 0
+#define CK_DEFINE_FUNCTION(returnType, name) returnType name
+#define CK_DECLARE_FUNCTION(returnType, name) returnType name
+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType(CK_PTR name)
+#define CK_CALLBACK_FUNCTION(returnType, name) returnType(CK_PTR name)
+
+/* Support older PKCS#11 versions, even if we're using newer headers.
+ * The PKCS#11 API is designed to be forward compatible. */
+#include <aws/io/private/pkcs11/v2.40/pkcs11.h>
+
 struct aws_string;
 
+struct aws_pkcs11_lib {
+    struct aws_ref_count ref_count;
+    struct aws_allocator *allocator;
+
+    struct aws_shared_library shared_lib;
+
+    CK_FUNCTION_LIST_PTR function_list;
+
+    /* If true, C_Finalize() should be called when last ref-count is released */
+    bool should_finalize;
+};
+
 /**
  * pkcs11_private.h
  * This file declares symbols that are private to aws-c-io but need to be

source/pkcs11.c

@@ -13,17 +13,6 @@
 
 #include <inttypes.h>
 
-/* These defines must exist before the official PKCS#11 headers are included */
-#define CK_PTR *
-#define NULL_PTR 0
-#define CK_DEFINE_FUNCTION(returnType, name) returnType name
-#define CK_DECLARE_FUNCTION(returnType, name) returnType name
-#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType(CK_PTR name)
-#define CK_CALLBACK_FUNCTION(returnType, name) returnType(CK_PTR name)
-
-/* Support older PKCS#11 versions, even if we're using newer headers.
- * The PKCS#11 API is designed to be forward compatible. */
-#include <aws/io/private/pkcs11/v2.40/pkcs11.h>
 #define AWS_SUPPORTED_CRYPTOKI_VERSION_MAJOR 2
 #define AWS_MIN_SUPPORTED_CRYPTOKI_VERSION_MINOR 20
 
@@ -258,18 +247,6 @@ static CK_RV s_pkcs11_unlock_mutex(CK_VOID_PTR mutex_ptr) {
     return CKR_OK;
 }
 
-struct aws_pkcs11_lib {
-    struct aws_ref_count ref_count;
-    struct aws_allocator *allocator;
-
-    struct aws_shared_library shared_lib;
-
-    CK_FUNCTION_LIST_PTR function_list;
-
-    /* If true, C_Finalize() should be called when last ref-count is released */
-    bool should_finalize;
-};
-
 /* Invoked when last ref-count is released. Free all resources.
  * Note that this is also called if initialization fails half-way through */
 static void s_pkcs11_lib_destroy(void *user_data) {
@@ -665,7 +642,7 @@ int aws_pkcs11_lib_find_private_key(
     bool must_finalize_search = false;
 
     /* set up search attributes */
-    CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
+    CK_OBJECT_CLASS key_class = CKO_SECRET_KEY;
     CK_ULONG num_attributes = 1;
     CK_ATTRIBUTE attributes[2] = {
         {

tests/CMakeLists.txt

@@ -228,6 +228,9 @@ if (ENABLE_PKCS11_TESTS)
     add_test_case(pkcs11_lib_initialize)
     add_test_case(pkcs11_lib_omit_initialize)
     add_test_case(pkcs11_find_private_key)
+    add_test_case(pkcs11_find_slot)
+    add_test_case(pkcs11_session_tests)
+    add_test_case(pkcs11_login_tests)
 endif()
 
 set(TEST_BINARY_NAME ${PROJECT_NAME}-tests)