tests: the UniqueId attribute

Jakuje · Jakuje · commit c7642c89a055 · 2025-05-06T21:56:29.000+02:00
Signed-off-by: Jakub Jelen &lt;jjelen@redhat.com&gt;
diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs
@@ -2476,3 +2476,82 @@ fn aes_cmac_verify_impl(key: [u8; 16], message: &[u8], expected_mac: [u8; 16]) -
     session.verify(&Mechanism::AesCMac, key, message, &expected_mac)?;
     Ok(())
 }
+
+/// AES-CMAC test vectors from RFC 4493
+#[test]
+#[serial]
+fn unique_id() -> TestResult {
+    let (pkcs11, slot) = init_pins();
+    let session = pkcs11.open_rw_session(slot)?;
+    session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
+
+    let key: [u8; 16] = [
+        0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f,
+        0x3c,
+    ];
+
+    // Can not create object with Unique Id
+    let key_template = vec![
+        Attribute::Class(ObjectClass::SECRET_KEY),
+        Attribute::KeyType(KeyType::AES),
+        Attribute::Token(true),
+        Attribute::Sensitive(true),
+        Attribute::Private(true),
+        Attribute::Value(key.into()),
+        Attribute::UniqueId(vec![0x00, 0x00, 0x00, 0x01]),
+    ];
+    let res = session.create_object(&key_template);
+    assert!(res.is_err());
+    assert!(matches!(
+        res,
+        Err(Error::Pkcs11(
+            RvError::AttributeTypeInvalid,
+            Function::CreateObject
+        ))
+    ));
+
+    let generate_template = vec![
+        Attribute::Token(true),
+        Attribute::ValueLen(32.into()),
+        Attribute::Encrypt(true),
+    ];
+
+    // generate a secret key
+    let key = session.generate_key(&Mechanism::AesKeyGen, &generate_template)?;
+
+    // we can get the UniqueId attribute
+    let attrs = session.get_attributes(key, &[AttributeType::UniqueId])?;
+    if is_softhsm() {
+        // SoftHSM does not support this attribute at all
+        assert_eq!(attrs.len(), 0);
+    } else {
+        assert!(matches!(attrs.first(), Some(Attribute::UniqueId(_))));
+    }
+
+    // we can not set the UniqueId attribute
+    let update_template = vec![Attribute::UniqueId(vec![0x01, 0x02, 0x03])];
+    let res = session.update_attributes(key, &update_template);
+    assert!(res.is_err());
+    if is_softhsm() {
+        // SoftHSM does not support this attribute at all
+        assert!(matches!(
+            res,
+            Err(Error::Pkcs11(
+                RvError::AttributeTypeInvalid,
+                Function::SetAttributeValue
+            ))
+        ));
+    } else {
+        assert!(matches!(
+            res,
+            Err(Error::Pkcs11(
+                RvError::AttributeReadOnly,
+                Function::SetAttributeValue
+            ))
+        ));
+    }
+
+    session.destroy_object(key)?;
+
+    Ok(())
+}
