From 2af539521ecdd2a14fbc66878b0009a860cc5abb Mon Sep 17 00:00:00 2001 From: Helder Eijs Date: Sun, 12 Apr 2026 23:57:01 +0200 Subject: [PATCH 1/3] Fix bug 226 --- pkcs11/attributes.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkcs11/attributes.py b/pkcs11/attributes.py index eacd419..3ac92a1 100644 --- a/pkcs11/attributes.py +++ b/pkcs11/attributes.py @@ -209,7 +209,7 @@ def public_key_template( label: str | None, store: bool, ) -> dict[Attribute, Any]: - template = self.default_public_key_template + template = dict(self.default_public_key_template) _apply_capabilities( template, (Attribute.ENCRYPT, Attribute.WRAP, Attribute.VERIFY), capabilities ) @@ -224,7 +224,7 @@ def private_key_template( label: str | None, store: bool, ) -> dict[Attribute, Any]: - template = self.default_private_key_template + template = dict(self.default_private_key_template) _apply_capabilities( template, (Attribute.DECRYPT, Attribute.UNWRAP, Attribute.SIGN, Attribute.DERIVE), From ce3b5aa365db89165506c9e142e9f3df0a096ac7 Mon Sep 17 00:00:00 2001 From: Helder Eijs Date: Mon, 13 Apr 2026 09:33:55 +0200 Subject: [PATCH 2/3] Add regression test --- tests/test_attributes.py | 66 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100755 tests/test_attributes.py diff --git a/tests/test_attributes.py b/tests/test_attributes.py new file mode 100755 index 0000000..dc265f0 --- /dev/null +++ b/tests/test_attributes.py @@ -0,0 +1,66 @@ +""" +PKCS#11 attribute mapper tests. +""" + +import unittest + +from pkcs11 import Attribute, MechanismFlag +from pkcs11.attributes import AttributeMapper + + +class AttributeMapperTests(unittest.TestCase): + def test_public_key_template_is_not_shared_between_calls(self): + mapper = AttributeMapper() + + rsa_template = mapper.public_key_template( + capabilities=MechanismFlag.ENCRYPT | MechanismFlag.VERIFY, + id_=b"rsa", + label="rsa", + store=True, + ) + rsa_template.update( + { + Attribute.PUBLIC_EXPONENT: b"\x01\x00\x01", + Attribute.MODULUS_BITS: 4096, + } + ) + + ec_template = mapper.public_key_template( + capabilities=MechanismFlag.VERIFY, + id_=b"ec", + label="ec", + store=False, + ) + + self.assertNotIn(Attribute.PUBLIC_EXPONENT, mapper.default_public_key_template) + self.assertNotIn(Attribute.MODULUS_BITS, mapper.default_public_key_template) + self.assertNotIn(Attribute.PUBLIC_EXPONENT, ec_template) + self.assertNotIn(Attribute.MODULUS_BITS, ec_template) + self.assertEqual(ec_template[Attribute.ID], b"ec") + self.assertEqual(ec_template[Attribute.LABEL], "ec") + self.assertFalse(ec_template[Attribute.TOKEN]) + + def test_private_key_template_is_not_shared_between_calls(self): + mapper = AttributeMapper() + + rsa_template = mapper.private_key_template( + capabilities=MechanismFlag.DECRYPT | MechanismFlag.SIGN, + id_=b"rsa", + label="rsa", + store=True, + ) + rsa_template[Attribute.EXTRACTABLE] = True + + ec_template = mapper.private_key_template( + capabilities=MechanismFlag.SIGN | MechanismFlag.DERIVE, + id_=b"ec", + label="ec", + store=False, + ) + + self.assertNotIn(Attribute.EXTRACTABLE, mapper.default_private_key_template) + self.assertNotIn(Attribute.EXTRACTABLE, ec_template) + self.assertEqual(ec_template[Attribute.ID], b"ec") + self.assertEqual(ec_template[Attribute.LABEL], "ec") + self.assertFalse(ec_template[Attribute.TOKEN]) + From 51bdf34d298b94f0711c4bd69d0531b50acc6b29 Mon Sep 17 00:00:00 2001 From: Helder Eijs Date: Mon, 13 Apr 2026 12:53:31 +0200 Subject: [PATCH 3/3] Fix ruff check --- tests/test_attributes.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/test_attributes.py b/tests/test_attributes.py index dc265f0..4686b8f 100755 --- a/tests/test_attributes.py +++ b/tests/test_attributes.py @@ -63,4 +63,3 @@ def test_private_key_template_is_not_shared_between_calls(self): self.assertEqual(ec_template[Attribute.ID], b"ec") self.assertEqual(ec_template[Attribute.LABEL], "ec") self.assertFalse(ec_template[Attribute.TOKEN]) -