Merge pull request #184 from LinuxJedi/verify-recover-test

Fix attributes in tests

Author: dgarske

.github/workflows/storage-upgrade-test-tpm.yml

@@ -99,6 +99,9 @@ jobs:
         else
           echo "WOLFPKCS11_NO_STORE not found, assuming WOLFPKCS11_TOKEN_PATH is already set"
         fi
+        # Patch test_verify_recover_op_not_supported on older bases that
+        # still set CKA_VERIFY=FALSE (the op check now uses CKA_VERIFY_RECOVER).
+        sed -i '/CK_ATTRIBUTE rsaPubNoVerify/,/};/{s/CKA_VERIFY,/CKA_VERIFY_RECOVER,/;}' tests/pkcs11test.c
         echo "=== pkcs11test.c modification completed ==="
 
     - name: Build wolfPKCS11 ${{ matrix.base-ref.name }} with TPM

.github/workflows/storage-upgrade-test.yml

@@ -80,6 +80,9 @@ jobs:
         else
           echo "WOLFPKCS11_NO_STORE not found, assuming WOLFPKCS11_TOKEN_PATH is already set"
         fi
+        # Patch test_verify_recover_op_not_supported on older bases that
+        # still set CKA_VERIFY=FALSE (the op check now uses CKA_VERIFY_RECOVER).
+        sed -i '/CK_ATTRIBUTE rsaPubNoVerify/,/};/{s/CKA_VERIFY,/CKA_VERIFY_RECOVER,/;}' tests/pkcs11test.c
         echo "=== pkcs11test.c modification completed ==="
 
     - name: Build wolfPKCS11 ${{ matrix.base-ref.name }}

tests/pkcs11mtt.c

@@ -6681,10 +6681,12 @@ static CK_RV mlkem_encap_decap(CK_SESSION_HANDLE session,
         funcListExt = (CK_FUNCTION_LIST_3_2*)interface->pFunctionList;
     CK_OBJECT_CLASS secClass = CKO_SECRET_KEY;
     CK_BBOOL extr = CK_TRUE;
+    CK_BBOOL sensitive = CK_FALSE;
     CK_ATTRIBUTE secretTmpl[] = {
         { CKA_CLASS,       &secClass,       sizeof(secClass)       },
         { CKA_KEY_TYPE,    &genericKeyType, sizeof(genericKeyType) },
         { CKA_EXTRACTABLE, &extr,           sizeof(extr)           },
+        { CKA_SENSITIVE,   &sensitive,      sizeof(sensitive)      },
     };
     CK_ULONG secretTmplCnt = sizeof(secretTmpl) / sizeof(*secretTmpl);
     CK_OBJECT_HANDLE encapKey = CK_INVALID_HANDLE;

tests/pkcs11test.c

@@ -5777,23 +5777,23 @@ static CK_RV test_verify_recover_op_not_supported(void* args)
     CK_BBOOL trueVal = CK_TRUE;
     CK_MECHANISM mech = { CKM_RSA_PKCS, NULL_PTR, 0 };
 
-    CK_ATTRIBUTE rsaPubNoVerify[] = {
+    CK_ATTRIBUTE rsaPubNoVerifyRecover[] = {
         { CKA_CLASS,             &pubKeyClass,      sizeof(pubKeyClass)       },
         { CKA_KEY_TYPE,          &rsaKeyType,       sizeof(rsaKeyType)        },
         { CKA_ENCRYPT,           &trueVal,          sizeof(trueVal)           },
-        { CKA_VERIFY,            &falseVal,         sizeof(falseVal)          },
+        { CKA_VERIFY_RECOVER,    &falseVal,         sizeof(falseVal)          },
         { CKA_MODULUS,           rsa_2048_modulus,   sizeof(rsa_2048_modulus)  },
         { CKA_PUBLIC_EXPONENT,   rsa_2048_pub_exp,  sizeof(rsa_2048_pub_exp)  },
     };
 
-    ret = funcList->C_CreateObject(session, rsaPubNoVerify,
-                                   sizeof(rsaPubNoVerify)/sizeof(*rsaPubNoVerify),
-                                   &pubKey);
-    CHECK_CKR(ret, "Create RSA pub key with CKA_VERIFY=FALSE");
+    ret = funcList->C_CreateObject(session, rsaPubNoVerifyRecover,
+                       sizeof(rsaPubNoVerifyRecover)/sizeof(*rsaPubNoVerifyRecover),
+                       &pubKey);
+    CHECK_CKR(ret, "Create RSA pub key with CKA_VERIFY_RECOVER=FALSE");
     if (ret == CKR_OK) {
         ret = funcList->C_VerifyRecoverInit(session, &mech, pubKey);
         CHECK_CKR_FAIL(ret, CKR_KEY_TYPE_INCONSISTENT,
-                        "VerifyRecoverInit should fail with CKA_VERIFY=FALSE");
+                "VerifyRecoverInit should fail with CKA_VERIFY_RECOVER=FALSE");
     }
 
     return ret;