1 files changed, 30 insertions, 11 deletions

diff --git a/unit-tests.py b/unit-tests.py
index 338af64..8b86d44 100644
--- a/unit-tests.py
+++ b/unit-tests.py
@@ -657,7 +657,7 @@ class TestPKeyAttribute(TestCaseLoggedIn):
         try:
             with hsm.pkey_open(uuid) as pkey:
                 pkey.delete()
-        except:
+        except Exception as e:
             logger.debug("Problem deleting key %s: %s", uuid, e)
 
     def load_and_fill(self, flags, n_keys = 1, n_attrs = 2, n_fill = 0):
@@ -671,17 +671,36 @@ class TestPKeyAttribute(TestCaseLoggedIn):
                                           for j in xrange(n_attrs)))
                     pinwheel()
 
+    # These sizes work with a 4096-byte keystore block; if you tweak
+    # the undelrying block size, you may need to tweak these tests too.
+
+    def test_attribute_svelt_volatile_many(self):
+        self.load_and_fill(0, n_attrs = 64)
+
     def test_attribute_bloat_volatile_many(self):
-        self.load_and_fill(0, n_attrs = 128) # 192
+        with self.assertRaises(HAL_ERROR_RESULT_TOO_LONG):
+            self.load_and_fill(0, n_attrs = 128)
+
+    def test_attribute_svelt_volatile_big(self):
+        self.load_and_fill(0, n_attrs = 6, n_fill = 256)
 
     def test_attribute_bloat_volatile_big(self):
-        self.load_and_fill(0, n_attrs = 6, n_fill = 512)
+        with self.assertRaises(HAL_ERROR_RESULT_TOO_LONG):
+            self.load_and_fill(0, n_attrs = 6, n_fill = 512)
+
+    def test_attribute_svelt_token_many(self):
+        self.load_and_fill(HAL_KEY_FLAG_TOKEN, n_attrs = 64)
 
     def test_attribute_bloat_token_many(self):
-        self.load_and_fill(HAL_KEY_FLAG_TOKEN, n_attrs = 128)
+        with self.assertRaises(HAL_ERROR_RESULT_TOO_LONG):
+            self.load_and_fill(HAL_KEY_FLAG_TOKEN, n_attrs = 128)
+
+    def test_attribute_svelt_token_big(self):
+        self.load_and_fill(HAL_KEY_FLAG_TOKEN, n_attrs = 6, n_fill = 256)
 
     def test_attribute_bloat_token_big(self):
-        self.load_and_fill(HAL_KEY_FLAG_TOKEN, n_attrs = 4, n_fill = 512) # [16, 1024]
+        with self.assertRaises(HAL_ERROR_RESULT_TOO_LONG):
+            self.load_and_fill(HAL_KEY_FLAG_TOKEN, n_attrs = 6, n_fill = 512)
 
 
 @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
@@ -1016,6 +1035,10 @@ class AESKeyWrapWithPadding(object):
         step = -1 if start > stop else 1
         return xrange(start, stop + step, step)
 
+    @staticmethod
+    def _xor(R0, t):
+        return pack(">Q", unpack(">Q", R0)[0] ^ t)
+
     def wrap(self, Q):
         "RFC 5649 section 4.1."
         m = len(Q)                              # Plaintext length
@@ -1032,9 +1055,7 @@ class AESKeyWrapWithPadding(object):
             for j in self._start_stop(0, 5):
                 for i in self._start_stop(1, n):
                     R[0], R[i] = self._encrypt(R[0], R[i])
-                    W0, W1 = unpack(">LL", R[0])
-                    W1 ^= n * j + i
-                    R[0] = pack(">LL", W0, W1)
+                    R[0] = self._xor(R[0], n * j + i)
         assert len(R) == (n + 1) and all(len(r) == 8 for r in R)
         return "".join(R)
 
@@ -1051,9 +1072,7 @@ class AESKeyWrapWithPadding(object):
             # RFC 3394 section 2.2.2 steps (1), (2), and part of (3)
             for j in self._start_stop(5, 0):
                 for i in self._start_stop(n, 1):
-                    W0, W1 = unpack(">LL", R[0])
-                    W1 ^= n * j + i
-                    R[0] = pack(">LL", W0, W1)
+                    R[0] = self._xor(R[0], n * j + i)
                     R[0], R[i] = self._decrypt(R[0], R[i])
         magic, m = unpack(">LL", R[0])
         if magic != 0xa65959a6: