F-2382 - https://fenrir.wolfssl.com/finding/2382 - Add test for CKA_WRAP/CKA_UNWRAP attribute enforcement in C_WrapKey/C_UnwrapKey

aidangarske · aidangarske · commit 758c669ae4e8 · 2026-04-08T12:21:20.000-07:00
diff --git a/tests/pkcs11test.c b/tests/pkcs11test.c
@@ -6329,6 +6329,106 @@ static CK_RV test_wrap_key_unextractable(void* args)
     return ret;
 }
 
+static CK_RV test_wrap_unwrap_op_not_supported(void* args)
+{
+    CK_SESSION_HANDLE session = *(CK_SESSION_HANDLE*)args;
+    CK_RV ret;
+    CK_MECHANISM mech = { CKM_AES_KEY_WRAP, NULL, 0 };
+    CK_OBJECT_HANDLE noWrapKey = CK_INVALID_HANDLE;
+    CK_OBJECT_HANDLE key = CK_INVALID_HANDLE;
+    byte wrappedKey[40], keyData[16];
+    CK_ULONG wrappedKeyLen = sizeof(wrappedKey);
+    CK_ATTRIBUTE noWrapTmpl[] = {
+        { CKA_CLASS,       &secretKeyClass,   sizeof(secretKeyClass)    },
+        { CKA_KEY_TYPE,    &aesKeyType,       sizeof(aesKeyType)        },
+        { CKA_VALUE,       aes_128_key,       sizeof(aes_128_key)       },
+        { CKA_WRAP,        &ckFalse,          sizeof(ckFalse)           },
+        { CKA_UNWRAP,      &ckTrue,           sizeof(ckTrue)            },
+    };
+    CK_ULONG noWrapTmplCnt = sizeof(noWrapTmpl) / sizeof(*noWrapTmpl);
+    CK_ATTRIBUTE noUnwrapTmpl[] = {
+        { CKA_CLASS,       &secretKeyClass,   sizeof(secretKeyClass)    },
+        { CKA_KEY_TYPE,    &aesKeyType,       sizeof(aesKeyType)        },
+        { CKA_VALUE,       aes_128_key,       sizeof(aes_128_key)       },
+        { CKA_WRAP,        &ckTrue,           sizeof(ckTrue)            },
+        { CKA_UNWRAP,      &ckFalse,          sizeof(ckFalse)           },
+    };
+    CK_ULONG noUnwrapTmplCnt = sizeof(noUnwrapTmpl) / sizeof(*noUnwrapTmpl);
+    CK_ATTRIBUTE unwrapResultTmpl[] = {
+        { CKA_CLASS,       &secretKeyClass,   sizeof(secretKeyClass)    },
+        { CKA_KEY_TYPE,    &genericKeyType,   sizeof(genericKeyType)    },
+    };
+    CK_ULONG unwrapResultCnt = sizeof(unwrapResultTmpl) /
+                                                    sizeof(*unwrapResultTmpl);
+    CK_OBJECT_HANDLE unwrapped = CK_INVALID_HANDLE;
+
+    memset(keyData, 0x42, sizeof(keyData));
+
+    /* Create key with CKA_WRAP=FALSE */
+    ret = funcList->C_CreateObject(session, noWrapTmpl, noWrapTmplCnt,
+                                   &noWrapKey);
+    CHECK_CKR(ret, "Create AES key with CKA_WRAP=FALSE");
+    if (ret == CKR_OK) {
+        ret = get_generic_key(session, keyData, sizeof(keyData), CK_TRUE, &key);
+    }
+    if (ret == CKR_OK) {
+        ret = funcList->C_WrapKey(session, &mech, noWrapKey, key,
+                                  wrappedKey, &wrappedKeyLen);
+        CHECK_CKR_FAIL(ret, CKR_KEY_TYPE_INCONSISTENT,
+                        "WrapKey should fail with CKA_WRAP=FALSE");
+    }
+    funcList->C_DestroyObject(session, noWrapKey);
+    funcList->C_DestroyObject(session, key);
+
+    /* Now test CKA_UNWRAP=FALSE: first wrap with a valid key, then unwrap
+     * with a key that has CKA_UNWRAP=FALSE */
+    if (ret == CKR_OK) {
+        CK_OBJECT_HANDLE wrapKey = CK_INVALID_HANDLE;
+        ret = funcList->C_CreateObject(session, noUnwrapTmpl, noUnwrapTmplCnt,
+                                       &noWrapKey);
+        CHECK_CKR(ret, "Create AES key with CKA_UNWRAP=FALSE");
+        if (ret == CKR_OK) {
+            /* Use same key template but with wrap=true to actually wrap */
+            CK_ATTRIBUTE wrapOkTmpl[] = {
+                { CKA_CLASS,   &secretKeyClass, sizeof(secretKeyClass) },
+                { CKA_KEY_TYPE, &aesKeyType,    sizeof(aesKeyType)     },
+                { CKA_VALUE,   aes_128_key,     sizeof(aes_128_key)    },
+                { CKA_WRAP,    &ckTrue,         sizeof(ckTrue)         },
+                { CKA_UNWRAP,  &ckTrue,         sizeof(ckTrue)         },
+            };
+            ret = funcList->C_CreateObject(session, wrapOkTmpl,
+                                           sizeof(wrapOkTmpl)/sizeof(*wrapOkTmpl),
+                                           &wrapKey);
+            CHECK_CKR(ret, "Create valid wrapping key");
+        }
+        if (ret == CKR_OK) {
+            ret = get_generic_key(session, keyData, sizeof(keyData), CK_TRUE,
+                                  &key);
+        }
+        if (ret == CKR_OK) {
+            wrappedKeyLen = sizeof(wrappedKey);
+            ret = funcList->C_WrapKey(session, &mech, wrapKey, key,
+                                      wrappedKey, &wrappedKeyLen);
+            CHECK_CKR(ret, "Wrap key for unwrap test");
+        }
+        funcList->C_DestroyObject(session, wrapKey);
+        funcList->C_DestroyObject(session, key);
+
+        if (ret == CKR_OK) {
+            ret = funcList->C_UnwrapKey(session, &mech, noWrapKey, wrappedKey,
+                                        wrappedKeyLen, unwrapResultTmpl,
+                                        unwrapResultCnt, &unwrapped);
+            CHECK_CKR_FAIL(ret, CKR_KEY_TYPE_INCONSISTENT,
+                            "UnwrapKey should fail with CKA_UNWRAP=FALSE");
+        }
+        funcList->C_DestroyObject(session, noWrapKey);
+        if (unwrapped != CK_INVALID_HANDLE)
+            funcList->C_DestroyObject(session, unwrapped);
+    }
+
+    return ret;
+}
+
 /* Regression test: C_WrapKey on a key with CKA_WRAP_WITH_TRUSTED=CK_TRUE must
  * return CKR_KEY_NOT_WRAPPABLE when the wrapping key lacks CKA_TRUSTED, and
  * succeed when the wrapping key has CKA_TRUSTED=CK_TRUE. */
@@ -17156,6 +17256,7 @@ static TEST_FUNC testFunc[] = {
     PKCS11TEST_FUNC_SESS_DECL(test_aes_wrap_unwrap_pad_key),
     PKCS11TEST_FUNC_SESS_DECL(test_wrap_unwrap_key),
     PKCS11TEST_FUNC_SESS_DECL(test_wrap_key_unextractable),
+    PKCS11TEST_FUNC_SESS_DECL(test_wrap_unwrap_op_not_supported),
     PKCS11TEST_FUNC_SESS_DECL(test_wrap_key_wrap_with_trusted),
 #if !defined(WOLFPKCS11_NSS)
     PKCS11TEST_FUNC_SESS_DECL(test_wrap_key_ro_session),
