From e32020baf60339d88b2064a1dd0604e85c2e26e5 Mon Sep 17 00:00:00 2001
From: chinglee-iot <61685396+chinglee-iot@users.noreply.github.com>
Date: Fri, 17 May 2024 16:47:13 +0800
Subject: [PATCH] Add more unit test for core_pkcs11_mbedtls.c (#196)
* Increase line coverage for core_pkcs11_mbedtls.c to 100%
* Update CI line coverage threshold to 100% and branch coverage threshold to 92%
* Fix compiler warning in unit test
---
.github/workflows/ci.yml | 7 +-
docs/doxygen/include/size_table.md | 4 +-
source/portable/mbedtls/core_pkcs11_mbedtls.c | 12 +-
.../core_pkcs11_mbedtls_utest.c | 290 +++++++++++++++---
test/wrapper_utest/core_pkcs11_utest.c | 6 +-
5 files changed, 265 insertions(+), 54 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4491b3c3..9c237078 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -85,7 +85,8 @@ jobs:
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
sudo apt-get install -y lcov
- CFLAGS="--coverage -Wall -Wextra -DNDEBUG"
+ # target_enable_gcov is added in each unit test already, --coverage option is not required
+ CFLAGS="-Wall -Wextra -DNDEBUG"
cmake -S test -B build/ \
-G "Unix Makefiles" \
-DCMAKE_BUILD_TYPE=Debug \
@@ -128,8 +129,8 @@ jobs:
if: steps.build-unit-tests.outcome == 'success'
with:
coverage-file: ./build/coverage.info
- line-coverage-min: 99
- branch-coverage-min: 90
+ line-coverage-min: 100
+ branch-coverage-min: 92
- name: Archive Test Results
if: steps.build-unit-tests.outcome == 'success'
diff --git a/docs/doxygen/include/size_table.md b/docs/doxygen/include/size_table.md
index af9eaf07..d999d2b6 100644
--- a/docs/doxygen/include/size_table.md
+++ b/docs/doxygen/include/size_table.md
@@ -20,11 +20,11 @@
| core_pkcs11_mbedtls.c |
9.0K |
- 7.5K |
+ 7.4K |
| Total estimates |
10.3K |
- 8.5K |
+ 8.4K |
diff --git a/source/portable/mbedtls/core_pkcs11_mbedtls.c b/source/portable/mbedtls/core_pkcs11_mbedtls.c
index 188ae88c..a006c7b2 100644
--- a/source/portable/mbedtls/core_pkcs11_mbedtls.c
+++ b/source/portable/mbedtls/core_pkcs11_mbedtls.c
@@ -762,15 +762,9 @@ static CK_RV prvRsaContextParse( const CK_ATTRIBUTE * pxAttribute,
lMbedTLSResult = mbedtls_mpi_read_binary( &pxRsaContext->DQ, pxAttribute->pValue, pxAttribute->ulValueLen );
break;
- case ( CKA_COEFFICIENT ):
- lMbedTLSResult = mbedtls_mpi_read_binary( &pxRsaContext->QP, pxAttribute->pValue, pxAttribute->ulValueLen );
- break;
-
default:
-
- /* This should never be reached, as the above types are what gets this function called.
- * Nevertheless this is an error case, and MISRA requires a default statement. */
- xResult = CKR_ATTRIBUTE_TYPE_INVALID;
+ /* This is the CKA_COEFFICIENT case. The type is checked in prvRsaKeyAttParse. */
+ lMbedTLSResult = mbedtls_mpi_read_binary( &pxRsaContext->QP, pxAttribute->pValue, pxAttribute->ulValueLen );
break;
}
@@ -3449,7 +3443,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_FindObjectsInit )( CK_SESSION_HANDLE hSession,
xResult = CKR_ARGUMENTS_BAD;
}
- if( ( ulCount != 1UL ) && ( ulCount != 2UL ) )
+ if( ( ulCount < 1UL ) || ( ulCount > 2UL ) )
{
xResult = CKR_ARGUMENTS_BAD;
LogError( ( "Failed to initialize find object operation. Find objects "
diff --git a/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c b/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c
index 856c0595..17429191 100644
--- a/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c
+++ b/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c
@@ -197,6 +197,7 @@ static void * pvPkcs11CallocCb( size_t nitems,
size_t size,
int numCalls )
{
+ ( void ) numCalls;
usMallocFreeCalls++;
return ( void * ) calloc( nitems, size );
}
@@ -204,6 +205,8 @@ static void * pvPkcs11CallocCb( size_t nitems,
static void vPkcs11FreeCb( void * pvPtr,
int numCalls )
{
+ ( void ) numCalls;
+
if( pvPtr != NULL )
{
usMallocFreeCalls--;
@@ -1265,6 +1268,72 @@ void test_pkcs11_C_CreateObjectECPrivKey( void )
}
}
+/*!
+ * @brief C_CreateObject Creating an EC private key with label length greater than pkcs11configMAX_LABEL_LENGTH.
+ *
+ */
+void test_pkcs11_C_CreateObjectECPrivKeyLabelTooLong( void )
+{
+ CK_RV xResult = CKR_OK;
+ CK_SESSION_HANDLE xSession = 0;
+ CK_KEY_TYPE xPrivateKeyType = CKK_EC;
+ CK_OBJECT_CLASS xPrivateKeyClass = CKO_PRIVATE_KEY;
+ CK_BBOOL xTrue = CK_TRUE;
+ mbedtls_ecp_keypair xKeyContext = { 0 };
+ char * pucPrivLabel = pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS;
+ /* DER-encoding of an ANSI X9.62 Parameters value */
+ CK_BYTE * pxEcPrivParams = ( CK_BYTE * ) ( "\x06\x08" MBEDTLS_OID_EC_GRP_SECP256R1 );
+ CK_OBJECT_HANDLE xObject = 0;
+ const uint8_t pusEmptyPubKey[ 6 ] = { 0xa1, 0x04, 0x03, 0x02, 0x00, 0x00 };
+ uint8_t pusFakePrivateKey[ pkcs11_PRIVATE_EC_PRIME_256_DER_SIZE ] = { 0 };
+
+ ( void ) memcpy( &pusFakePrivateKey[ pkcs11_PRIVATE_EC_PRIME_256_DER_SIZE - sizeof( pusEmptyPubKey ) ], pusEmptyPubKey, sizeof( pusEmptyPubKey ) );
+
+
+ /* Private value D. */
+ CK_BYTE pxD[ EC_D_LENGTH ] = { 0 };
+
+ CK_ATTRIBUTE xPrivateKeyTemplate[] = EC_PRIV_KEY_INITIALIZER;
+
+ prvCommonInitStubs( &xSession );
+
+ if( TEST_PROTECT() )
+ {
+ mbedtls_pk_init_CMockIgnore();
+ mbedtls_calloc_Stub( pvPkcs11CallocCb );
+ PKCS11_PAL_FindObject_IgnoreAndReturn( 1 );
+ PKCS11_PAL_GetObjectValue_IgnoreAndReturn( CKR_OK );
+ mbedtls_pk_parse_key_IgnoreAndReturn( 0 );
+ PKCS11_PAL_GetObjectValueCleanup_CMockIgnore();
+ mbedtls_calloc_IgnoreAndReturn( &xKeyContext );
+ mbedtls_ecp_keypair_init_CMockIgnore();
+ mbedtls_ecp_group_init_CMockIgnore();
+ mbedtls_ecp_group_load_IgnoreAndReturn( 0 );
+ mbedtls_calloc_Stub( pvPkcs11CallocCb );
+ mbedtls_mpi_read_binary_IgnoreAndReturn( 0 );
+ mbedtls_pk_write_key_der_ExpectAnyArgsAndReturn( 6 );
+ mbedtls_pk_write_key_der_ReturnArrayThruPtr_buf( pusFakePrivateKey, sizeof( pusFakePrivateKey ) );
+ mbedtls_pk_free_CMockIgnore();
+ PKCS11_PAL_SaveObject_IgnoreAndReturn( 1 );
+ mock_osal_mutex_lock_IgnoreAndReturn( 0 );
+ mock_osal_mutex_unlock_IgnoreAndReturn( 0 );
+ mbedtls_free_Stub( vPkcs11FreeCb );
+
+ xPrivateKeyTemplate[ 2 ].ulValueLen = pkcs11configMAX_LABEL_LENGTH + 1;
+ xResult = C_CreateObject( xSession,
+ ( CK_ATTRIBUTE_PTR ) &xPrivateKeyTemplate,
+ sizeof( xPrivateKeyTemplate ) / sizeof( CK_ATTRIBUTE ),
+ &xObject );
+
+ TEST_ASSERT_EQUAL( CKR_ARGUMENTS_BAD, xResult );
+ }
+
+ if( TEST_PROTECT() )
+ {
+ prvCommonDeinitStubs( &xSession );
+ }
+}
+
/*!
* @brief C_CreateObject fail to malloc memory when loading EC curve.
*
@@ -1276,7 +1345,6 @@ void test_pkcs11_C_CreateObjectECCurveLoadFail( void )
CK_KEY_TYPE xPrivateKeyType = CKK_EC;
CK_OBJECT_CLASS xPrivateKeyClass = CKO_PRIVATE_KEY;
CK_BBOOL xTrue = CK_TRUE;
- mbedtls_ecp_keypair xKeyContext = { 0 };
char * pucPrivLabel = pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS;
/* DER-encoding of an ANSI X9.62 Parameters value */
CK_BYTE * pxEcPrivParams = ( CK_BYTE * ) ( "\x06\x08" MBEDTLS_OID_EC_GRP_SECP256R1 );
@@ -2150,11 +2218,6 @@ void test_pkcs11_C_CreateObjectCertificateIncomplete( void )
CK_SESSION_HANDLE xSession = 0;
CK_OBJECT_HANDLE xObject = 0;
CK_OBJECT_CLASS xCertificateClass = CKO_CERTIFICATE;
- CK_CERTIFICATE_TYPE xCertificateType = CKC_X_509;
- CK_BBOOL xTokenStorage = CK_TRUE;
- CK_BYTE xSubject[] = "TestSubject";
- CK_BYTE xCert[] = "Empty Cert";
- char * pucLabel = pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS;
CK_ATTRIBUTE xCertificateTemplate[] =
{
@@ -2483,7 +2546,6 @@ void test_pkcs11_C_CreateObjectSHA256HMACKeyMissingLabel( void )
CK_OBJECT_CLASS xKeyClass = CKO_SECRET_KEY;
CK_BBOOL xTrue = CK_TRUE;
CK_OBJECT_HANDLE xObject = CK_INVALID_HANDLE;
- CK_BYTE pcLabel[] = pkcs11configLABEL_HMAC_KEY;
CK_BYTE pxKeyValue[] = "abcdabcdabcdabcdabcdabcdabcdabcd";
@@ -2849,7 +2911,6 @@ void test_pkcs11_C_CreateObjectAESCMACKeyMissingLabel( void )
CK_OBJECT_CLASS xKeyClass = CKO_SECRET_KEY;
CK_BBOOL xTrue = CK_TRUE;
CK_OBJECT_HANDLE xObject = CK_INVALID_HANDLE;
- CK_BYTE pcLabel[] = pkcs11configLABEL_CMAC_KEY;
CK_BYTE pxKeyValue[] = "abcdabcdabcdabcdabcdabcdabcdabcd";
@@ -3065,6 +3126,35 @@ void test_pkcs11_C_CreateObjectAESCMACKeyInvalidKeyType( void )
}
}
+
+/*!
+ * @brief C_CreateObject NULL phObject
+ *
+ */
+void test_pkcs11_C_CreateObjectNullObject( void )
+{
+ CK_RV xResult = CKR_OK;
+ CK_SESSION_HANDLE xSession = 0;
+ CK_ATTRIBUTE xPrivateKeyTemplate[] = { 0 };
+
+ prvCommonInitStubs( &xSession );
+
+ if( TEST_PROTECT() )
+ {
+ xResult = C_CreateObject( xSession,
+ ( CK_ATTRIBUTE_PTR ) &xPrivateKeyTemplate,
+ sizeof( xPrivateKeyTemplate ) / sizeof( CK_ATTRIBUTE ),
+ NULL );
+
+ TEST_ASSERT_EQUAL( CKR_ARGUMENTS_BAD, xResult );
+ }
+
+ if( TEST_PROTECT() )
+ {
+ prvCommonDeinitStubs( &xSession );
+ }
+}
+
/* ====================== TESTING C_GetAttributeValue ============================ */
/*!
@@ -3281,14 +3371,7 @@ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void )
CK_SESSION_HANDLE xSession = 0;
CK_OBJECT_HANDLE xObject = 0;
CK_ULONG ulCount = 2;
- CK_ULONG ulLength = 1;
- CK_BYTE pulKnownBuf[] = pkcs11DER_ENCODED_OID_P256;
- CK_BYTE pulBuf[ sizeof( pulKnownBuf ) ] = { 0 };
CK_BYTE ulPoint[ pkcs11EC_POINT_LENGTH ] = { 0 };
- CK_BYTE ulKnownPoint = 0x04;
- CK_BBOOL xIsPrivate = CK_FALSE;
- CK_OBJECT_CLASS xPrivateKeyClass = { 0 };
- CK_OBJECT_CLASS xKnownPrivateKeyClass = CKO_PRIVATE_KEY;
CK_ATTRIBUTE xTemplates[ 2 ] = { 0 };
prvCommonInitStubs( &xSession );
@@ -3795,6 +3878,8 @@ void test_pkcs11_C_FindObjectsInitBadArgs( void )
xResult = C_FindObjectsInit( xSession, ( CK_ATTRIBUTE_PTR ) &xFindTemplate, -1 );
TEST_ASSERT_EQUAL( CKR_ARGUMENTS_BAD, xResult );
+ xResult = C_FindObjectsInit( xSession, ( CK_ATTRIBUTE_PTR ) &xFindTemplate, 0 );
+ TEST_ASSERT_EQUAL( CKR_ARGUMENTS_BAD, xResult );
mbedtls_calloc_Stub( NULL );
mbedtls_calloc_ExpectAnyArgsAndReturn( NULL );
@@ -3827,9 +3912,6 @@ void test_pkcs11_C_FindObjects( void )
CK_ULONG ulCount = 1;
CK_ULONG ulFoundCount = 0;
CK_OBJECT_HANDLE xObject = 0;
- CK_BYTE pucBuf[] = { 1, 1, 1, 1 };
- CK_BYTE_PTR * ppucBufPtr = ( CK_BYTE_PTR * ) &pucBuf;
- CK_ULONG ulObjectLength = sizeof( pucBuf );
char * pucLabel = pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS;
CK_ATTRIBUTE xFindTemplate = { CKA_LABEL, pucLabel, strlen( ( const char * ) pucLabel ) };
@@ -3915,9 +3997,6 @@ void test_pkcs11_C_FindObjectsBadArgs( void )
CK_ULONG ulFoundCount = 0;
CK_OBJECT_HANDLE xObject = 0;
char * pucLabel = pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS;
- CK_BYTE pucBuf[] = { 0, 0, 0, 0 };
- CK_BYTE ** ppucBufPtr = ( CK_BYTE ** ) &pucBuf;
- CK_ULONG ulObjectLength = sizeof( pucBuf );
CK_ATTRIBUTE xFindTemplate = { CKA_LABEL, pucLabel, strlen( ( const char * ) pucLabel ) };
@@ -3966,9 +4045,12 @@ void test_pkcs11_C_FindObjectsFinal( void )
CK_OBJECT_HANDLE xObject = 0;
char * pucLabel = pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS;
- PKCS11_CertificateTemplate_t xCertificateTemplate = { { CKA_LABEL,
- pucLabel,
- strlen( ( const char * ) pucLabel ) } };
+ CK_ATTRIBUTE xCertificateTemplate =
+ {
+ CKA_LABEL,
+ pucLabel,
+ strlen( ( const char * ) pucLabel )
+ };
prvCommonInitStubs( &xSession );
@@ -4636,14 +4718,12 @@ void test_pkcs11_C_SignSHA256HMAC( void )
CK_SESSION_HANDLE xSession = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE xKey = CK_INVALID_HANDLE;
CK_MECHANISM xMechanism = { 0 };
- mbedtls_pk_context xSignAndVerifyKey;
CK_BYTE pxDummyData[ pkcs11SHA256_DIGEST_LENGTH ] = { 0xAA };
CK_ULONG ulDummyDataLen = sizeof( pxDummyData );
CK_BYTE pxDummySignature[ pkcs11SHA256_DIGEST_LENGTH ] = { 0xAA };
CK_ULONG ulDummySignatureLen = sizeof( pxDummySignature );
mbedtls_md_info_t xMdInfo = { 0 };
- xSignAndVerifyKey.pk_ctx = &xResult;
xMechanism.mechanism = CKM_SHA256_HMAC;
prvCommonInitStubs( &xSession );
@@ -4685,14 +4765,12 @@ void test_pkcs11_C_SignSHA256HMACUpdateFail( void )
CK_SESSION_HANDLE xSession = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE xKey = CK_INVALID_HANDLE;
CK_MECHANISM xMechanism = { 0 };
- mbedtls_pk_context xSignAndVerifyKey;
CK_BYTE pxDummyData[ pkcs11SHA256_DIGEST_LENGTH ] = { 0xAA };
CK_ULONG ulDummyDataLen = sizeof( pxDummyData );
CK_BYTE pxDummySignature[ pkcs11SHA256_DIGEST_LENGTH ] = { 0xAA };
CK_ULONG ulDummySignatureLen = sizeof( pxDummySignature );
mbedtls_md_info_t xMdInfo = { 0 };
- xSignAndVerifyKey.pk_ctx = &xResult;
xMechanism.mechanism = CKM_SHA256_HMAC;
prvCommonInitStubs( &xSession );
@@ -4733,15 +4811,12 @@ void test_pkcs11_C_SignAESCMAC( void )
CK_SESSION_HANDLE xSession = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE xKey = CK_INVALID_HANDLE;
CK_MECHANISM xMechanism = { 0 };
- mbedtls_pk_context xSignAndVerifyKey;
-
CK_BYTE pxDummyData[ pkcs11AES_CMAC_SIGNATURE_LENGTH ] = { 0xAA };
CK_ULONG ulDummyDataLen = sizeof( pxDummyData );
CK_BYTE pxDummySignature[ pkcs11AES_CMAC_SIGNATURE_LENGTH ] = { 0xAA };
CK_ULONG ulDummySignatureLen = sizeof( pxDummySignature );
mbedtls_cipher_info_t xCipherInfo = { 0 };
- xSignAndVerifyKey.pk_ctx = &xResult;
xMechanism.mechanism = CKM_AES_CMAC;
prvCommonInitStubs( &xSession );
@@ -4783,15 +4858,12 @@ void test_pkcs11_C_SignAESCMACUpdateFail( void )
CK_SESSION_HANDLE xSession = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE xKey = CK_INVALID_HANDLE;
CK_MECHANISM xMechanism = { 0 };
- mbedtls_pk_context xSignAndVerifyKey;
-
CK_BYTE pxDummyData[ pkcs11AES_CMAC_SIGNATURE_LENGTH ] = { 0xAA };
CK_ULONG ulDummyDataLen = sizeof( pxDummyData );
CK_BYTE pxDummySignature[ pkcs11AES_CMAC_SIGNATURE_LENGTH ] = { 0xAA };
CK_ULONG ulDummySignatureLen = sizeof( pxDummySignature );
mbedtls_cipher_info_t xCipherInfo = { 0 };
- xSignAndVerifyKey.pk_ctx = &xResult;
xMechanism.mechanism = CKM_AES_CMAC;
prvCommonInitStubs( &xSession );
@@ -5138,7 +5210,6 @@ void test_pkcs11_C_VerifyInitSHA256HMACMDLockFail( void )
CK_SESSION_HANDLE xSession = 0;
CK_OBJECT_HANDLE xObject = 0;
CK_MECHANISM xMechanism = { 0 };
- CK_BBOOL xIsPrivate = CK_FALSE;
mbedtls_md_info_t xMdInfo = { 0 };
xMechanism.mechanism = CKM_SHA256_HMAC;
@@ -5331,7 +5402,6 @@ void test_pkcs11_C_VerifyInitAESCMACCipherLockFail( void )
CK_SESSION_HANDLE xSession = 0;
CK_OBJECT_HANDLE xObject = 0;
CK_MECHANISM xMechanism = { 0 };
- CK_BBOOL xIsPrivate = CK_FALSE;
mbedtls_cipher_info_t xCipherInfo = { 0 };
xMechanism.mechanism = CKM_AES_CMAC;
@@ -5658,6 +5728,60 @@ void test_pkcs11_C_VerifyRSA( void )
}
}
+/*!
+ * @brief C_Verify public key not exist in session context.
+ *
+ */
+void test_pkcs11_C_VerifyRSANoPublicKey( void )
+{
+ CK_RV xResult = CKR_OK;
+ CK_SESSION_HANDLE xSession = CK_INVALID_HANDLE;
+ CK_OBJECT_HANDLE xObject = CK_INVALID_HANDLE;
+ CK_MECHANISM xMechanism = { 0 };
+ CK_BYTE pxDummyData[ pkcs11SHA256_DIGEST_LENGTH ] = { 0xAA };
+ CK_ULONG ulDummyDataLen = sizeof( pxDummyData );
+ CK_BYTE pxDummySignature[ pkcs11RSA_2048_SIGNATURE_LENGTH ] = { 0xAA };
+ CK_ULONG ulDummySignatureLen = sizeof( pxDummySignature );
+ mbedtls_pk_context xMbedContext = { 0 };
+ mbedtls_pk_info_t xPkInfo = { 0 };
+
+ /* These just have to be not NULL so we can hit the proper path. */
+ xMbedContext.pk_ctx = NULL;
+ xMbedContext.pk_info = &xPkInfo;
+
+ xMechanism.mechanism = CKM_RSA_X_509;
+ CK_BBOOL xIsPrivate = CK_FALSE;
+
+ prvCommonInitStubs( &xSession );
+
+ if( TEST_PROTECT() )
+ {
+ xResult = prvCreateRSAPub( &xSession, &xObject );
+ TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+ PKCS11_PAL_GetObjectValue_ExpectAnyArgsAndReturn( CKR_OK );
+ PKCS11_PAL_GetObjectValue_ReturnThruPtr_pIsPrivate( &xIsPrivate );
+ mbedtls_pk_init_StopIgnore();
+ mbedtls_pk_init_ExpectAnyArgs();
+ mbedtls_pk_init_ReturnThruPtr_ctx( &xMbedContext );
+ mbedtls_pk_parse_public_key_IgnoreAndReturn( 0 );
+ PKCS11_PAL_GetObjectValueCleanup_CMockIgnore();
+ xPkType = MBEDTLS_PK_RSA;
+ xResult = C_VerifyInit( xSession, &xMechanism, xObject );
+ TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+ mbedtls_pk_verify_IgnoreAndReturn( 0 );
+ mbedtls_pk_free_CMockIgnore();
+ xResult = C_Verify( xSession, pxDummyData, ulDummyDataLen, pxDummySignature, ulDummySignatureLen );
+ TEST_ASSERT_EQUAL( CKR_SIGNATURE_INVALID, xResult );
+ }
+
+ if( TEST_PROTECT() )
+ {
+ prvCommonDeinitStubs( &xSession );
+ }
+}
+
/*!
* @brief C_Verify RSA happy path with CKM_RSA_PKCS.
*
@@ -5909,6 +6033,53 @@ void test_pkcs11_C_VerifySHA256HMAC( void )
}
}
+/*!
+ * @brief C_Verify SHA256-HMAC invalid signature length.
+ *
+ */
+void test_pkcs11_C_VerifySHA256HMACInvalidSigLen( void )
+{
+ CK_RV xResult = CKR_OK;
+ CK_SESSION_HANDLE xSession = CK_INVALID_HANDLE;
+ CK_OBJECT_HANDLE xObject = CK_INVALID_HANDLE;
+ CK_MECHANISM xMechanism = { 0 };
+ CK_BYTE pxDummyData[ pkcs11SHA256_DIGEST_LENGTH ] = { 0xAA };
+ CK_ULONG ulDummyDataLen = sizeof( pxDummyData );
+ CK_BYTE pxDummySignature[ pkcs11SHA256_DIGEST_LENGTH ] = { 0xAA };
+ CK_ULONG ulDummySignatureLen = sizeof( pxDummySignature );
+ CK_BBOOL xIsPrivate = CK_FALSE;
+ mbedtls_md_info_t xMdInfo = { 0 };
+
+ xMechanism.mechanism = CKM_SHA256_HMAC;
+
+ prvCommonInitStubs( &xSession );
+
+ if( TEST_PROTECT() )
+ {
+ xResult = prvCreateSHA256HMAC( &xSession, &xObject );
+ TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+ PKCS11_PAL_GetObjectValue_ExpectAnyArgsAndReturn( CKR_OK );
+ PKCS11_PAL_GetObjectValue_ReturnThruPtr_pIsPrivate( &xIsPrivate );
+ mbedtls_md_init_CMockIgnore();
+ mbedtls_md_info_from_type_ExpectAnyArgsAndReturn( &xMdInfo );
+ mbedtls_md_setup_ExpectAnyArgsAndReturn( 0 );
+ mbedtls_md_hmac_starts_ExpectAnyArgsAndReturn( 0 );
+ PKCS11_PAL_GetObjectValueCleanup_CMockIgnore();
+ xResult = C_VerifyInit( xSession, &xMechanism, xObject );
+ TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+ /* Add 1 to signature length. */
+ xResult = C_Verify( xSession, pxDummyData, ulDummyDataLen, pxDummySignature, ulDummySignatureLen + 1 );
+ TEST_ASSERT_EQUAL( CKR_SIGNATURE_LEN_RANGE, xResult );
+ }
+
+ if( TEST_PROTECT() )
+ {
+ prvCommonDeinitStubs( &xSession );
+ }
+}
+
/*!
* @brief C_Verify SHA256-HMAC mbedtls_md_update fail.
*
@@ -6107,6 +6278,52 @@ void test_pkcs11_C_VerifyAESCMAC( void )
}
}
+/*!
+ * @brief C_Verify AES-CMAC invalid signature length.
+ *
+ */
+void test_pkcs11_C_VerifyAESCMACInvalidSigLength( void )
+{
+ CK_RV xResult = CKR_OK;
+ CK_SESSION_HANDLE xSession = CK_INVALID_HANDLE;
+ CK_OBJECT_HANDLE xObject = CK_INVALID_HANDLE;
+ CK_MECHANISM xMechanism = { 0 };
+ CK_BYTE pxDummyData[ pkcs11AES_CMAC_SIGNATURE_LENGTH ] = { 0xAA };
+ CK_ULONG ulDummyDataLen = sizeof( pxDummyData );
+ CK_BYTE pxDummySignature[ pkcs11AES_CMAC_SIGNATURE_LENGTH ] = { 0xAA };
+ CK_ULONG ulDummySignatureLen = sizeof( pxDummySignature );
+ CK_BBOOL xIsPrivate = CK_FALSE;
+ mbedtls_cipher_info_t xCipherInfo = { 0 };
+
+ xMechanism.mechanism = CKM_AES_CMAC;
+
+ prvCommonInitStubs( &xSession );
+
+ if( TEST_PROTECT() )
+ {
+ xResult = prvCreateAESCMAC( &xSession, &xObject );
+ TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+ PKCS11_PAL_GetObjectValue_ExpectAnyArgsAndReturn( CKR_OK );
+ PKCS11_PAL_GetObjectValue_ReturnThruPtr_pIsPrivate( &xIsPrivate );
+ mbedtls_cipher_init_CMockIgnore();
+ mbedtls_cipher_info_from_type_ExpectAnyArgsAndReturn( &xCipherInfo );
+ mbedtls_cipher_setup_ExpectAnyArgsAndReturn( 0 );
+ mbedtls_cipher_cmac_starts_ExpectAnyArgsAndReturn( 0 );
+ PKCS11_PAL_GetObjectValueCleanup_CMockIgnore();
+ xResult = C_VerifyInit( xSession, &xMechanism, xObject );
+ TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+ xResult = C_Verify( xSession, pxDummyData, ulDummyDataLen, pxDummySignature, ulDummySignatureLen + 1 );
+ TEST_ASSERT_EQUAL( CKR_SIGNATURE_LEN_RANGE, xResult );
+ }
+
+ if( TEST_PROTECT() )
+ {
+ prvCommonDeinitStubs( &xSession );
+ }
+}
+
/*!
* @brief C_Verify AES-CMAC mbedtls_cipher_update fail.
*
@@ -6639,7 +6856,6 @@ void test_pkcs11_C_GenerateKeyPairRSAGen( void )
{
CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0
};
- CK_BYTE xEcParams[] = pkcs11DER_ENCODED_OID_P256; /* prime256v1 */
CK_KEY_TYPE xKeyType = CKK_RSA;
CK_BBOOL xTrue = CK_TRUE;
diff --git a/test/wrapper_utest/core_pkcs11_utest.c b/test/wrapper_utest/core_pkcs11_utest.c
index a2cd04fc..6d3e4289 100644
--- a/test/wrapper_utest/core_pkcs11_utest.c
+++ b/test/wrapper_utest/core_pkcs11_utest.c
@@ -179,7 +179,7 @@ static CK_RV prvSetFunctionList( CK_FUNCTION_LIST_PTR_PTR ppxPtr )
/*!
* @brief Create a stub for the PKCS #11 function list.
*
- * Fails on the fourth call in order to create coverage for a nested branch.
+ * Fails on the third call in order to create coverage for a nested branch.
*
*/
static CK_RV prvSetFunctionList2( CK_FUNCTION_LIST_PTR_PTR ppxPtr )
@@ -205,7 +205,7 @@ static CK_RV prvSetFunctionList2( CK_FUNCTION_LIST_PTR_PTR ppxPtr )
/*!
* @brief Create a stub for the PKCS #11 function list.
*
- * Fails on the fourth call in order to create coverage for a nested branch.
+ * Fails on the third call in order to create coverage for a nested branch.
*
*/
static CK_RV prvSetFunctionList3( CK_FUNCTION_LIST_PTR_PTR ppxPtr )
@@ -217,7 +217,7 @@ static CK_RV prvSetFunctionList3( CK_FUNCTION_LIST_PTR_PTR ppxPtr )
if( ulCalls == 3 )
{
- xResult = CKR_OK;
+ /* Return CKR_OK but with NULL function list pointer here. */
*ppxPtr = NULL;
}
else