Skip to content

falseVal initialized to CK_TRUE instead of CK_FALSE #162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
miyazakh wants to merge 1 commit into
base: master
Choose a base branch
from
Open

falseVal initialized to CK_TRUE instead of CK_FALSE #162

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/crypto.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/* crypto.c
*
* Copyright (C) 2006-2025 wolfSSL Inc.
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfPKCS11.
*
Expand Down Expand Up @@ -878,7 +878,7 @@ static CK_RV AddRSAPrivateKeyObject(WP11_Session* session,
WP11_Object* pubKeyObject = NULL;
CK_ATTRIBUTE* attr = NULL;
CK_BBOOL trueVal = CK_TRUE;
CK_BBOOL falseVal = CK_TRUE;
CK_BBOOL falseVal = CK_FALSE;

CK_OBJECT_HANDLE hPub;

Expand Down
4 changes: 4 additions & 0 deletions tests/pkcs11str.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -300,7 +300,11 @@ static CK_RV find_rsa_pub_key_label(CK_SESSION_HANDLE session,
CK_ATTRIBUTE pubKeyTmpl[] = {
{ CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
#ifndef WOLFPKCS11_KEYPAIR_GEN_COMMON_LABEL
{ CKA_LABEL, (unsigned char*)"", 0 },
#else
{ CKA_LABEL, (unsigned char*)"priv_label", 10 },
#endif
};
CK_ULONG pubKeyTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl);
CK_ULONG count;
Expand Down
138 changes: 138 additions & 0 deletions tests/pkcs11test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6430,6 +6430,138 @@ static CK_RV test_rsa_wrap_unwrap_key(void* args)
}
#endif

#if defined(WOLFPKCS11_KEYPAIR_GEN_COMMON_LABEL) && \
defined(HAVE_AES_KEYWRAP) && !defined(WOLFPKCS11_NO_STORE) && \
!defined(NO_RSA) && !defined(NO_AES) && \
(defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))
/* Test that the companion public key auto-generated during RSA private key
* unwrap has CKA_WRAP set to CK_FALSE (not CK_TRUE). */
static CK_RV test_rsa_unwrap_companion_pub_cka_wrap(void* args)
{
CK_SESSION_HANDLE session = *(CK_SESSION_HANDLE*)args;
CK_RV ret;
CK_MECHANISM mech = { CKM_AES_KEY_WRAP_PAD, NULL, 0 };
CK_OBJECT_HANDLE wrappingKey = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE privKey = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE unwrappedPrivKey = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE pubKey = CK_INVALID_HANDLE;
byte wrappedKey[2048];
CK_ULONG wrappedKeyLen = sizeof(wrappedKey);
CK_BBOOL wrapAttr = CK_TRUE;
CK_BBOOL sessionObj = CK_FALSE;
CK_BBOOL wrapTrue = CK_TRUE;
CK_BBOOL unwrapTrue = CK_TRUE;
CK_ULONG count;
CK_ATTRIBUTE aesKeyTmpl[] = {
{ CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass) },
{ CKA_KEY_TYPE, &aesKeyType, sizeof(aesKeyType) },
{ CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_WRAP, &wrapTrue, sizeof(wrapTrue) },
{ CKA_UNWRAP, &unwrapTrue, sizeof(unwrapTrue) },
{ CKA_TOKEN, &sessionObj, sizeof(sessionObj) },
{ CKA_VALUE, aes_128_key, sizeof(aes_128_key) },
};
CK_ULONG aesKeyTmplCnt = sizeof(aesKeyTmpl) / sizeof(*aesKeyTmpl);
CK_ATTRIBUTE rsaPrivTmpl[] = {
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_MODULUS, rsa_2048_modulus, sizeof(rsa_2048_modulus) },
{ CKA_PRIVATE_EXPONENT, rsa_2048_priv_exp, sizeof(rsa_2048_priv_exp) },
{ CKA_PRIME_1, rsa_2048_p, sizeof(rsa_2048_p) },
{ CKA_PRIME_2, rsa_2048_q, sizeof(rsa_2048_q) },
{ CKA_EXPONENT_1, rsa_2048_dP, sizeof(rsa_2048_dP) },
{ CKA_EXPONENT_2, rsa_2048_dQ, sizeof(rsa_2048_dQ) },
{ CKA_COEFFICIENT, rsa_2048_u, sizeof(rsa_2048_u) },
{ CKA_PUBLIC_EXPONENT, rsa_2048_pub_exp, sizeof(rsa_2048_pub_exp) },
{ CKA_EXTRACTABLE, &ckTrue, sizeof(ckTrue) },
{ CKA_TOKEN, &sessionObj, sizeof(sessionObj) },
};
CK_ULONG rsaPrivTmplCnt = sizeof(rsaPrivTmpl) / sizeof(*rsaPrivTmpl);
CK_ATTRIBUTE unwrapTmpl[] = {
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_TOKEN, &sessionObj, sizeof(sessionObj) },
};
CK_ULONG unwrapTmplCnt = sizeof(unwrapTmpl) / sizeof(*unwrapTmpl);
CK_ATTRIBUTE pubKeySearchTmpl[] = {
{ CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_TOKEN, &sessionObj, sizeof(sessionObj) },
};
CK_ULONG pubKeySearchTmplCnt =
sizeof(pubKeySearchTmpl) / sizeof(*pubKeySearchTmpl);
CK_ATTRIBUTE getWrapTmpl[] = {
{ CKA_WRAP, &wrapAttr, sizeof(wrapAttr) },
};
/* Create the AES wrapping key */
ret = funcList->C_CreateObject(session, aesKeyTmpl, aesKeyTmplCnt,
&wrappingKey);
CHECK_CKR(ret, "AES Wrapping Key Create Object");
/* Create the RSA private key */
if (ret == CKR_OK) {
ret = funcList->C_CreateObject(session, rsaPrivTmpl, rsaPrivTmplCnt,
&privKey);
CHECK_CKR(ret, "RSA Private Key Create Object");
}
/* Wrap the RSA private key */
if (ret == CKR_OK) {
ret = funcList->C_WrapKey(session, &mech, wrappingKey, privKey,
wrappedKey, &wrappedKeyLen);
CHECK_CKR(ret, "Wrap RSA Private Key with AES");
}
/* Clean up */
funcList->C_DestroyObject(session, privKey);
privKey = CK_INVALID_HANDLE;
/* Unwrap the RSA private key */
if (ret == CKR_OK) {
ret = funcList->C_UnwrapKey(session, &mech, wrappingKey,
wrappedKey, wrappedKeyLen,
unwrapTmpl, unwrapTmplCnt,
&unwrappedPrivKey);
CHECK_CKR(ret, "Unwrap RSA Private Key");
}
/* Find the companion public key */
if (ret == CKR_OK) {
ret = funcList->C_FindObjectsInit(session, pubKeySearchTmpl,
pubKeySearchTmplCnt);
CHECK_CKR(ret, "Find companion public key Init");
}
/* Find the companion public key */
if (ret == CKR_OK) {
ret = funcList->C_FindObjects(session, &pubKey, 1, &count);
CHECK_CKR(ret, "Find companion public key");
}
/* Finalize the object search */
if (ret == CKR_OK) {
ret = funcList->C_FindObjectsFinal(session);
CHECK_CKR(ret, "Find companion public key Final");
}
/* Check if the companion public key was found */
if (ret == CKR_OK && count == 0) {
ret = -1;
CHECK_CKR(ret, "Companion public key not found");
}
/* Check the wrap attribute of the companion public key */
if (ret == CKR_OK) {
ret = funcList->C_GetAttributeValue(session, pubKey, getWrapTmpl, 1);
CHECK_CKR(ret, "Get CKA_WRAP from companion public key");
}
/* Check that the companion public key has CKA_WRAP set to CK_FALSE */
if (ret == CKR_OK && wrapAttr != CK_FALSE) {
ret = -1;
CHECK_CKR(ret, "CKA_WRAP must be CK_FALSE on companion public key");
}
/* Clean up */
funcList->C_DestroyObject(session, wrappingKey);
funcList->C_DestroyObject(session, unwrappedPrivKey);
funcList->C_DestroyObject(session, pubKey);

return ret;
}
#endif /* WOLFPKCS11_KEYPAIR_GEN_COMMON_LABEL && HAVE_AES_KEYWRAP && ... */

static CK_RV test_attributes_rsa(void* args)
{
CK_SESSION_HANDLE session = *(CK_SESSION_HANDLE*)args;
Expand Down Expand Up @@ -15826,6 +15958,12 @@ static TEST_FUNC testFunc[] = {
#if (!defined(NO_RSA) && !defined(WOLFPKCS11_NO_STORE))
PKCS11TEST_FUNC_SESS_DECL(test_rsa_wrap_unwrap_key),
#endif
#if defined(WOLFPKCS11_KEYPAIR_GEN_COMMON_LABEL) && \
defined(HAVE_AES_KEYWRAP) && !defined(WOLFPKCS11_NO_STORE) && \
!defined(NO_RSA) && !defined(NO_AES) && \
(defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))
PKCS11TEST_FUNC_SESS_DECL(test_rsa_unwrap_companion_pub_cka_wrap),
#endif
#ifndef NO_DH
PKCS11TEST_FUNC_SESS_DECL(test_derive_key),
#endif
Expand Down