From 470ccc303411332589d569156285daeccd437b39 Mon Sep 17 00:00:00 2001
From: Dakshit Babbar <100972343+DakshitBabbar@users.noreply.github.com>
Date: Wed, 16 Oct 2024 17:54:02 +0530
Subject: [PATCH] Export RSA key attributes from mbedtls context to support
 TLSv1.3 (#202)

Export RSA key attributes from mbedtls context to support TLSv1.3
---
 .github/.cSpellWords.txt                      |   5 +
 README.md                                     |   2 +-
 docs/doxygen/include/size_table.md            |   8 +-
 source/portable/mbedtls/core_pkcs11_mbedtls.c | 198 ++++++-
 .../mbedtls_integration_test.c                |   2 +-
 .../core_pkcs11_mbedtls_utest.c               | 498 +++++++++++++++++-
 tools/coverity/README.md                      |   2 +-
 7 files changed, 675 insertions(+), 40 deletions(-)

diff --git a/.github/.cSpellWords.txt b/.github/.cSpellWords.txt
index e7a7dfe3..d8cd72b6 100644
--- a/.github/.cSpellWords.txt
+++ b/.github/.cSpellWords.txt
@@ -37,6 +37,7 @@ DUNITTEST
 DUNITY
 ecdh
 ecjpake
+EABNVYL
 ECKEY
 FAAOCAQE
 Fithb
@@ -51,6 +52,7 @@ HKDF
 isystem
 JITP
 JITR
+JLATES
 Karthikeyan
 lcov
 LPDWORD
@@ -103,11 +105,14 @@ utest
 vect
 Vect
 VECT
+VEIQ
+VQIDAQAB
 Wunused
 xfindobjectwithlabelandclass
 xgetslotlist
 xinitializepkcs
 xtea
 XTEA
+yfiv
 zeroize
 ZEROIZE
diff --git a/README.md b/README.md
index 30dcdc6e..8b0e9df3 100644
--- a/README.md
+++ b/README.md
@@ -192,7 +192,7 @@ locations below:
 |                                                       Location                                                       |
 | :------------------------------------------------------------------------------------------------------------------: |
 | [AWS IoT Device SDK for Embedded C](https://github.com/aws/aws-iot-device-sdk-embedded-C#releases-and-documentation) |
-|      [FreeRTOS.org](https://freertos.org/Documentation/api-ref/corePKCS11/docs/doxygen/output/html/index.html)       |
+|      [FreeRTOS.org](https://freertos.github.io/corePKCS11/v3.6.1/)                                                   |
 
 Note that the latest included version of corePKCS11 may differ across
 repositories.
diff --git a/docs/doxygen/include/size_table.md b/docs/doxygen/include/size_table.md
index d999d2b6..2bfcb51f 100644
--- a/docs/doxygen/include/size_table.md
+++ b/docs/doxygen/include/size_table.md
@@ -19,12 +19,12 @@
     </tr>
     <tr>
         <td>core_pkcs11_mbedtls.c</td>
-        <td><center>9.0K</center></td>
-        <td><center>7.4K</center></td>
+        <td><center>9.4K</center></td>
+        <td><center>7.7K</center></td>
     </tr>
     <tr>
         <td><b>Total estimates</b></td>
-        <td><b><center>10.3K</center></b></td>
-        <td><b><center>8.4K</center></b></td>
+        <td><b><center>10.7K</center></b></td>
+        <td><b><center>8.7K</center></b></td>
     </tr>
 </table>
diff --git a/source/portable/mbedtls/core_pkcs11_mbedtls.c b/source/portable/mbedtls/core_pkcs11_mbedtls.c
index b24db405..4b8c7d86 100644
--- a/source/portable/mbedtls/core_pkcs11_mbedtls.c
+++ b/source/portable/mbedtls/core_pkcs11_mbedtls.c
@@ -779,6 +779,156 @@ static CK_RV prvRsaContextParse( const CK_ATTRIBUTE * pxAttribute,
     return xResult;
 }
 
+/**
+ * @brief Populates attribute values for an RSA key from the mbed TLS context.
+ */
+static CK_RV prvGetAttributesFromRsaContext( CK_ATTRIBUTE * pxAttribute,
+                                             const mbedtls_rsa_context * pxRsaContext )
+{
+    CK_RV xResult = CKR_OK;
+    int32_t lMbedTLSResult = 0;
+    mbedtls_mpi * pxMpi = ( mbedtls_mpi * ) pxAttribute->pValue;
+
+    mbedtls_mpi_init( pxMpi );
+
+    switch( pxAttribute->type )
+    {
+        case ( CKA_MODULUS ):
+
+            lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->N.n );
+
+            if( lMbedTLSResult == 0 )
+            {
+                lMbedTLSResult = mbedtls_rsa_export( pxRsaContext,
+                                                     pxMpi,  /* N */
+                                                     NULL,   /* P */
+                                                     NULL,   /* Q */
+                                                     NULL,   /* D */
+                                                     NULL ); /* E */
+            }
+
+            break;
+
+        case ( CKA_PUBLIC_EXPONENT ):
+
+            lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->E.n );
+
+            if( lMbedTLSResult == 0 )
+            {
+                lMbedTLSResult = mbedtls_rsa_export( pxRsaContext,
+                                                     NULL,    /* N */
+                                                     NULL,    /* P */
+                                                     NULL,    /* Q */
+                                                     NULL,    /* D */
+                                                     pxMpi ); /* E */
+            }
+
+            break;
+
+        case ( CKA_PRIME_1 ):
+
+            lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->P.n );
+
+            if( lMbedTLSResult == 0 )
+            {
+                lMbedTLSResult = mbedtls_rsa_export( pxRsaContext,
+                                                     NULL,   /* N */
+                                                     pxMpi,  /* P */
+                                                     NULL,   /* Q */
+                                                     NULL,   /* D */
+                                                     NULL ); /* E */
+            }
+
+            break;
+
+        case ( CKA_PRIME_2 ):
+
+            lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->Q.n );
+
+            if( lMbedTLSResult == 0 )
+            {
+                lMbedTLSResult = mbedtls_rsa_export( pxRsaContext,
+                                                     NULL,   /* N */
+                                                     NULL,   /* P */
+                                                     pxMpi,  /* Q */
+                                                     NULL,   /* D */
+                                                     NULL ); /* E */
+            }
+
+            break;
+
+        case ( CKA_PRIVATE_EXPONENT ):
+
+            lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->D.n );
+
+            if( lMbedTLSResult == 0 )
+            {
+                lMbedTLSResult = mbedtls_rsa_export( pxRsaContext,
+                                                     NULL,   /* N */
+                                                     NULL,   /* P */
+                                                     NULL,   /* Q */
+                                                     pxMpi,  /* D */
+                                                     NULL ); /* E */
+            }
+
+            break;
+
+        case ( CKA_EXPONENT_1 ):
+
+            lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->DP.n );
+
+            if( lMbedTLSResult == 0 )
+            {
+                lMbedTLSResult = mbedtls_rsa_export_crt( pxRsaContext,
+                                                         pxMpi,  /* DP */
+                                                         NULL,   /* DQ */
+                                                         NULL ); /* QP */
+            }
+
+            break;
+
+        case ( CKA_EXPONENT_2 ):
+
+            lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->DQ.n );
+
+            if( lMbedTLSResult == 0 )
+            {
+                lMbedTLSResult = mbedtls_rsa_export_crt( pxRsaContext,
+                                                         NULL,   /* DP */
+                                                         pxMpi,  /* DQ */
+                                                         NULL ); /* QP */
+            }
+
+            break;
+
+        default:
+
+            /* This is the CKA_COEFFICIENT case. The type is checked in
+             * C_GetAttributeValue. */
+            lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->QP.n );
+
+            if( lMbedTLSResult == 0 )
+            {
+                lMbedTLSResult = mbedtls_rsa_export_crt( pxRsaContext,
+                                                         NULL,    /* DP */
+                                                         NULL,    /* DQ */
+                                                         pxMpi ); /* QP */
+            }
+
+            break;
+    }
+
+    if( lMbedTLSResult != 0 )
+    {
+        LogError( ( "Failed to parse RSA private key attributes: mbed TLS error = %s : %s.",
+                    mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ),
+                    mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) );
+        xResult = CKR_FUNCTION_FAILED;
+    }
+
+    return xResult;
+}
+
 /**
  * @brief Parses attribute values for a RSA Key.
  */
@@ -3076,6 +3226,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession,
     mbedtls_x509_crt xMbedX509Context = { 0 };
     mbedtls_pk_type_t xKeyType;
     const mbedtls_ecp_keypair * pxKeyPair;
+    const mbedtls_rsa_context * pxRsaContext;
     CK_KEY_TYPE xPkcsKeyType = ( CK_KEY_TYPE ) ~0UL;
     CK_OBJECT_CLASS xClass = ~0UL;
     CK_BYTE_PTR pxObjectValue = NULL;
@@ -3294,15 +3445,6 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession,
 
                     break;
 
-                case CKA_PRIVATE_EXPONENT:
-
-                    LogError( ( "Failed to parse attribute. "
-                                "CKA_PRIVATE_EXPONENT is private data." ) );
-                    xResult = CKR_ATTRIBUTE_SENSITIVE;
-                    pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION;
-
-                    break;
-
                 case CKA_EC_PARAMS:
 
                     if( pTemplate[ iAttrib ].pValue == NULL )
@@ -3384,6 +3526,44 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession,
 
                     break;
 
+                case CKA_MODULUS:
+                case CKA_PUBLIC_EXPONENT:
+                case CKA_PRIME_1:
+                case CKA_PRIME_2:
+                case CKA_PRIVATE_EXPONENT:
+                case CKA_EXPONENT_1:
+                case CKA_EXPONENT_2:
+                case CKA_COEFFICIENT:
+
+                    if( pTemplate[ iAttrib ].pValue == NULL )
+                    {
+                        pTemplate[ iAttrib ].ulValueLen = sizeof( mbedtls_mpi );
+                    }
+                    else
+                    {
+                        if( pTemplate[ iAttrib ].ulValueLen == sizeof( mbedtls_mpi ) )
+                        {
+                            pxRsaContext = ( mbedtls_rsa_context * ) xKeyContext.pk_ctx;
+
+                            if( pxRsaContext != NULL )
+                            {
+                                xResult = prvGetAttributesFromRsaContext( &( pTemplate[ iAttrib ] ),
+                                                                          pxRsaContext );
+                            }
+                            else
+                            {
+                                xResult = CKR_FUNCTION_FAILED;
+                                pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION;
+                            }
+                        }
+                        else
+                        {
+                            xResult = CKR_BUFFER_TOO_SMALL;
+                        }
+                    }
+
+                    break;
+
                 default:
                     LogError( ( "Failed to parse attribute. Received unknown "
                                 "attribute type." ) );
diff --git a/test/mbedtls_integration/mbedtls_integration_test.c b/test/mbedtls_integration/mbedtls_integration_test.c
index 4c030b20..f1f8ae93 100644
--- a/test/mbedtls_integration/mbedtls_integration_test.c
+++ b/test/mbedtls_integration/mbedtls_integration_test.c
@@ -954,7 +954,7 @@ static void commonValidateCredentialStorageRSA( const char * pPrivateKeyLabel,
     TEST_ASSERT_EQUAL_MEMORY_MESSAGE( expectedCertInDer, template.pValue, template.ulValueLen, "GetAttributeValue returned incorrect data for RSA certificate" );
 
     /* Check that the private key cannot be retrieved. */
-    template.type = CKA_PRIVATE_EXPONENT;
+    template.type = CKA_VALUE;
     template.pValue = keyComponent;
     template.ulValueLen = sizeof( keyComponent );
     result = globalFunctionList->C_GetAttributeValue( globalSession, privateKeyHandle, &template, 1 );
diff --git a/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c b/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c
index 4affea30..941fb800 100644
--- a/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c
+++ b/test/pkcs11_mbedtls_utest/core_pkcs11_mbedtls_utest.c
@@ -3212,10 +3212,13 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void )
     CK_BYTE pulBuf[ sizeof( pulKnownBuf ) ] = { 0 };
     CK_BYTE ulPoint[ pkcs11EC_POINT_LENGTH ] = { 0 };
     CK_BYTE ulKnownPoint = 0x04;
+    CK_BYTE_PTR ulKnownPointLoc = &( ulKnownPoint );
     CK_BBOOL xIsPrivate = CK_FALSE;
     CK_OBJECT_CLASS xPrivateKeyClass = { 0 };
     CK_OBJECT_CLASS xKnownPrivateKeyClass = CKO_PRIVATE_KEY;
     CK_ATTRIBUTE xTemplate = { CKA_EC_PARAMS, pulBuf, sizeof( pulBuf ) };
+    mbedtls_ecp_keypair xEcpKeyPair = { 0 };
+    mbedtls_pk_context xKeyContext = { NULL, &xEcpKeyPair };
 
     prvCommonInitStubs( &xSession );
 
@@ -3229,7 +3232,8 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void )
 
 
         /* EC Params Case */
-        mbedtls_pk_init_CMockIgnore();
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         mbedtls_x509_crt_init_CMockIgnore();
         mbedtls_pk_parse_key_IgnoreAndReturn( 0 );
         PKCS11_PAL_GetObjectValueCleanup_CMockIgnore();
@@ -3245,6 +3249,8 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void )
         xTemplate.pValue = NULL;
         xTemplate.ulValueLen = 0;
 
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount );
         TEST_ASSERT_EQUAL( CKR_OK, xResult );
         TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplate.ulValueLen );
@@ -3252,6 +3258,8 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void )
         xTemplate.pValue = &ulPoint;
         xTemplate.ulValueLen = sizeof( ulPoint );
 
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount );
         TEST_ASSERT_EQUAL( CKR_OK, xResult );
         TEST_ASSERT_EQUAL( ulKnownPoint, ulPoint[ 0 ] );
@@ -3260,6 +3268,8 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void )
         xTemplate.ulValueLen = sizeof( ulPoint );
 
         mbedtls_ecp_tls_write_point_IgnoreAndReturn( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount );
         TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult );
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen );
@@ -3268,6 +3278,8 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void )
         xTemplate.pValue = &ulPoint;
         xTemplate.ulValueLen = sizeof( ulPoint );
 
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount );
         TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen );
@@ -3275,8 +3287,10 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void )
         mbedtls_ecp_tls_write_point_IgnoreAndReturn( 1 );
 
         /* Unknown attribute. */
-        xTemplate.type = CKA_MODULUS;
+        xTemplate.type = CKA_SUBPRIME;
 
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount );
         TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_TYPE_INVALID, xResult );
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen );
@@ -3287,6 +3301,8 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void )
         xTemplate.ulValueLen = 0;
 
         mbedtls_pk_parse_key_IgnoreAndReturn( 0 );
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount );
         TEST_ASSERT_EQUAL( CKR_OK, xResult );
         TEST_ASSERT_EQUAL( NULL, xTemplate.pValue );
@@ -3294,6 +3310,8 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void )
 
         xTemplate.pValue = &xPrivateKeyClass;
 
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount );
         TEST_ASSERT_EQUAL( CKR_OK, xResult );
         TEST_ASSERT_EQUAL( sizeof( xPrivateKeyClass ), xTemplate.ulValueLen );
@@ -3307,6 +3325,8 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void )
         PKCS11_PAL_GetObjectValue_ExpectAnyArgsAndReturn( CKR_OK );
         PKCS11_PAL_GetObjectValue_ReturnThruPtr_pIsPrivate( &xIsPrivate );
         PKCS11_PAL_GetObjectValue_ReturnThruPtr_pulDataSize( &ulLength );
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         mbedtls_pk_parse_key_IgnoreAndReturn( 1 );
         mbedtls_pk_parse_public_key_ExpectAnyArgsAndReturn( 0 );
         xResult = C_GetAttributeValue( xSession, xObjectPub, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount );
@@ -3321,6 +3341,8 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void )
         PKCS11_PAL_GetObjectValue_ReturnThruPtr_pIsPrivate( &xIsPrivate );
         PKCS11_PAL_GetObjectValue_ReturnThruPtr_pulDataSize( &ulLength );
         mbedtls_pk_parse_key_IgnoreAndReturn( 0 );
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         xResult = C_GetAttributeValue( xSession, xObjectPub, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount );
         TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult );
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen );
@@ -3331,6 +3353,9 @@ void test_pkcs11_C_GetAttributeValueAttParsing( void )
 
         PKCS11_PAL_GetObjectValue_ExpectAnyArgsAndReturn( CKR_OK );
         PKCS11_PAL_GetObjectValue_ReturnThruPtr_pIsPrivate( &xIsPrivate );
+        PKCS11_PAL_GetObjectValue_ReturnThruPtr_ppucData( &ulKnownPointLoc );
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         xResult = C_GetAttributeValue( xSession, xObjectPub, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount );
         TEST_ASSERT_EQUAL( CKR_OK, xResult );
         TEST_ASSERT_EQUAL( 1, xTemplate.ulValueLen );
@@ -3373,6 +3398,8 @@ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void )
     CK_ULONG ulCount = 2;
     CK_BYTE ulPoint[ pkcs11EC_POINT_LENGTH ] = { 0 };
     CK_ATTRIBUTE xTemplates[ 2 ] = { 0 };
+    mbedtls_ecp_keypair xEcpKeyPair = { 0 };
+    mbedtls_pk_context xKeyContext = { NULL, &xEcpKeyPair };
 
     prvCommonInitStubs( &xSession );
 
@@ -3381,7 +3408,8 @@ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void )
         xResult = prvCreateEcPriv( &xSession, &xObject );
         TEST_ASSERT_EQUAL( CKR_OK, xResult );
 
-        mbedtls_pk_init_CMockIgnore();
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         mbedtls_x509_crt_init_CMockIgnore();
         PKCS11_PAL_GetObjectValueCleanup_CMockIgnore();
         mbedtls_pk_free_CMockIgnore();
@@ -3393,8 +3421,8 @@ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void )
         xTemplates[ 0 ].pValue = NULL;
         xTemplates[ 0 ].ulValueLen = 0;
 
-        /* CKR_ATTRIBUTE_TYPE_INVALID should be returned for unknow attribute CKA_MODULUS. */
-        xTemplates[ 1 ].type = CKA_MODULUS;
+        /* CKR_ATTRIBUTE_TYPE_INVALID should be returned for unknow attribute CKA_SUBPRIME. */
+        xTemplates[ 1 ].type = CKA_SUBPRIME;
         xTemplates[ 1 ].pValue = NULL;
         xTemplates[ 1 ].ulValueLen = 0;
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
@@ -3405,8 +3433,8 @@ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void )
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen );
 
         /* Swap the sequence EC Point Case and unknown attribute case. */
-        /* CKR_ATTRIBUTE_TYPE_INVALID should be returned for unknow attribute CKA_MODULUS. */
-        xTemplates[ 0 ].type = CKA_MODULUS;
+        /* CKR_ATTRIBUTE_TYPE_INVALID should be returned for unknow attribute CKA_SUBPRIME. */
+        xTemplates[ 0 ].type = CKA_SUBPRIME;
         xTemplates[ 0 ].pValue = NULL;
         xTemplates[ 0 ].ulValueLen = 0;
 
@@ -3414,6 +3442,9 @@ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void )
         xTemplates[ 1 ].type = CKA_EC_POINT;
         xTemplates[ 1 ].pValue = NULL;
         xTemplates[ 1 ].ulValueLen = 0;
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
 
         /* CKR_ATTRIBUTE_TYPE_INVALID should be returned. */
@@ -3432,6 +3463,8 @@ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void )
         xTemplates[ 1 ].ulValueLen = 0;
 
         /* CKR_BUFFER_TOO_SMALL should be returned. */
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
         TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult );
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen );
@@ -3449,14 +3482,15 @@ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void )
         xTemplates[ 1 ].ulValueLen = 0;
 
         /* CKR_BUFFER_TOO_SMALL should be returned. */
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
         TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult );
         TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 0 ].ulValueLen );
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen );
 
-        /* CKR_ATTRIBUTE_SENSITIVE should be returned when getting CKA_PRIVATE_EXPONENT type. */
-        mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 );
-        xTemplates[ 0 ].type = CKA_PRIVATE_EXPONENT;
+        /* CKR_ATTRIBUTE_SENSITIVE should be returned when getting CKA_VALUE type. */
+        xTemplates[ 0 ].type = CKA_VALUE;
         xTemplates[ 0 ].pValue = NULL;
         xTemplates[ 0 ].ulValueLen = 0;
 
@@ -3466,6 +3500,9 @@ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void )
         xTemplates[ 1 ].ulValueLen = 0;
 
         /* CKA_PRIVATE_EXPONENT should be returned. */
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
         TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_SENSITIVE, xResult );
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen );
@@ -3476,21 +3513,21 @@ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void )
         xTemplates[ 0 ].pValue = NULL;
         xTemplates[ 0 ].ulValueLen = 0;
 
-        /* CKR_ATTRIBUTE_SENSITIVE should be returned when getting CKA_PRIVATE_EXPONENT type. */
-        mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 );
-        xTemplates[ 1 ].type = CKA_PRIVATE_EXPONENT;
+        /* CKR_ATTRIBUTE_SENSITIVE should be returned when getting CKA_VALUE type. */
+        xTemplates[ 1 ].type = CKA_VALUE;
         xTemplates[ 1 ].pValue = NULL;
         xTemplates[ 1 ].ulValueLen = 0;
 
         /* CKA_PRIVATE_EXPONENT should be returned. */
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
         TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_SENSITIVE, xResult );
         TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 0 ].ulValueLen );
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen );
 
         /* CKR_FUNCTION_FAILED should be returned when mbedtls_ecp_tls_write_point returns -1.  */
-        mbedtls_pk_parse_key_IgnoreAndReturn( 0 );
-        mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 );
         xTemplates[ 0 ].type = CKA_EC_POINT;
         xTemplates[ 0 ].pValue = &ulPoint;
         xTemplates[ 0 ].ulValueLen = sizeof( ulPoint );
@@ -3501,6 +3538,10 @@ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void )
         xTemplates[ 1 ].ulValueLen = 0;
 
         /* CKR_FUNCTION_FAILED should be returned. */
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_pk_parse_key_IgnoreAndReturn( 0 );
+        mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
         TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen );
@@ -3513,39 +3554,41 @@ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void )
         xTemplates[ 0 ].ulValueLen = 0;
 
         /* CKR_FUNCTION_FAILED should be returned when mbedtls_ecp_tls_write_point returns -1.  */
-        mbedtls_pk_parse_key_IgnoreAndReturn( 0 );
-        mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 );
         xTemplates[ 1 ].type = CKA_EC_POINT;
         xTemplates[ 1 ].pValue = &ulPoint;
         xTemplates[ 1 ].ulValueLen = sizeof( ulPoint );
 
         /* CKR_FUNCTION_FAILED should be returned. */
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_pk_parse_key_IgnoreAndReturn( 0 );
+        mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
         TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
         TEST_ASSERT_EQUAL( pkcs11EC_POINT_LENGTH, xTemplates[ 0 ].ulValueLen );
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen );
 
-        /* CKR_ATTRIBUTE_TYPE_INVALID should be returned for unknow attribute CKA_MODULUS. */
-        xTemplates[ 0 ].type = CKA_MODULUS;
+        /* CKR_ATTRIBUTE_TYPE_INVALID should be returned for unknow attribute CKA_SUBPRIME. */
+        xTemplates[ 0 ].type = CKA_SUBPRIME;
         xTemplates[ 0 ].pValue = NULL;
         xTemplates[ 0 ].ulValueLen = 0;
 
         /* CKR_FUNCTION_FAILED should be returned when mbedtls_ecp_tls_write_point returns -1.  */
-        mbedtls_pk_parse_key_IgnoreAndReturn( 0 );
-        mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 );
         xTemplates[ 1 ].type = CKA_EC_POINT;
         xTemplates[ 1 ].pValue = &ulPoint;
         xTemplates[ 1 ].ulValueLen = sizeof( ulPoint );
 
         /* CKR_FUNCTION_FAILED should be returned. */
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_pk_parse_key_IgnoreAndReturn( 0 );
+        mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
         TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen );
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 1 ].ulValueLen );
 
         /* CKR_FUNCTION_FAILED should be returned when mbedtls_ecp_tls_write_point returns -1.  */
-        mbedtls_pk_parse_key_IgnoreAndReturn( 0 );
-        mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 );
         xTemplates[ 0 ].type = CKA_EC_POINT;
         xTemplates[ 0 ].pValue = &ulPoint;
         xTemplates[ 0 ].ulValueLen = sizeof( ulPoint );
@@ -3556,6 +3599,10 @@ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void )
         xTemplates[ 1 ].ulValueLen = 0;
 
         /* CKR_FUNCTION_FAILED should be returned. */
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_pk_parse_key_IgnoreAndReturn( 0 );
+        mbedtls_ecp_tls_write_point_IgnoreAndReturn( -1 );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
         TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen );
@@ -3568,6 +3615,409 @@ void test_pkcs11_C_GetAttributeValueMultipleAttParsing( void )
     }
 }
 
+/*!
+ * @brief C_GetAttributeValue paths.
+ *
+ */
+void test_pkcs11_C_GetAttributeValueValidRsaContext( void )
+{
+    CK_RV xResult = CKR_OK;
+    CK_SESSION_HANDLE xSession = 0;
+    CK_OBJECT_HANDLE xObject = 0;
+    CK_ULONG ulCount = 1;
+    CK_ATTRIBUTE xTemplates[ 1 ] = { 0 };
+    mbedtls_rsa_context xRsaContext = { 0 };
+    mbedtls_pk_context xKeyContext = { NULL, &xRsaContext };
+    mbedtls_mpi xMpi;
+
+    prvCommonInitStubs( &xSession );
+
+    if( TEST_PROTECT() )
+    {
+        xResult = prvCreateRsaPriv( &xSession, &xObject );
+        TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+        mbedtls_mpi_init_Ignore();
+        mbedtls_x509_crt_init_CMockIgnore();
+        mbedtls_pk_parse_key_IgnoreAndReturn( 0 );
+        PKCS11_PAL_GetObjectValue_IgnoreAndReturn( CKR_OK );
+        PKCS11_PAL_GetObjectValueCleanup_CMockIgnore();
+        mbedtls_pk_free_CMockIgnore();
+        mbedtls_x509_crt_free_CMockIgnore();
+
+        /* CKA_MODULUS case */
+        /* Failure path */
+        xTemplates[ 0 ].type = CKA_MODULUS;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 1 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
+
+        /* CKA_MODULUS case */
+        /* Success path */
+        xTemplates[ 0 ].type = CKA_MODULUS;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 0 );
+        mbedtls_rsa_export_ExpectAnyArgsAndReturn( 0 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+/* -------------------------------------------------------------------------------------------------------------------- */
+
+        /* CKA_PUBLIC_EXPONENT case */
+        /* Failure path */
+        xTemplates[ 0 ].type = CKA_PUBLIC_EXPONENT;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 1 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
+
+        /* CKA_PUBLIC_EXPONENT case */
+        /* Success path */
+        xTemplates[ 0 ].type = CKA_PUBLIC_EXPONENT;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 0 );
+        mbedtls_rsa_export_ExpectAnyArgsAndReturn( 0 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+/* -------------------------------------------------------------------------------------------------------------------- */
+
+        /* CKA_PRIME_1 case */
+        /* Failure path */
+        xTemplates[ 0 ].type = CKA_PRIME_1;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 1 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
+
+        /* CKA_PRIME_1 case */
+        /* Success path */
+        xTemplates[ 0 ].type = CKA_PRIME_1;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 0 );
+        mbedtls_rsa_export_ExpectAnyArgsAndReturn( 0 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+/* -------------------------------------------------------------------------------------------------------------------- */
+
+        /* CKA_PRIME_2 case */
+        /* Failure path */
+        xTemplates[ 0 ].type = CKA_PRIME_2;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 1 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
+
+        /* CKA_PRIME_2 case */
+        /* Success path */
+        xTemplates[ 0 ].type = CKA_PRIME_2;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 0 );
+        mbedtls_rsa_export_ExpectAnyArgsAndReturn( 0 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+/* -------------------------------------------------------------------------------------------------------------------- */
+
+        /* CKA_PRIVATE_EXPONENT case */
+        /* Failure path */
+        xTemplates[ 0 ].type = CKA_PRIVATE_EXPONENT;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 1 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
+
+        /* CKA_PRIVATE_EXPONENT case */
+        /* Success path */
+        xTemplates[ 0 ].type = CKA_PRIVATE_EXPONENT;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 0 );
+        mbedtls_rsa_export_ExpectAnyArgsAndReturn( 0 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+/* -------------------------------------------------------------------------------------------------------------------- */
+
+        /* CKA_PRIVATE_EXPONENT case */
+        /* Failure path */
+        xTemplates[ 0 ].type = CKA_PRIVATE_EXPONENT;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 1 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
+
+        /* CKA_PRIVATE_EXPONENT case */
+        /* Success path */
+        xTemplates[ 0 ].type = CKA_PRIVATE_EXPONENT;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 0 );
+        mbedtls_rsa_export_ExpectAnyArgsAndReturn( 0 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+/* -------------------------------------------------------------------------------------------------------------------- */
+
+        /* CKA_EXPONENT_1 case */
+        /* Failure path */
+        xTemplates[ 0 ].type = CKA_EXPONENT_1;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 1 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
+
+        /* CKA_EXPONENT_1 case */
+        /* Success path */
+        xTemplates[ 0 ].type = CKA_EXPONENT_1;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 0 );
+        mbedtls_rsa_export_crt_ExpectAnyArgsAndReturn( 0 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+/* -------------------------------------------------------------------------------------------------------------------- */
+
+        /* CKA_EXPONENT_2 case */
+        /* Failure path */
+        xTemplates[ 0 ].type = CKA_EXPONENT_2;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 1 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
+
+        /* CKA_EXPONENT_2 case */
+        /* Success path */
+        xTemplates[ 0 ].type = CKA_EXPONENT_2;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 0 );
+        mbedtls_rsa_export_crt_ExpectAnyArgsAndReturn( 0 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+/* -------------------------------------------------------------------------------------------------------------------- */
+
+        /* CKA_COEFFICIENT case */
+        /* Failure path */
+        xTemplates[ 0 ].type = CKA_COEFFICIENT;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 1 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
+
+        /* CKA_COEFFICIENT case */
+        /* Success path */
+        xTemplates[ 0 ].type = CKA_COEFFICIENT;
+        xTemplates[ 0 ].pValue = &( xMpi );
+        xTemplates[ 0 ].ulValueLen = sizeof( mbedtls_mpi );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_mpi_grow_ExpectAnyArgsAndReturn( 0 );
+        mbedtls_rsa_export_crt_ExpectAnyArgsAndReturn( 0 );
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+/* -------------------------------------------------------------------------------------------------------------------- */
+    }
+
+    if( TEST_PROTECT() )
+    {
+        prvCommonDeinitStubs( &xSession );
+    }
+}
+
+/*!
+ * @brief C_GetAttributeValue paths.
+ *
+ */
+void test_pkcs11_C_GetAttributeValueModulusNullRsaContext( void )
+{
+    CK_RV xResult = CKR_OK;
+    CK_SESSION_HANDLE xSession = 0;
+    CK_OBJECT_HANDLE xObject = 0;
+    CK_ULONG ulCount = 1;
+    CK_ATTRIBUTE xTemplates[ 1 ] = { 0 };
+    mbedtls_pk_context xKeyContext = { NULL, NULL };
+    CK_BYTE ulPoint[ pkcs11EC_POINT_LENGTH ] = { 0 };
+
+    prvCommonInitStubs( &xSession );
+
+    if( TEST_PROTECT() )
+    {
+        xResult = prvCreateEcPriv( &xSession, &xObject );
+        TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+        mbedtls_pk_init_ExpectAnyArgs();
+        mbedtls_pk_init_ReturnThruPtr_ctx( &xKeyContext );
+        mbedtls_x509_crt_init_CMockIgnore();
+        PKCS11_PAL_GetObjectValueCleanup_CMockIgnore();
+        mbedtls_pk_free_CMockIgnore();
+        mbedtls_x509_crt_free_CMockIgnore();
+
+        /* MODULUS case*/
+        xTemplates[ 0 ].type = CKA_MODULUS;
+        xTemplates[ 0 ].pValue = &ulPoint;
+        xTemplates[ 0 ].ulValueLen = ( sizeof( mbedtls_mpi ) );
+
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_FUNCTION_FAILED, xResult );
+        TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplates[ 0 ].ulValueLen );
+    }
+
+    if( TEST_PROTECT() )
+    {
+        prvCommonDeinitStubs( &xSession );
+    }
+}
+
+
+/*!
+ * @brief C_GetAttributeValue paths.
+ *
+ */
+void test_pkcs11_C_GetAttributeValueModulusBadPath( void )
+{
+    CK_RV xResult = CKR_OK;
+    CK_SESSION_HANDLE xSession = 0;
+    CK_OBJECT_HANDLE xObject = 0;
+    CK_ULONG ulCount = 1;
+    CK_ATTRIBUTE xTemplates[ 1 ] = { 0 };
+    CK_BYTE ulPoint[ pkcs11EC_POINT_LENGTH ] = { 0 };
+
+    prvCommonInitStubs( &xSession );
+
+    if( TEST_PROTECT() )
+    {
+        xResult = prvCreateEcPriv( &xSession, &xObject );
+        TEST_ASSERT_EQUAL( CKR_OK, xResult );
+
+        mbedtls_pk_init_CMockIgnore();
+        mbedtls_x509_crt_init_CMockIgnore();
+        PKCS11_PAL_GetObjectValueCleanup_CMockIgnore();
+        mbedtls_pk_free_CMockIgnore();
+        mbedtls_x509_crt_free_CMockIgnore();
+
+        /* MODULUS case*/
+        xTemplates[ 0 ].type = CKA_MODULUS;
+        xTemplates[ 0 ].pValue = NULL;
+        xTemplates[ 0 ].ulValueLen = 0;
+
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_OK, xResult );
+        TEST_ASSERT_EQUAL( sizeof( mbedtls_mpi ), xTemplates[ 0 ].ulValueLen );
+
+/* -------------------------------------------------------------------------------------------------------------------- */
+
+        /* MODULUS case*/
+        /* CKR_BUFFER_TOO_SMALL should be returned when mbedtls return buffer too small. */
+        xTemplates[ 0 ].type = CKA_MODULUS;
+        xTemplates[ 0 ].pValue = &ulPoint;
+        xTemplates[ 0 ].ulValueLen = ( sizeof( mbedtls_mpi ) - 1 );
+
+        xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplates, ulCount );
+
+        TEST_ASSERT_EQUAL( CKR_BUFFER_TOO_SMALL, xResult );
+
+/* -------------------------------------------------------------------------------------------------------------------- */
+    }
+
+    if( TEST_PROTECT() )
+    {
+        prvCommonDeinitStubs( &xSession );
+    }
+}
+
+
+
 /*!
  * @brief C_GetAttributeValue paths.
  *
@@ -3688,7 +4138,7 @@ void test_pkcs11_C_GetAttributeValuePrivKey( void )
         TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_VALUE_INVALID, xResult );
         TEST_ASSERT_EQUAL( CK_UNAVAILABLE_INFORMATION, xTemplate.ulValueLen );
 
-        xTemplate.type = CKA_PRIVATE_EXPONENT;
+        xTemplate.type = CKA_VALUE;
         mbedtls_pk_parse_key_ExpectAnyArgsAndReturn( 0 );
         xResult = C_GetAttributeValue( xSession, xObject, ( CK_ATTRIBUTE_PTR ) &xTemplate, ulCount );
         TEST_ASSERT_EQUAL( CKR_ATTRIBUTE_SENSITIVE, xResult );
diff --git a/tools/coverity/README.md b/tools/coverity/README.md
index e6ca3a90..549b5596 100644
--- a/tools/coverity/README.md
+++ b/tools/coverity/README.md
@@ -1,6 +1,6 @@
 # Static code analysis for corePKCS11 library
 This directory is made for the purpose of statically testing the MISRA C:2012 compliance of corePKCS11 using
-[Synopsys Coverity](https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html) static analysis tool.
+[Synopsys Coverity](https://www.blackduck.com/static-analysis-tools-sast/coverity.html) static analysis tool.
 To that end, this directory provides a [configuration file](https://github.com/FreeRTOS/corePKCS11/blob/main/tools/coverity/misra.config) to use when
 building a binary for the tool to analyze.