Cybersecurity-Projects/PROJECTS/advanced/hsm-emulator/tests
CarterPerez-dev f70ca3f32c feat(hsm-emulator): M10 crypto-surface, M11 conformance, deep-audit hardening
M10 (crypto-surface): RUP-safe buffered AES-GCM streaming (16 MiB cap),
DigestEncrypt/SignEncrypt/DecryptDigest/DecryptVerify dual functions
(decrypt-side CBC-only), RSA C_SignRecover/C_VerifyRecover (CKM_RSA_PKCS),
digest-only Get/SetOperationState.

M11 (conformance): spec-correct C_WaitForSlotEvent (DONT_BLOCK->CKR_NO_EVENT,
blocking->FUNCTION_NOT_SUPPORTED, pReserved->ARGUMENTS_BAD) + CKF_DONT_BLOCK;
public learn/CONFORMANCE.md documenting every deliberate N/A with its OASIS
v2.40 section and exact return code.

Deep project audit (5 read-only dimension agents, 0 Critical/High):
- fix: C_Finalize-vs-fast-path use-after-free race -- replace lockless
  state.current() with state.acquire() (lock + verify-live atomically)
  across all ~57 entry points
- fix: enforce CKR_PIN_LEN_RANGE on the new PIN in InitToken/InitPIN/SetPIN
- fix: clear a stale sealed flag on Object.set replace (login-unseal wedge)
- harden: zeroize CBC plaintext stack temporaries; Debug leak-assert at
  C_Finalize turns smoke into an API-layer leak gate
- test: ABI layout-check PSS/OAEP param structs; +sealed-flag regression

Proven: 76/76 unit (Debug + ReleaseSafe), in-process smoke (with PIN-length
asserts), cross-process pkcs11-tool (init/pin/RSA keygen+sign/wrong-pin).
.so exports only C_GetFunctionList.
2026-06-02 06:48:25 -04:00
..
abi_test.zig feat(hsm-emulator): M10 crypto-surface, M11 conformance, deep-audit hardening 2026-06-02 06:48:25 -04:00