From 1589236927377a1aadbdafdba97d70535120155f Mon Sep 17 00:00:00 2001 From: "Ching-Hsin,Lee" Date: Fri, 10 May 2024 07:17:19 +0000 Subject: [PATCH 1/4] Fix C_GetAttributeValue mbedtls port implementation --- source/portable/mbedtls/core_pkcs11_mbedtls.c | 51 +++++++++++-------- .../core_pkcs11_mbedtls_utest.c | 18 ++++--- 2 files changed, 43 insertions(+), 26 deletions(-) diff --git a/source/portable/mbedtls/core_pkcs11_mbedtls.c b/source/portable/mbedtls/core_pkcs11_mbedtls.c index ea9f043a..ce364cf1 100644 --- a/source/portable/mbedtls/core_pkcs11_mbedtls.c +++ b/source/portable/mbedtls/core_pkcs11_mbedtls.c @@ -3185,7 +3185,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, { for( iAttrib = 0; iAttrib < ulCount; iAttrib++ ) { - if( xResult != CKR_OK ) + if( ( xResult != CKR_ATTRIBUTE_SENSITIVE ) && ( xResult != CKR_ATTRIBUTE_TYPE_INVALID ) && ( xResult != CKR_BUFFER_TOO_SMALL ) && ( xResult != CKR_OK ) ) { break; } @@ -3209,6 +3209,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, LogError( ( "Failed to parse attribute template. " "Received a buffer smaller than CK_OBJECT_CLASS." ) ); xResult = CKR_BUFFER_TOO_SMALL; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; } } @@ -3226,6 +3227,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, LogError( ( "Failed to parse attribute. This data is " "sensitive and the value will not be returned." ) ); xResult = CKR_ATTRIBUTE_SENSITIVE; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; } else { @@ -3241,6 +3243,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, ( unsigned long int ) ulLength, ( unsigned long int ) pTemplate[ iAttrib ].ulValueLen ) ); xResult = CKR_BUFFER_TOO_SMALL; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; } else { @@ -3261,6 +3264,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, LogError( ( "Failed to parse attribute. Expected buffer " "of size CK_KEY_TYPE." ) ); xResult = CKR_BUFFER_TOO_SMALL; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; } else { @@ -3287,6 +3291,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, LogError( ( "Failed to parse attribute. " "Could not parse key type." ) ); xResult = CKR_ATTRIBUTE_VALUE_INVALID; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; break; } @@ -3300,6 +3305,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, LogError( ( "Failed to parse attribute. " "CKA_PRIVATE_EXPONENT is private data." ) ); xResult = CKR_ATTRIBUTE_SENSITIVE; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; break; @@ -3316,6 +3322,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, LogError( ( "Failed to parse attribute. " "CKA_EC_PARAMS buffer too small." ) ); xResult = CKR_BUFFER_TOO_SMALL; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; } else { @@ -3348,33 +3355,35 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, ( uint8_t * ) pTemplate[ iAttrib ].pValue + 1, pTemplate[ iAttrib ].ulValueLen - 1UL ); xSize = xMbedSize; - } - else - { - xResult = CKR_BUFFER_TOO_SMALL; - } - - if( ( xResult == CKR_OK ) && ( lMbedTLSResult < 0 ) ) - { - if( lMbedTLSResult == MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ) + if( lMbedTLSResult < 0 ) { - LogError( ( "Failed to extract EC point. " - "CKA_EC_POINT buffer was too small." ) ); - xResult = CKR_BUFFER_TOO_SMALL; + if( lMbedTLSResult == MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ) + { + LogError( ( "Failed to extract EC point. " + "CKA_EC_POINT buffer was too small." ) ); + xResult = CKR_BUFFER_TOO_SMALL; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; + } + else + { + LogError( ( "Failed to extract EC point. " + "mbedtls_ecp_tls_write_point failed: " + "mbed TLS error = %s : %s.", + mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ), + mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) ); + xResult = CKR_FUNCTION_FAILED; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; + } } else { - LogError( ( "Failed to extract EC point. " - "mbedtls_ecp_tls_write_point failed: " - "mbed TLS error = %s : %s.", - mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ), - mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) ); - xResult = CKR_FUNCTION_FAILED; + pTemplate[ iAttrib ].ulValueLen = xSize + 1UL; } } else { - pTemplate[ iAttrib ].ulValueLen = xSize + 1UL; + xResult = CKR_BUFFER_TOO_SMALL; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; } } @@ -3384,6 +3393,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, LogError( ( "Failed to parse attribute. Received unknown " "attribute type." ) ); xResult = CKR_ATTRIBUTE_TYPE_INVALID; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; break; } } @@ -5895,3 +5905,4 @@ CK_DECLARE_FUNCTION( CK_RV, C_GenerateRandom )( CK_SESSION_HANDLE hSession, return xResult; } /* @[declare_pkcs11_mbedtls_c_generate_random] */ + diff --git a/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c b/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c index a533f4ab..0d3695b5 100644 --- a/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c +++ b/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c @@ -3157,7 +3157,6 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void ) xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_OK, xResult ); - TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplate.ulValueLen ); xTemplate.pValue = &ulPoint; @@ -3173,6 +3172,7 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void ) mbedtls_ecp_tls_write_point_IgnoreAndReturn( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 ); xTemplate.pValue = &ulPoint; @@ -3180,6 +3180,7 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void ) xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); mbedtls_ecp_tls_write_point_IgnoreAndReturn( 1 ); @@ -3188,6 +3189,7 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void ) xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_TYPE_INVALID, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); /* CKA Class Case */ xTemplate.type = CKA_CLASS; @@ -3231,7 +3233,7 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void ) mbedtls_pk_parse_key_IgnoreAndReturn( 0 ); xResult = C_GetAttributeValue( xSession, xObjectPub, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); - TEST_ASSERT_EQUAL( 0, xTemplate.ulValueLen ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); xTemplate.type = CKA_VALUE; xTemplate.pValue = &ulLength; @@ -3350,17 +3352,17 @@ void test_pkcs11_C_GetAttributeValuePrivKey( void ) xTemplate.type = CKA_CLASS; xTemplate.ulValueLen = 0; - ulCount = 2; mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); - + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); xTemplate.type = CKA_KEY_TYPE; + xTemplate.ulValueLen = 0; mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); - + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); xTemplate.ulValueLen = sizeof( CKA_KEY_TYPE ); ulCount = 1; @@ -3369,12 +3371,13 @@ void test_pkcs11_C_GetAttributeValuePrivKey( void ) xPkType = MBEDTLS_PK_NONE; xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_VALUE_INVALID, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); xTemplate.type = CKA_PRIVATE_EXPONENT; mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_SENSITIVE, xResult ); - + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); xTemplate.type = CKA_EC_PARAMS; xTemplate.pValue = NULL; @@ -3388,6 +3391,7 @@ void test_pkcs11_C_GetAttributeValuePrivKey( void ) mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); xTemplate.type = CKA_EC_POINT; xTemplate.pValue = &ulCount; @@ -3395,12 +3399,14 @@ void test_pkcs11_C_GetAttributeValuePrivKey( void ) mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); xTemplate.pValue = &xKeyType; xTemplate.ulValueLen = 0; mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); } if( TEST_PROTECT() ) From c96b86aa97c8e6128df827b6761deb97801384e0 Mon Sep 17 00:00:00 2001 From: "Ching-Hsin,Lee" Date: Fri, 10 May 2024 09:36:19 +0000 Subject: [PATCH 2/4] Add multiple attributes test --- .../core_pkcs11_mbedtls_utest.c | 231 ++++++++++++++++++ 1 file changed, 231 insertions(+) diff --git a/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c b/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c index 0d3695b5..2a7f7b9f 100644 --- a/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c +++ b/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c @@ -3253,6 +3253,237 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void ) } } +/*! + * @brief C_GetAttributeValue test multiple attribute parsing of PKCS #11 templates. + * + * CKR_ATTRIBUTE_SENSITIVE, CKR_ATTRIBUTE_TYPE_INVALID, and CKR_BUFFER_TOO_SMALL do not + * denote true errors for C_GetAttributeValue. The second attribute should still be processed + * in the call. CKR_FUNCTION_FAILED is not listed in the error above and should stop processing + * the second attribute. + * + * Testing the following combinations of return value of attributes[ 2 ]: + * { CKR_OK, CKR_ATTRIBUTE_TYPE_INVALID } : Return value is CKR_ATTRIBUTE_TYPE_INVALID. + * { CKR_ATTRIBUTE_TYPE_INVALID, CKR_OK } : Return value is CKR_ATTRIBUTE_TYPE_INVALID. + * { CKR_OK, CKR_BUFFER_TOO_SMALL } : Return value is CKR_BUFFER_TOO_SMALL. + * { CKR_BUFFER_TOO_SMALL, CKR_OK } : Return value is CKR_BUFFER_TOO_SMALL. + * { CKR_OK, CKR_ATTRIBUTE_SENSITIVE } : Return value is CKR_ATTRIBUTE_SENSITIVE. + * { CKR_ATTRIBUTE_SENSITIVE, CKR_OK } : Return value is CKR_ATTRIBUTE_SENSITIVE. + * { CKR_OK, CKR_FUNCTION_FAILED } : Return value is CKR_FUNCTION_FAILED. + * { CKR_FUNCTION_FAILED, CKR_OK } : Return value is CKR_FUNCTION_FAILED and the + * second attribute is not returned in the implementation. + * { CKR_FUNCTION_FAILED, CKR_ATTRIBUTE_TYPE_INVALID } : Return value is CKR_FUNCTION_FAILED + * { CKR_ATTRIBUTE_TYPE_INVALID, CKR_FUNCTION_FAILED } : Return value is CKR_FUNCTION_FAILED + */ +void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void ) +{ + CK_RV xResult = CKR_OK; + CK_SESSION_HANDLE xSession = 0; + CK_OBJECT_HANDLE xObject = 0; + CK_ULONG ulCount = 2; + CK_ULONG ulLength = 1; + CK_BYTE pulKnownBuf[] = pkcs11DER_ENCODED_OID_P256; + CK_BYTE pulBuf[ sizeof( pulKnownBuf ) ] = { 0 }; + CK_BYTE ulPoint[ pkcs11EC_POINT_LENGTH ] = { 0 }; + CK_BYTE ulKnownPoint = 0x04; + CK_BBOOL xIsPrivate = CK_FALSE; + CK_OBJECT_CLASS xPrivateKeyClass = { 0 }; + CK_OBJECT_CLASS xKnownPrivateKeyClass = CKO_PRIVATE_KEY; + CK_ATTRIBUTE xTemplates[ 2 ] = { 0 }; + + prvCommonInitStubs( &xSession ); + + if( TEST_PROTECT() ) + { + xResult = prvCreateEcPriv( &xSession, &xObject ); + TEST_ASSERT_EQUAL( CKR_OK, xResult ); + + mbedtls_pk_init_CMockIgnore(); + mbedtls_x509_crt_init_CMockIgnore(); + PKCS11_PAL_GetObjectValueCleanup_CMockIgnore(); + mbedtls_pk_free_CMockIgnore(); + mbedtls_x509_crt_free_CMockIgnore(); + + /* EC Point Case and unknown attribute case. */ + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 0 ].type = CKA_EC_POINT; + xTemplates[ 0 ].pValue = NULL; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_ATTRIBUTE_TYPE_INVALID should be returned for unknow attribute CKA_MODULUS. */ + xTemplates[ 1 ].type = CKA_MODULUS; + xTemplates[ 1 ].pValue = NULL; + xTemplates[ 1 ].ulValueLen = 0; + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + + /* CKR_ATTRIBUTE_TYPE_INVALID should be returned. */ + TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_TYPE_INVALID, xResult ); + TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen ); + + /* Swap the sequence EC Point Case and unknown attribute case. */ + /* CKR_ATTRIBUTE_TYPE_INVALID should be returned for unknow attribute CKA_MODULUS. */ + xTemplates[ 0 ].type = CKA_MODULUS; + xTemplates[ 0 ].pValue = NULL; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 1 ].type = CKA_EC_POINT; + xTemplates[ 1 ].pValue = NULL; + xTemplates[ 1 ].ulValueLen = 0; + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + + /* CKR_ATTRIBUTE_TYPE_INVALID should be returned. */ + TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_TYPE_INVALID, xResult ); + TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 1 ].ulValueLen ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen ); + + /* CKR_BUFFER_TOO_SMALL should be returned when mbedtls return buffer too small. */ + xTemplates[ 0 ].type = CKA_EC_POINT; + xTemplates[ 0 ].pValue = &ulPoint; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 1 ].type = CKA_EC_POINT; + xTemplates[ 1 ].pValue = NULL; + xTemplates[ 1 ].ulValueLen = 0; + + /* CKR_BUFFER_TOO_SMALL should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 1 ].ulValueLen ); + + /* Swap the attributes order for CKR_BUFFER_TOO_SMALL and CKR_OK. */ + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 0 ].type = CKA_EC_POINT; + xTemplates[ 0 ].pValue = NULL; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_BUFFER_TOO_SMALL should be returned when mbedtls return buffer too small. */ + xTemplates[ 1 ].type = CKA_EC_POINT; + xTemplates[ 1 ].pValue = &ulPoint; + xTemplates[ 1 ].ulValueLen = 0; + + /* CKR_BUFFER_TOO_SMALL should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); + TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen ); + + /* CKR_ATTRIBUTE_SENSITIVE should be returned when getting CKA_PRIVATE_EXPONENT type. */ + mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); + xTemplates[ 0 ].type = CKA_PRIVATE_EXPONENT; + xTemplates[ 0 ].pValue = NULL; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 1 ].type = CKA_EC_POINT; + xTemplates[ 1 ].pValue = NULL; + xTemplates[ 1 ].ulValueLen = 0; + + /* CKA_PRIVATE_EXPONENT should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_SENSITIVE, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 1 ].ulValueLen ); + + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 0 ].type = CKA_EC_POINT; + xTemplates[ 0 ].pValue = NULL; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_ATTRIBUTE_SENSITIVE should be returned when getting CKA_PRIVATE_EXPONENT type. */ + mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); + xTemplates[ 1 ].type = CKA_PRIVATE_EXPONENT; + xTemplates[ 1 ].pValue = NULL; + xTemplates[ 1 ].ulValueLen = 0; + + /* CKA_PRIVATE_EXPONENT should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_SENSITIVE, xResult ); + TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen ); + + /* CKR_FUNCTION_FAILED should be returned when mbedtls_ecp_tls_write_point returns -1. */ + mbedtls_pk_parse_key_IgnoreAndReturn( 0 ); + mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 ); + xTemplates[ 0 ].type = CKA_EC_POINT; + xTemplates[ 0 ].pValue = &ulPoint; + xTemplates[ 0 ].ulValueLen = sizeof( ulPoint ); + + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 1 ].type = CKA_EC_POINT; + xTemplates[ 1 ].pValue = NULL; + xTemplates[ 1 ].ulValueLen = 0; + + /* CKR_FUNCTION_FAILED should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( 0, xTemplates[ 1 ].ulValueLen ); + + /* Swap the order of attributes. */ + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 0 ].type = CKA_EC_POINT; + xTemplates[ 0 ].pValue = NULL; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_FUNCTION_FAILED should be returned when mbedtls_ecp_tls_write_point returns -1. */ + mbedtls_pk_parse_key_IgnoreAndReturn( 0 ); + mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 ); + xTemplates[ 1 ].type = CKA_EC_POINT; + xTemplates[ 1 ].pValue = &ulPoint; + xTemplates[ 1 ].ulValueLen = sizeof( ulPoint ); + + /* CKR_FUNCTION_FAILED should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); + TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen ); + + /* CKR_ATTRIBUTE_TYPE_INVALID should be returned for unknow attribute CKA_MODULUS. */ + xTemplates[ 0 ].type = CKA_MODULUS; + xTemplates[ 0 ].pValue = NULL; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_FUNCTION_FAILED should be returned when mbedtls_ecp_tls_write_point returns -1. */ + mbedtls_pk_parse_key_IgnoreAndReturn( 0 ); + mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 ); + xTemplates[ 1 ].type = CKA_EC_POINT; + xTemplates[ 1 ].pValue = &ulPoint; + xTemplates[ 1 ].ulValueLen = sizeof( ulPoint ); + + /* CKR_FUNCTION_FAILED should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen ); + + /* CKR_FUNCTION_FAILED should be returned when mbedtls_ecp_tls_write_point returns -1. */ + mbedtls_pk_parse_key_IgnoreAndReturn( 0 ); + mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 ); + xTemplates[ 0 ].type = CKA_EC_POINT; + xTemplates[ 0 ].pValue = &ulPoint; + xTemplates[ 0 ].ulValueLen = sizeof( ulPoint ); + + /* CKR_ATTRIBUTE_TYPE_INVALID should be returned for unknow attribute CKA_MODULUS. */ + xTemplates[ 1 ].type = CKA_MODULUS; + xTemplates[ 1 ].pValue = NULL; + xTemplates[ 1 ].ulValueLen = 0; + + /* CKR_FUNCTION_FAILED should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( 0, xTemplates[ 1 ].ulValueLen ); + } + + if( TEST_PROTECT() ) + { + prvCommonDeinitStubs( &xSession ); + } +} + /*! * @brief C_GetAttributeValue paths. * From 1a35b89c64cd948fc0713801dfc70d7553dc9600 Mon Sep 17 00:00:00 2001 From: "Ching-Hsin,Lee" Date: Fri, 10 May 2024 17:40:59 +0800 Subject: [PATCH 3/4] Update for test cases --- test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c b/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c index 2a7f7b9f..856c0595 100644 --- a/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c +++ b/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c @@ -3271,8 +3271,9 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void ) * { CKR_OK, CKR_FUNCTION_FAILED } : Return value is CKR_FUNCTION_FAILED. * { CKR_FUNCTION_FAILED, CKR_OK } : Return value is CKR_FUNCTION_FAILED and the * second attribute is not returned in the implementation. - * { CKR_FUNCTION_FAILED, CKR_ATTRIBUTE_TYPE_INVALID } : Return value is CKR_FUNCTION_FAILED - * { CKR_ATTRIBUTE_TYPE_INVALID, CKR_FUNCTION_FAILED } : Return value is CKR_FUNCTION_FAILED + * { CKR_FUNCTION_FAILED, CKR_ATTRIBUTE_TYPE_INVALID } : Return value is CKR_FUNCTION_FAILED and the + * second attribute is not returned in the implementation. + * { CKR_ATTRIBUTE_TYPE_INVALID, CKR_FUNCTION_FAILED } : Return value is CKR_FUNCTION_FAILED. */ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void ) { From 60b79cb261902108dd1f1f33b2410c37f4cc04d2 Mon Sep 17 00:00:00 2001 From: "Ching-Hsin,Lee" Date: Fri, 10 May 2024 18:04:02 +0800 Subject: [PATCH 4/4] Fix uncrustify --- source/portable/mbedtls/core_pkcs11_mbedtls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/portable/mbedtls/core_pkcs11_mbedtls.c b/source/portable/mbedtls/core_pkcs11_mbedtls.c index ce364cf1..188ae88c 100644 --- a/source/portable/mbedtls/core_pkcs11_mbedtls.c +++ b/source/portable/mbedtls/core_pkcs11_mbedtls.c @@ -3355,6 +3355,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, ( uint8_t * ) pTemplate[ iAttrib ].pValue + 1, pTemplate[ iAttrib ].ulValueLen - 1UL ); xSize = xMbedSize; + if( lMbedTLSResult < 0 ) { if( lMbedTLSResult == MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ) @@ -5905,4 +5906,3 @@ CK_DECLARE_FUNCTION( CK_RV, C_GenerateRandom )( CK_SESSION_HANDLE hSession, return xResult; } /* @[declare_pkcs11_mbedtls_c_generate_random] */ -