From 2ad3f80b6a4ac10a0d68110676f95cc73650d5c3 Mon Sep 17 00:00:00 2001 From: chinglee-iot <61685396+chinglee-iot@users.noreply.github.com> Date: Mon, 13 May 2024 16:04:31 +0800 Subject: [PATCH] Fix mbedtls c get attribute value (#193) * Fix C_GetAttributeValue mbedtls port implementation. * Add multiple attributes and CK_UNAVAILABLE_INFORMATION value length unit tests. --- source/portable/mbedtls/core_pkcs11_mbedtls.c | 49 ++-- .../core_pkcs11_mbedtls_utest.c | 250 +++++++++++++++++- 2 files changed, 274 insertions(+), 25 deletions(-) diff --git a/source/portable/mbedtls/core_pkcs11_mbedtls.c b/source/portable/mbedtls/core_pkcs11_mbedtls.c index ea9f043a..188ae88c 100644 --- a/source/portable/mbedtls/core_pkcs11_mbedtls.c +++ b/source/portable/mbedtls/core_pkcs11_mbedtls.c @@ -3185,7 +3185,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, { for( iAttrib = 0; iAttrib < ulCount; iAttrib++ ) { - if( xResult != CKR_OK ) + if( ( xResult != CKR_ATTRIBUTE_SENSITIVE ) && ( xResult != CKR_ATTRIBUTE_TYPE_INVALID ) && ( xResult != CKR_BUFFER_TOO_SMALL ) && ( xResult != CKR_OK ) ) { break; } @@ -3209,6 +3209,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, LogError( ( "Failed to parse attribute template. " "Received a buffer smaller than CK_OBJECT_CLASS." ) ); xResult = CKR_BUFFER_TOO_SMALL; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; } } @@ -3226,6 +3227,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, LogError( ( "Failed to parse attribute. This data is " "sensitive and the value will not be returned." ) ); xResult = CKR_ATTRIBUTE_SENSITIVE; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; } else { @@ -3241,6 +3243,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, ( unsigned long int ) ulLength, ( unsigned long int ) pTemplate[ iAttrib ].ulValueLen ) ); xResult = CKR_BUFFER_TOO_SMALL; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; } else { @@ -3261,6 +3264,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, LogError( ( "Failed to parse attribute. Expected buffer " "of size CK_KEY_TYPE." ) ); xResult = CKR_BUFFER_TOO_SMALL; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; } else { @@ -3287,6 +3291,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, LogError( ( "Failed to parse attribute. " "Could not parse key type." ) ); xResult = CKR_ATTRIBUTE_VALUE_INVALID; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; break; } @@ -3300,6 +3305,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, LogError( ( "Failed to parse attribute. " "CKA_PRIVATE_EXPONENT is private data." ) ); xResult = CKR_ATTRIBUTE_SENSITIVE; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; break; @@ -3316,6 +3322,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, LogError( ( "Failed to parse attribute. " "CKA_EC_PARAMS buffer too small." ) ); xResult = CKR_BUFFER_TOO_SMALL; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; } else { @@ -3348,33 +3355,36 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, ( uint8_t * ) pTemplate[ iAttrib ].pValue + 1, pTemplate[ iAttrib ].ulValueLen - 1UL ); xSize = xMbedSize; - } - else - { - xResult = CKR_BUFFER_TOO_SMALL; - } - if( ( xResult == CKR_OK ) && ( lMbedTLSResult < 0 ) ) - { - if( lMbedTLSResult == MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ) + if( lMbedTLSResult < 0 ) { - LogError( ( "Failed to extract EC point. " - "CKA_EC_POINT buffer was too small." ) ); - xResult = CKR_BUFFER_TOO_SMALL; + if( lMbedTLSResult == MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ) + { + LogError( ( "Failed to extract EC point. " + "CKA_EC_POINT buffer was too small." ) ); + xResult = CKR_BUFFER_TOO_SMALL; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; + } + else + { + LogError( ( "Failed to extract EC point. " + "mbedtls_ecp_tls_write_point failed: " + "mbed TLS error = %s : %s.", + mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ), + mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) ); + xResult = CKR_FUNCTION_FAILED; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; + } } else { - LogError( ( "Failed to extract EC point. " - "mbedtls_ecp_tls_write_point failed: " - "mbed TLS error = %s : %s.", - mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ), - mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) ); - xResult = CKR_FUNCTION_FAILED; + pTemplate[ iAttrib ].ulValueLen = xSize + 1UL; } } else { - pTemplate[ iAttrib ].ulValueLen = xSize + 1UL; + xResult = CKR_BUFFER_TOO_SMALL; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; } } @@ -3384,6 +3394,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession, LogError( ( "Failed to parse attribute. Received unknown " "attribute type." ) ); xResult = CKR_ATTRIBUTE_TYPE_INVALID; + pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION; break; } } diff --git a/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c b/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c index a533f4ab..856c0595 100644 --- a/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c +++ b/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c @@ -3157,7 +3157,6 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void ) xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_OK, xResult ); - TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplate.ulValueLen ); xTemplate.pValue = &ulPoint; @@ -3173,6 +3172,7 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void ) mbedtls_ecp_tls_write_point_IgnoreAndReturn( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 ); xTemplate.pValue = &ulPoint; @@ -3180,6 +3180,7 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void ) xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); mbedtls_ecp_tls_write_point_IgnoreAndReturn( 1 ); @@ -3188,6 +3189,7 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void ) xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_TYPE_INVALID, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); /* CKA Class Case */ xTemplate.type = CKA_CLASS; @@ -3231,7 +3233,7 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void ) mbedtls_pk_parse_key_IgnoreAndReturn( 0 ); xResult = C_GetAttributeValue( xSession, xObjectPub, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); - TEST_ASSERT_EQUAL( 0, xTemplate.ulValueLen ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); xTemplate.type = CKA_VALUE; xTemplate.pValue = &ulLength; @@ -3251,6 +3253,238 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void ) } } +/*! + * @brief C_GetAttributeValue test multiple attribute parsing of PKCS #11 templates. + * + * CKR_ATTRIBUTE_SENSITIVE, CKR_ATTRIBUTE_TYPE_INVALID, and CKR_BUFFER_TOO_SMALL do not + * denote true errors for C_GetAttributeValue. The second attribute should still be processed + * in the call. CKR_FUNCTION_FAILED is not listed in the error above and should stop processing + * the second attribute. + * + * Testing the following combinations of return value of attributes[ 2 ]: + * { CKR_OK, CKR_ATTRIBUTE_TYPE_INVALID } : Return value is CKR_ATTRIBUTE_TYPE_INVALID. + * { CKR_ATTRIBUTE_TYPE_INVALID, CKR_OK } : Return value is CKR_ATTRIBUTE_TYPE_INVALID. + * { CKR_OK, CKR_BUFFER_TOO_SMALL } : Return value is CKR_BUFFER_TOO_SMALL. + * { CKR_BUFFER_TOO_SMALL, CKR_OK } : Return value is CKR_BUFFER_TOO_SMALL. + * { CKR_OK, CKR_ATTRIBUTE_SENSITIVE } : Return value is CKR_ATTRIBUTE_SENSITIVE. + * { CKR_ATTRIBUTE_SENSITIVE, CKR_OK } : Return value is CKR_ATTRIBUTE_SENSITIVE. + * { CKR_OK, CKR_FUNCTION_FAILED } : Return value is CKR_FUNCTION_FAILED. + * { CKR_FUNCTION_FAILED, CKR_OK } : Return value is CKR_FUNCTION_FAILED and the + * second attribute is not returned in the implementation. + * { CKR_FUNCTION_FAILED, CKR_ATTRIBUTE_TYPE_INVALID } : Return value is CKR_FUNCTION_FAILED and the + * second attribute is not returned in the implementation. + * { CKR_ATTRIBUTE_TYPE_INVALID, CKR_FUNCTION_FAILED } : Return value is CKR_FUNCTION_FAILED. + */ +void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void ) +{ + CK_RV xResult = CKR_OK; + CK_SESSION_HANDLE xSession = 0; + CK_OBJECT_HANDLE xObject = 0; + CK_ULONG ulCount = 2; + CK_ULONG ulLength = 1; + CK_BYTE pulKnownBuf[] = pkcs11DER_ENCODED_OID_P256; + CK_BYTE pulBuf[ sizeof( pulKnownBuf ) ] = { 0 }; + CK_BYTE ulPoint[ pkcs11EC_POINT_LENGTH ] = { 0 }; + CK_BYTE ulKnownPoint = 0x04; + CK_BBOOL xIsPrivate = CK_FALSE; + CK_OBJECT_CLASS xPrivateKeyClass = { 0 }; + CK_OBJECT_CLASS xKnownPrivateKeyClass = CKO_PRIVATE_KEY; + CK_ATTRIBUTE xTemplates[ 2 ] = { 0 }; + + prvCommonInitStubs( &xSession ); + + if( TEST_PROTECT() ) + { + xResult = prvCreateEcPriv( &xSession, &xObject ); + TEST_ASSERT_EQUAL( CKR_OK, xResult ); + + mbedtls_pk_init_CMockIgnore(); + mbedtls_x509_crt_init_CMockIgnore(); + PKCS11_PAL_GetObjectValueCleanup_CMockIgnore(); + mbedtls_pk_free_CMockIgnore(); + mbedtls_x509_crt_free_CMockIgnore(); + + /* EC Point Case and unknown attribute case. */ + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 0 ].type = CKA_EC_POINT; + xTemplates[ 0 ].pValue = NULL; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_ATTRIBUTE_TYPE_INVALID should be returned for unknow attribute CKA_MODULUS. */ + xTemplates[ 1 ].type = CKA_MODULUS; + xTemplates[ 1 ].pValue = NULL; + xTemplates[ 1 ].ulValueLen = 0; + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + + /* CKR_ATTRIBUTE_TYPE_INVALID should be returned. */ + TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_TYPE_INVALID, xResult ); + TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen ); + + /* Swap the sequence EC Point Case and unknown attribute case. */ + /* CKR_ATTRIBUTE_TYPE_INVALID should be returned for unknow attribute CKA_MODULUS. */ + xTemplates[ 0 ].type = CKA_MODULUS; + xTemplates[ 0 ].pValue = NULL; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 1 ].type = CKA_EC_POINT; + xTemplates[ 1 ].pValue = NULL; + xTemplates[ 1 ].ulValueLen = 0; + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + + /* CKR_ATTRIBUTE_TYPE_INVALID should be returned. */ + TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_TYPE_INVALID, xResult ); + TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 1 ].ulValueLen ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen ); + + /* CKR_BUFFER_TOO_SMALL should be returned when mbedtls return buffer too small. */ + xTemplates[ 0 ].type = CKA_EC_POINT; + xTemplates[ 0 ].pValue = &ulPoint; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 1 ].type = CKA_EC_POINT; + xTemplates[ 1 ].pValue = NULL; + xTemplates[ 1 ].ulValueLen = 0; + + /* CKR_BUFFER_TOO_SMALL should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 1 ].ulValueLen ); + + /* Swap the attributes order for CKR_BUFFER_TOO_SMALL and CKR_OK. */ + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 0 ].type = CKA_EC_POINT; + xTemplates[ 0 ].pValue = NULL; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_BUFFER_TOO_SMALL should be returned when mbedtls return buffer too small. */ + xTemplates[ 1 ].type = CKA_EC_POINT; + xTemplates[ 1 ].pValue = &ulPoint; + xTemplates[ 1 ].ulValueLen = 0; + + /* CKR_BUFFER_TOO_SMALL should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); + TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen ); + + /* CKR_ATTRIBUTE_SENSITIVE should be returned when getting CKA_PRIVATE_EXPONENT type. */ + mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); + xTemplates[ 0 ].type = CKA_PRIVATE_EXPONENT; + xTemplates[ 0 ].pValue = NULL; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 1 ].type = CKA_EC_POINT; + xTemplates[ 1 ].pValue = NULL; + xTemplates[ 1 ].ulValueLen = 0; + + /* CKA_PRIVATE_EXPONENT should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_SENSITIVE, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 1 ].ulValueLen ); + + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 0 ].type = CKA_EC_POINT; + xTemplates[ 0 ].pValue = NULL; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_ATTRIBUTE_SENSITIVE should be returned when getting CKA_PRIVATE_EXPONENT type. */ + mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); + xTemplates[ 1 ].type = CKA_PRIVATE_EXPONENT; + xTemplates[ 1 ].pValue = NULL; + xTemplates[ 1 ].ulValueLen = 0; + + /* CKA_PRIVATE_EXPONENT should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_SENSITIVE, xResult ); + TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen ); + + /* CKR_FUNCTION_FAILED should be returned when mbedtls_ecp_tls_write_point returns -1. */ + mbedtls_pk_parse_key_IgnoreAndReturn( 0 ); + mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 ); + xTemplates[ 0 ].type = CKA_EC_POINT; + xTemplates[ 0 ].pValue = &ulPoint; + xTemplates[ 0 ].ulValueLen = sizeof( ulPoint ); + + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 1 ].type = CKA_EC_POINT; + xTemplates[ 1 ].pValue = NULL; + xTemplates[ 1 ].ulValueLen = 0; + + /* CKR_FUNCTION_FAILED should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( 0, xTemplates[ 1 ].ulValueLen ); + + /* Swap the order of attributes. */ + /* CKR_OK should be returned for EC point length. */ + xTemplates[ 0 ].type = CKA_EC_POINT; + xTemplates[ 0 ].pValue = NULL; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_FUNCTION_FAILED should be returned when mbedtls_ecp_tls_write_point returns -1. */ + mbedtls_pk_parse_key_IgnoreAndReturn( 0 ); + mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 ); + xTemplates[ 1 ].type = CKA_EC_POINT; + xTemplates[ 1 ].pValue = &ulPoint; + xTemplates[ 1 ].ulValueLen = sizeof( ulPoint ); + + /* CKR_FUNCTION_FAILED should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); + TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen ); + + /* CKR_ATTRIBUTE_TYPE_INVALID should be returned for unknow attribute CKA_MODULUS. */ + xTemplates[ 0 ].type = CKA_MODULUS; + xTemplates[ 0 ].pValue = NULL; + xTemplates[ 0 ].ulValueLen = 0; + + /* CKR_FUNCTION_FAILED should be returned when mbedtls_ecp_tls_write_point returns -1. */ + mbedtls_pk_parse_key_IgnoreAndReturn( 0 ); + mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 ); + xTemplates[ 1 ].type = CKA_EC_POINT; + xTemplates[ 1 ].pValue = &ulPoint; + xTemplates[ 1 ].ulValueLen = sizeof( ulPoint ); + + /* CKR_FUNCTION_FAILED should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen ); + + /* CKR_FUNCTION_FAILED should be returned when mbedtls_ecp_tls_write_point returns -1. */ + mbedtls_pk_parse_key_IgnoreAndReturn( 0 ); + mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 ); + xTemplates[ 0 ].type = CKA_EC_POINT; + xTemplates[ 0 ].pValue = &ulPoint; + xTemplates[ 0 ].ulValueLen = sizeof( ulPoint ); + + /* CKR_ATTRIBUTE_TYPE_INVALID should be returned for unknow attribute CKA_MODULUS. */ + xTemplates[ 1 ].type = CKA_MODULUS; + xTemplates[ 1 ].pValue = NULL; + xTemplates[ 1 ].ulValueLen = 0; + + /* CKR_FUNCTION_FAILED should be returned. */ + xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount ); + TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen ); + TEST_ASSERT_EQUAL( 0, xTemplates[ 1 ].ulValueLen ); + } + + if( TEST_PROTECT() ) + { + prvCommonDeinitStubs( &xSession ); + } +} + /*! * @brief C_GetAttributeValue paths. * @@ -3350,17 +3584,17 @@ void test_pkcs11_C_GetAttributeValuePrivKey( void ) xTemplate.type = CKA_CLASS; xTemplate.ulValueLen = 0; - ulCount = 2; mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); - + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); xTemplate.type = CKA_KEY_TYPE; + xTemplate.ulValueLen = 0; mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); - + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); xTemplate.ulValueLen = sizeof( CKA_KEY_TYPE ); ulCount = 1; @@ -3369,12 +3603,13 @@ void test_pkcs11_C_GetAttributeValuePrivKey( void ) xPkType = MBEDTLS_PK_NONE; xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_VALUE_INVALID, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); xTemplate.type = CKA_PRIVATE_EXPONENT; mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_SENSITIVE, xResult ); - + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); xTemplate.type = CKA_EC_PARAMS; xTemplate.pValue = NULL; @@ -3388,6 +3623,7 @@ void test_pkcs11_C_GetAttributeValuePrivKey( void ) mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); xTemplate.type = CKA_EC_POINT; xTemplate.pValue = &ulCount; @@ -3395,12 +3631,14 @@ void test_pkcs11_C_GetAttributeValuePrivKey( void ) mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); xTemplate.pValue = &xKeyType; xTemplate.ulValueLen = 0; mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 ); xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount ); TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult ); + TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen ); } if( TEST_PROTECT() )