Bug 1577803, gtests: import pkcs11testmodule from Firefox, r=rrelyea
authorDaiki Ueno <dueno@redhat.com>
Tue, 05 Nov 2019 18:29:32 +0100
changeset 15373 0a86945adf746d78954c4a5ac4dfa365debb76c6
parent 15372 dc9552c2aa7779601bfa232ab0764a9c4ad17535
child 15374 73c28cad3dbb7c8eef8f970d69fc5504d96b69dc
push id3566
push userdueno@redhat.com
push dateTue, 05 Nov 2019 17:30:04 +0000
reviewersrrelyea
bugs1577803
Bug 1577803, gtests: import pkcs11testmodule from Firefox, r=rrelyea Summary: This adds a mock PKCS #11 module from Firefox and add basic tests around it. This is needed for proper testing of PKCS #11 v3.0 profile objects (D45669). Reviewers: rrelyea Reviewed By: rrelyea Subscribers: reviewbot Bug #: 1577803 Differential Revision: https://phabricator.services.mozilla.com/D47060
cpputil/nss_scoped_ptrs.h
gtests/manifest.mn
gtests/pk11_gtest/manifest.mn
gtests/pk11_gtest/pk11_gtest.gyp
gtests/pk11_gtest/pk11_module_unittest.cc
gtests/pkcs11testmodule/Makefile
gtests/pkcs11testmodule/config.mk
gtests/pkcs11testmodule/manifest.mn
gtests/pkcs11testmodule/pkcs11testmodule.cpp
gtests/pkcs11testmodule/pkcs11testmodule.def
gtests/pkcs11testmodule/pkcs11testmodule.gyp
gtests/pkcs11testmodule/pkcs11testmodule.rc
nss.gyp
--- a/cpputil/nss_scoped_ptrs.h
+++ b/cpputil/nss_scoped_ptrs.h
@@ -25,16 +25,17 @@ struct ScopedDelete {
   void operator()(CERTName* name) { CERT_DestroyName(name); }
   void operator()(CERTCertList* list) { CERT_DestroyCertList(list); }
   void operator()(CERTSubjectPublicKeyInfo* spki) {
     SECKEY_DestroySubjectPublicKeyInfo(spki);
   }
   void operator()(PK11Context* context) { PK11_DestroyContext(context, true); }
   void operator()(PK11GenericObject* obj) { PK11_DestroyGenericObject(obj); }
   void operator()(PK11SlotInfo* slot) { PK11_FreeSlot(slot); }
+  void operator()(PK11SlotList* slots) { PK11_FreeSlotList(slots); }
   void operator()(PK11SymKey* key) { PK11_FreeSymKey(key); }
   void operator()(PK11URI* uri) { PK11URI_DestroyURI(uri); }
   void operator()(PLArenaPool* arena) { PORT_FreeArena(arena, PR_FALSE); }
   void operator()(PQGParams* pqg) { PK11_PQG_DestroyParams(pqg); }
   void operator()(PRFileDesc* fd) { PR_Close(fd); }
   void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); }
   void operator()(SECKEYEncryptedPrivateKeyInfo* e) {
     SECKEY_DestroyEncryptedPrivateKeyInfo(e, true);
@@ -67,16 +68,17 @@ SCOPED(CERTCertList);
 SCOPED(CERTCertificate);
 SCOPED(CERTCertificateList);
 SCOPED(CERTDistNames);
 SCOPED(CERTName);
 SCOPED(CERTSubjectPublicKeyInfo);
 SCOPED(PK11Context);
 SCOPED(PK11GenericObject);
 SCOPED(PK11SlotInfo);
+SCOPED(PK11SlotList);
 SCOPED(PK11SymKey);
 SCOPED(PK11URI);
 SCOPED(PLArenaPool);
 SCOPED(PQGParams);
 SCOPED(PRFileDesc);
 SCOPED(SECAlgorithmID);
 SCOPED(SECItem);
 SCOPED(SECKEYEncryptedPrivateKeyInfo);
--- a/gtests/manifest.mn
+++ b/gtests/manifest.mn
@@ -24,16 +24,17 @@ NSS_SRCDIRS = \
 	cryptohi_gtest \
 	der_gtest \
 	pk11_gtest \
 	smime_gtest \
 	softoken_gtest \
 	ssl_gtest \
 	$(SYSINIT_GTEST) \
 	nss_bogo_shim \
+	pkcs11testmodule \
 	$(NULL)
 endif
 endif
 
 DIRS = \
 	$(LIB_SRCDIRS) \
 	$(UTIL_SRCDIRS) \
 	$(NSS_SRCDIRS) \
--- a/gtests/pk11_gtest/manifest.mn
+++ b/gtests/pk11_gtest/manifest.mn
@@ -17,24 +17,27 @@ CPPSRCS = \
       pk11_des_unittest.cc \
       pk11_ecdsa_unittest.cc \
       pk11_encrypt_derive_unittest.cc \
       pk11_export_unittest.cc \
       pk11_find_certs_unittest.cc \
       pk11_import_unittest.cc \
       pk11_keygen.cc \
       pk11_key_unittest.cc \
+      pk11_module_unittest.cc \
       pk11_pbkdf2_unittest.cc \
       pk11_prf_unittest.cc \
       pk11_prng_unittest.cc \
       pk11_rsapkcs1_unittest.cc \
       pk11_rsapss_unittest.cc \
       pk11_seed_cbc_unittest.cc \
       $(NULL)
 
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
 INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
             -I$(CORE_DEPTH)/gtests/common \
             -I$(CORE_DEPTH)/cpputil
 
 REQUIRES = nspr nss libdbm gtest cpputil
 
 PROGRAM = pk11_gtest
 
--- a/gtests/pk11_gtest/pk11_gtest.gyp
+++ b/gtests/pk11_gtest/pk11_gtest.gyp
@@ -22,16 +22,17 @@
         'pk11_der_private_key_import_unittest.cc',
         'pk11_des_unittest.cc',
         'pk11_ecdsa_unittest.cc',
         'pk11_encrypt_derive_unittest.cc',
         'pk11_find_certs_unittest.cc',
         'pk11_import_unittest.cc',
         'pk11_keygen.cc',
         'pk11_key_unittest.cc',
+        'pk11_module_unittest.cc',
         'pk11_pbkdf2_unittest.cc',
         'pk11_prf_unittest.cc',
         'pk11_prng_unittest.cc',
         'pk11_rsapkcs1_unittest.cc',
         'pk11_rsapss_unittest.cc',
         'pk11_seed_cbc_unittest.cc',
         '<(DEPTH)/gtests/common/gtests.cc'
       ],
@@ -59,12 +60,18 @@
           'dependencies': [
             '<(DEPTH)/lib/nss/nss.gyp:nss3',
             '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
           ],
         }],
       ],
     }
   ],
+  'target_defaults': {
+    'defines': [
+      'DLL_PREFIX=\"<(dll_prefix)\"',
+      'DLL_SUFFIX=\"<(dll_suffix)\"'
+    ]
+  },
   'variables': {
     'module': 'nss'
   }
 }
new file mode 100644
--- /dev/null
+++ b/gtests/pk11_gtest/pk11_module_unittest.cc
@@ -0,0 +1,69 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "prerror.h"
+#include "prsystem.h"
+#include "secoid.h"
+
+#include "nss_scoped_ptrs.h"
+#include "gtest/gtest.h"
+#include "databuffer.h"
+
+namespace nss_test {
+
+class Pkcs11ModuleTest : public ::testing::Test {
+ public:
+  Pkcs11ModuleTest() {}
+
+  void SetUp() override {
+    ASSERT_EQ(SECSuccess, SECMOD_AddNewModule("Pkcs11ModuleTest", DLL_PREFIX
+                                              "pkcs11testmodule." DLL_SUFFIX,
+                                              0, 0))
+        << PORT_ErrorToName(PORT_GetError());
+  }
+
+  void TearDown() override {
+    int type;
+    ASSERT_EQ(SECSuccess, SECMOD_DeleteModule("Pkcs11ModuleTest", &type));
+    ASSERT_EQ(SECMOD_EXTERNAL, type);
+  }
+};
+
+TEST_F(Pkcs11ModuleTest, LoadUnload) {
+  ScopedSECMODModule module(SECMOD_FindModule("Pkcs11ModuleTest"));
+  EXPECT_NE(nullptr, module);
+}
+
+TEST_F(Pkcs11ModuleTest, ListSlots) {
+  ScopedPK11SlotList slots(
+      PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, nullptr));
+  EXPECT_NE(nullptr, slots);
+
+  PK11SlotListElement* element = PK11_GetFirstSafe(slots.get());
+  EXPECT_NE(nullptr, element);
+
+  // These tokens are always present.
+  const std::vector<std::string> kSlotsWithToken = {
+      "NSS Internal Cryptographic Services",
+      "NSS User Private Key and Certificate Services", "Test PKCS11 Slot 二"};
+  std::vector<std::string> foundSlots;
+
+  do {
+    std::string name = PK11_GetSlotName(element->slot);
+    foundSlots.push_back(name);
+    std::cerr << "loaded slot: " << name << std::endl;
+  } while ((element = PK11_GetNextSafe(slots.get(), element, PR_FALSE)) !=
+           nullptr);
+
+  std::sort(foundSlots.begin(), foundSlots.end());
+  EXPECT_TRUE(std::equal(kSlotsWithToken.begin(), kSlotsWithToken.end(),
+                         foundSlots.begin()));
+}
+
+}  // namespace nss_test
new file mode 100644
--- /dev/null
+++ b/gtests/pkcs11testmodule/Makefile
@@ -0,0 +1,45 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
new file mode 100644
--- /dev/null
+++ b/gtests/pkcs11testmodule/config.mk
@@ -0,0 +1,16 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# can't do this in manifest.mn because OS_TARGET isn't defined there.
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+# don't want the 32 in the shared library name
+SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
+
+RES = $(OBJDIR)/$(LIBRARY_NAME).res
+RESNAME = $(LIBRARY_NAME).rc
+
+endif
new file mode 100644
--- /dev/null
+++ b/gtests/pkcs11testmodule/manifest.mn
@@ -0,0 +1,22 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+      pkcs11testmodule.cpp \
+      $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/cpputil
+
+REQUIRES = cpputil
+
+MAPFILE = $(OBJDIR)/pkcs11testmodule.def
+
+LIBRARY_NAME = pkcs11testmodule
+
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \
+             $(NULL)
new file mode 100644
--- /dev/null
+++ b/gtests/pkcs11testmodule/pkcs11testmodule.cpp
@@ -0,0 +1,579 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is a testing PKCS #11 module that simulates a token being inserted and
+// removed from a slot every 50ms. This is achieved mainly in
+// Test_C_WaitForSlotEvent. If the application that loaded this module calls
+// C_WaitForSlotEvent, this module waits for 50ms and returns, having changed
+// its internal state to report that the token has either been inserted or
+// removed, as appropriate.
+// This module also provides an alternate token that is always present for tests
+// that don't want the cyclic behavior described above.
+
+#include <assert.h>
+#include <string.h>
+
+#ifdef _WIN32
+#  include <windows.h>  // for Sleep
+#else
+#  include <unistd.h>  // for usleep
+#endif
+
+#include "pkcs11t.h"
+
+#undef CK_DECLARE_FUNCTION
+
+#ifdef _WIN32
+#define CK_DECLARE_FUNCTION(rtype, func) extern rtype __declspec(dllexport) func
+#else
+#define CK_DECLARE_FUNCTION(rtype, func) extern rtype func
+#endif
+
+#include "pkcs11.h"
+
+#if __cplusplus < 201103L
+#  include <prtypes.h>
+#  define static_assert(condition, message) PR_STATIC_ASSERT(condition)
+#endif
+
+CK_RV Test_C_Initialize(CK_VOID_PTR) { return CKR_OK; }
+
+CK_RV Test_C_Finalize(CK_VOID_PTR) { return CKR_OK; }
+
+static const CK_VERSION CryptokiVersion = {2, 2};
+static const CK_VERSION TestLibraryVersion = {0, 0};
+static const char TestLibraryDescription[] = "Test PKCS11 Library";
+static const char TestManufacturerID[] = "Test PKCS11 Manufacturer ID";
+
+/* The dest buffer is one in the CK_INFO or CK_TOKEN_INFO structs.
+ * Those buffers are padded with spaces. DestSize corresponds to the declared
+ * size for those buffers (e.g. 32 for `char foo[32]`).
+ * The src buffer is a string literal. SrcSize includes the string
+ * termination character (e.g. 4 for `const char foo[] = "foo"` */
+template <size_t DestSize, size_t SrcSize>
+void CopyString(unsigned char (&dest)[DestSize], const char (&src)[SrcSize]) {
+  static_assert(DestSize >= SrcSize - 1, "DestSize >= SrcSize - 1");
+  memcpy(dest, src, SrcSize - 1);
+  memset(dest + SrcSize - 1, ' ', DestSize - SrcSize + 1);
+}
+
+CK_RV Test_C_GetInfo(CK_INFO_PTR pInfo) {
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  pInfo->cryptokiVersion = CryptokiVersion;
+  CopyString(pInfo->manufacturerID, TestManufacturerID);
+  pInfo->flags = 0;  // must be 0
+  CopyString(pInfo->libraryDescription, TestLibraryDescription);
+  pInfo->libraryVersion = TestLibraryVersion;
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR) { return CKR_OK; }
+
+static int tokenPresent = 0;
+
+CK_RV Test_C_GetSlotList(CK_BBOOL limitToTokensPresent,
+                         CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
+  if (!pulCount) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  CK_SLOT_ID slots[3];
+  CK_ULONG slotCount = 0;
+
+  // We always return slot 2.
+  slots[slotCount++] = 2;
+
+  // Slot 1 is a removable slot where a token is present if
+  // tokenPresent = CK_TRUE.
+  if (tokenPresent || !limitToTokensPresent) {
+    slots[slotCount++] = 1;
+  }
+
+  // Slot 3 is a removable slot which never has a token.
+  if (!limitToTokensPresent) {
+    slots[slotCount++] = 3;
+  }
+
+  if (pSlotList) {
+    if (*pulCount < slotCount) {
+      return CKR_BUFFER_TOO_SMALL;
+    }
+    memcpy(pSlotList, slots, sizeof(CK_ULONG) * slotCount);
+  }
+
+  *pulCount = slotCount;
+  return CKR_OK;
+}
+
+static const char TestSlotDescription[] = "Test PKCS11 Slot";
+static const char TestSlot2Description[] = "Test PKCS11 Slot 二";
+static const char TestSlot3Description[] = "Empty PKCS11 Slot";
+
+CK_RV Test_C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  switch (slotID) {
+    case 1:
+      CopyString(pInfo->slotDescription, TestSlotDescription);
+      pInfo->flags =
+          (tokenPresent ? CKF_TOKEN_PRESENT : 0) | CKF_REMOVABLE_DEVICE;
+      break;
+    case 2:
+      CopyString(pInfo->slotDescription, TestSlot2Description);
+      pInfo->flags = CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE;
+      break;
+    case 3:
+      CopyString(pInfo->slotDescription, TestSlot3Description);
+      pInfo->flags = CKF_REMOVABLE_DEVICE;
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  CopyString(pInfo->manufacturerID, TestManufacturerID);
+  pInfo->hardwareVersion = TestLibraryVersion;
+  pInfo->firmwareVersion = TestLibraryVersion;
+  return CKR_OK;
+}
+
+// Deliberately include énye to ensure we're handling encoding correctly.
+// The PKCS #11 base specification v2.20 specifies that strings be encoded
+// as UTF-8.
+static const char TestTokenLabel[] = "Test PKCS11 Tokeñ Label";
+static const char TestToken2Label[] = "Test PKCS11 Tokeñ 2 Label";
+static const char TestTokenModel[] = "Test Model";
+
+CK_RV Test_C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) {
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  switch (slotID) {
+    case 1:
+      CopyString(pInfo->label, TestTokenLabel);
+      break;
+    case 2:
+      CopyString(pInfo->label, TestToken2Label);
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  CopyString(pInfo->manufacturerID, TestManufacturerID);
+  CopyString(pInfo->model, TestTokenModel);
+  memset(pInfo->serialNumber, 0, sizeof(pInfo->serialNumber));
+  pInfo->flags = CKF_TOKEN_INITIALIZED;
+  pInfo->ulMaxSessionCount = 1;
+  pInfo->ulSessionCount = 0;
+  pInfo->ulMaxRwSessionCount = 1;
+  pInfo->ulRwSessionCount = 0;
+  pInfo->ulMaxPinLen = 4;
+  pInfo->ulMinPinLen = 4;
+  pInfo->ulTotalPublicMemory = 1024;
+  pInfo->ulFreePublicMemory = 1024;
+  pInfo->ulTotalPrivateMemory = 1024;
+  pInfo->ulFreePrivateMemory = 1024;
+  pInfo->hardwareVersion = TestLibraryVersion;
+  pInfo->firmwareVersion = TestLibraryVersion;
+  memset(pInfo->utcTime, 0, sizeof(pInfo->utcTime));
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetMechanismList(CK_SLOT_ID, CK_MECHANISM_TYPE_PTR,
+                              CK_ULONG_PTR pulCount) {
+  if (!pulCount) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  *pulCount = 0;
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetMechanismInfo(CK_SLOT_ID, CK_MECHANISM_TYPE,
+                              CK_MECHANISM_INFO_PTR) {
+  return CKR_OK;
+}
+
+CK_RV Test_C_InitToken(CK_SLOT_ID, CK_UTF8CHAR_PTR, CK_ULONG, CK_UTF8CHAR_PTR) {
+  return CKR_OK;
+}
+
+CK_RV Test_C_InitPIN(CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetPIN(CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG,
+                    CK_UTF8CHAR_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS, CK_VOID_PTR, CK_NOTIFY,
+                         CK_SESSION_HANDLE_PTR phSession) {
+  switch (slotID) {
+    case 1:
+      *phSession = 1;
+      break;
+    case 2:
+      *phSession = 2;
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  return CKR_OK;
+}
+
+CK_RV Test_C_CloseSession(CK_SESSION_HANDLE) { return CKR_OK; }
+
+CK_RV Test_C_CloseAllSessions(CK_SLOT_ID) { return CKR_OK; }
+
+CK_RV Test_C_GetSessionInfo(CK_SESSION_HANDLE hSession,
+                            CK_SESSION_INFO_PTR pInfo) {
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  switch (hSession) {
+    case 1:
+      pInfo->slotID = 1;
+      break;
+    case 2:
+      pInfo->slotID = 2;
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  pInfo->state = CKS_RO_PUBLIC_SESSION;
+  pInfo->flags = CKF_SERIAL_SESSION;
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetOperationState(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetOperationState(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                               CK_OBJECT_HANDLE, CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Login(CK_SESSION_HANDLE, CK_USER_TYPE, CK_UTF8CHAR_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Logout(CK_SESSION_HANDLE) { return CKR_FUNCTION_NOT_SUPPORTED; }
+
+CK_RV Test_C_CreateObject(CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG,
+                          CK_OBJECT_HANDLE_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_CopyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR,
+                        CK_ULONG, CK_OBJECT_HANDLE_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DestroyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetObjectSize(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetAttributeValue(CK_SESSION_HANDLE, CK_OBJECT_HANDLE,
+                               CK_ATTRIBUTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetAttributeValue(CK_SESSION_HANDLE, CK_OBJECT_HANDLE,
+                               CK_ATTRIBUTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_FindObjectsInit(CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG) {
+  return CKR_OK;
+}
+
+CK_RV Test_C_FindObjects(CK_SESSION_HANDLE, CK_OBJECT_HANDLE_PTR, CK_ULONG,
+                         CK_ULONG_PTR pulObjectCount) {
+  *pulObjectCount = 0;
+  return CKR_OK;
+}
+
+CK_RV Test_C_FindObjectsFinal(CK_SESSION_HANDLE) { return CKR_OK; }
+
+CK_RV Test_C_EncryptInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                         CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Encrypt(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                     CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_EncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                           CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_EncryptFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                         CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Decrypt(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                     CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                           CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Digest(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                    CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestKey(CK_SESSION_HANDLE, CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Sign(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                  CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                             CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignRecover(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                         CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Verify(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                    CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                               CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyRecover(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                           CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                                 CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptDigestUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                                 CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                               CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptVerifyUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                                 CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_ATTRIBUTE_PTR,
+                         CK_ULONG, CK_OBJECT_HANDLE_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateKeyPair(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                             CK_ATTRIBUTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR,
+                             CK_ULONG, CK_OBJECT_HANDLE_PTR,
+                             CK_OBJECT_HANDLE_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_WrapKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+                     CK_OBJECT_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_UnwrapKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+                       CK_BYTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR, CK_ULONG,
+                       CK_OBJECT_HANDLE_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DeriveKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+                       CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SeedRandom(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateRandom(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetFunctionStatus(CK_SESSION_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_CancelFunction(CK_SESSION_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_WaitForSlotEvent(CK_FLAGS, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR) {
+#ifdef _WIN32
+  Sleep(50);  // Sleep takes the duration argument as milliseconds
+#else
+  usleep(50000);  // usleep takes the duration argument as microseconds
+#endif
+  *pSlot = 1;
+  tokenPresent = !tokenPresent;
+  return CKR_OK;
+}
+
+static CK_FUNCTION_LIST FunctionList = {{2, 2},
+                                        Test_C_Initialize,
+                                        Test_C_Finalize,
+                                        Test_C_GetInfo,
+                                        Test_C_GetFunctionList,
+                                        Test_C_GetSlotList,
+                                        Test_C_GetSlotInfo,
+                                        Test_C_GetTokenInfo,
+                                        Test_C_GetMechanismList,
+                                        Test_C_GetMechanismInfo,
+                                        Test_C_InitToken,
+                                        Test_C_InitPIN,
+                                        Test_C_SetPIN,
+                                        Test_C_OpenSession,
+                                        Test_C_CloseSession,
+                                        Test_C_CloseAllSessions,
+                                        Test_C_GetSessionInfo,
+                                        Test_C_GetOperationState,
+                                        Test_C_SetOperationState,
+                                        Test_C_Login,
+                                        Test_C_Logout,
+                                        Test_C_CreateObject,
+                                        Test_C_CopyObject,
+                                        Test_C_DestroyObject,
+                                        Test_C_GetObjectSize,
+                                        Test_C_GetAttributeValue,
+                                        Test_C_SetAttributeValue,
+                                        Test_C_FindObjectsInit,
+                                        Test_C_FindObjects,
+                                        Test_C_FindObjectsFinal,
+                                        Test_C_EncryptInit,
+                                        Test_C_Encrypt,
+                                        Test_C_EncryptUpdate,
+                                        Test_C_EncryptFinal,
+                                        Test_C_DecryptInit,
+                                        Test_C_Decrypt,
+                                        Test_C_DecryptUpdate,
+                                        Test_C_DecryptFinal,
+                                        Test_C_DigestInit,
+                                        Test_C_Digest,
+                                        Test_C_DigestUpdate,
+                                        Test_C_DigestKey,
+                                        Test_C_DigestFinal,
+                                        Test_C_SignInit,
+                                        Test_C_Sign,
+                                        Test_C_SignUpdate,
+                                        Test_C_SignFinal,
+                                        Test_C_SignRecoverInit,
+                                        Test_C_SignRecover,
+                                        Test_C_VerifyInit,
+                                        Test_C_Verify,
+                                        Test_C_VerifyUpdate,
+                                        Test_C_VerifyFinal,
+                                        Test_C_VerifyRecoverInit,
+                                        Test_C_VerifyRecover,
+                                        Test_C_DigestEncryptUpdate,
+                                        Test_C_DecryptDigestUpdate,
+                                        Test_C_SignEncryptUpdate,
+                                        Test_C_DecryptVerifyUpdate,
+                                        Test_C_GenerateKey,
+                                        Test_C_GenerateKeyPair,
+                                        Test_C_WrapKey,
+                                        Test_C_UnwrapKey,
+                                        Test_C_DeriveKey,
+                                        Test_C_SeedRandom,
+                                        Test_C_GenerateRandom,
+                                        Test_C_GetFunctionStatus,
+                                        Test_C_CancelFunction,
+                                        Test_C_WaitForSlotEvent};
+
+#ifdef _WIN32
+__declspec(dllexport)
+#endif
+
+CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) {
+  *ppFunctionList = &FunctionList;
+  return CKR_OK;
+}
new file mode 100644
--- /dev/null
+++ b/gtests/pkcs11testmodule/pkcs11testmodule.def
@@ -0,0 +1,8 @@
+;+NSS_3.48 { 	# NSS 3.48 release
+;+    global:
+LIBRARY pkcs11testmodule ;-
+EXPORTS ;-
+C_GetFunctionList;
+;+    local:
+;+       *;
+;+};
new file mode 100644
--- /dev/null
+++ b/gtests/pkcs11testmodule/pkcs11testmodule.gyp
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../common/gtest.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'pkcs11testmodule',
+      'type': 'shared_library',
+      'sources': [
+        'pkcs11testmodule.cpp',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/cpputil/cpputil.gyp:cpputil',
+      ],
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
new file mode 100644
--- /dev/null
+++ b/gtests/pkcs11testmodule/pkcs11testmodule.rc
@@ -0,0 +1,60 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <winver.h>
+
+#define MY_LIBNAME "pkcs11testmodule"
+#define MY_FILEDESCRIPTION "NSS PKCS #11 Test Module"
+
+#ifdef _DEBUG
+#define MY_DEBUG_STR " (debug)"
+#define MY_FILEFLAGS_1 VS_FF_DEBUG
+#else
+#define MY_DEBUG_STR ""
+#define MY_FILEFLAGS_1 0x0L
+#endif
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
+
+#ifdef WINNT
+#define MY_FILEOS VOS_NT_WINDOWS32
+#else
+#define MY_FILEOS VOS__WINDOWS32
+#endif
+
+#define MY_INTERNAL_NAME MY_LIBNAME
+#define MY_VERSION "0"
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version-information resource
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION 0,0,0,0
+ PRODUCTVERSION 0,0,0,0
+ FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
+ FILEFLAGS MY_FILEFLAGS_2
+ FILEOS MY_FILEOS
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L // not used
+
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
+        BEGIN
+            VALUE "CompanyName", "Mozilla Foundation\0"
+            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
+            VALUE "FileVersion", MY_VERSION "\0"
+            VALUE "InternalName", MY_INTERNAL_NAME "\0"
+            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
+            VALUE "ProductName", "Network Security Services\0"
+            VALUE "ProductVersion", MY_VERSION "\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
--- a/nss.gyp
+++ b/nss.gyp
@@ -208,16 +208,17 @@
             'gtests/cryptohi_gtest/cryptohi_gtest.gyp:cryptohi_gtest',
             'gtests/der_gtest/der_gtest.gyp:der_gtest',
             'gtests/certdb_gtest/certdb_gtest.gyp:certdb_gtest',
             'gtests/freebl_gtest/freebl_gtest.gyp:prng_gtest',
             'gtests/freebl_gtest/freebl_gtest.gyp:blake2b_gtest',
             'gtests/freebl_gtest/freebl_gtest.gyp:freebl_gtest',
             'gtests/mozpkix_gtest/mozpkix_gtest.gyp:mozpkix_gtest',
             'gtests/nss_bogo_shim/nss_bogo_shim.gyp:nss_bogo_shim',
+            'gtests/pkcs11testmodule/pkcs11testmodule.gyp:pkcs11testmodule',
             'gtests/pk11_gtest/pk11_gtest.gyp:pk11_gtest',
             'gtests/smime_gtest/smime_gtest.gyp:smime_gtest',
             'gtests/softoken_gtest/softoken_gtest.gyp:softoken_gtest',
             'gtests/ssl_gtest/ssl_gtest.gyp:ssl_gtest',
             'gtests/util_gtest/util_gtest.gyp:util_gtest',
             'lib/ckfw/builtins/testlib/builtins-testlib.gyp:nssckbi-testlib',
           ],
           'conditions': [