Merge pull request #421 from Yubico/yes_review

Fix review comments
Yubico · Sep 2, 2024 · bf1bf0d · bf1bf0d
2 parents d1f325f + c505f8c
commit bf1bf0d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/lib/yubihsm.c b/lib/yubihsm.c
@@ -1393,7 +1393,7 @@ yh_rc yh_util_get_partnumber(yh_connector *connector, char *part_number,
   }
   memcpy(part_number, response, response_len);
   part_number[response_len] = 0;
-  *part_number_len = response_len;
+  *part_number_len = response_len + 1;
 
   return YHR_SUCCESS;
 }
@@ -2919,6 +2919,12 @@ do_rsa_wrap(yh_cmd cmd,
     return YHR_INVALID_PARAMETERS;
   }
 
+  if (oaep_label_len != 20 && oaep_label_len != 32 && oaep_label_len != 48 &&
+      oaep_label_len != 64) {
+    DBG_ERR("Wrong digest length. %s", yh_strerror(YHR_INVALID_PARAMETERS));
+    return YHR_INVALID_PARAMETERS;
+  }
+
 #pragma pack(push, 1)
   union {
     struct {

diff --git a/resources/tests/bash/test_wrapkey.sh b/resources/tests/bash/test_wrapkey.sh
@@ -290,9 +290,9 @@ for k in ${RSA_KEYSIZE[@]}; do
     rm data.enc
 
     echo "=== Wrap and unwrap AES key material with generated RSA wrap key"
-    test "$BIN -p password -a get-rsa-wrapped-key --wrap-id $keyid -i $aeskey -t symmetric-key --oaep rsa-oaep-sha1 --mgf1 mgf1-sha384 --out rsawrapped.key" "   Export wrapped AES key material"
+    test "$BIN -p password -a get-rsa-wrapped-key --wrap-id $keyid -i $aeskey -t symmetric-key --oaep rsa-oaep-sha384 --mgf1 mgf1-sha1 --out rsawrapped.key" "   Export wrapped AES key material"
     test "$BIN -p password -a delete-object -i $aeskey -t symmetric-key" "   Delete AES key"
-    test "$BIN -p password -a put-rsa-wrapped-key --wrap-id $keyid -i $aeskey -t symmetric-key -A aes128 -c exportable-under-wrap,decrypt-cbc,encrypt-cbc --oaep rsa-oaep-sha1 --mgf1 mgf1-sha384 --in rsawrapped.key" "   Import wrapped AES key material"
+    test "$BIN -p password -a put-rsa-wrapped-key --wrap-id $keyid -i $aeskey -t symmetric-key -A aes128 -c exportable-under-wrap,decrypt-cbc,encrypt-cbc --oaep rsa-oaep-sha384 --mgf1 mgf1-sha1 --in rsawrapped.key" "   Import wrapped AES key material"
     info=$($BIN -p password -a get-object-info -i $aeskey -t symmetric-key  2> /dev/null)
     seq_aes=$((seq_aes+1))
     cmp_str_content "$info" "sequence: $seq_aes" "Sequence"
@@ -337,9 +337,9 @@ for k in ${RSA_KEYSIZE[@]}; do
   rm rsawrapped.object
 
   echo "=== Wrap and unwrap EC key material with imported RSA wrap key"
-  test "$BIN -p password -a get-rsa-wrapped-key --wrap-id $import_keyid -i $eckey -t asymmetric-key --oaep rsa-oaep-sha1 --mgf1 mgf1-sha384 --out rsawrapped.key" "   Export wrapped EC key material"
+  test "$BIN -p password -a get-rsa-wrapped-key --wrap-id $import_keyid -i $eckey -t asymmetric-key --oaep rsa-oaep-sha512 --mgf1 mgf1-sha512 --out rsawrapped.key" "   Export wrapped EC key material"
   test "$BIN -p password -a delete-object -i $eckey -t asymmetric-key" "   Delete EC key"
-  test "$BIN -p password -a put-rsa-wrapped-key --wrap-id $import_keyid -i $eckey -t asymmetric-key -A ecp224 -c exportable-under-wrap,sign-ecdsa --oaep rsa-oaep-sha1 --mgf1 mgf1-sha384 --in rsawrapped.key" "   Import wrapped EC key material"
+  test "$BIN -p password -a put-rsa-wrapped-key --wrap-id $import_keyid -i $eckey -t asymmetric-key -A ecp224 -c exportable-under-wrap,sign-ecdsa --oaep rsa-oaep-sha512 --mgf1 mgf1-sha512 --in rsawrapped.key" "   Import wrapped EC key material"
   info=$($BIN -p password -a get-object-info -i $eckey -t asymmetric-key  2> /dev/null)
   seq_ec=$((seq_ec+1))
   cmp_str_content "$info" "sequence: $seq_ec" "Sequence"