[Cryptech-Commits] [sw/pkcs11] branch master updated: Move hal_pkey_* columns from the object table into {session, token}_object tables to preserve the mapping from pkcs11 token objects to libhal pkey objects.
git at cryptech.is
git at cryptech.is
Tue Jun 28 20:26:50 UTC 2016
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch master
in repository sw/pkcs11.
The following commit(s) were added to refs/heads/master by this push:
new 5b29ea6 Move hal_pkey_* columns from the object table into {session,token}_object tables to preserve the mapping from pkcs11 token objects to libhal pkey objects.
5b29ea6 is described below
commit 5b29ea6472dd5ac71771ce9dc61c1193f81267a5
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Tue Jun 28 16:11:44 2016 -0400
Move hal_pkey_* columns from the object table into
{session,token}_object tables to preserve the mapping from pkcs11 token
objects to libhal pkey objects.
---
pkcs11.c | 39 +++++++++++++++++++++++----------------
schema.sql | 8 +++++---
2 files changed, 28 insertions(+), 19 deletions(-)
diff --git a/pkcs11.c b/pkcs11.c
index 641c032..52e5e47 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -1449,8 +1449,12 @@ static int p11_object_bind_pkey(const p11_session_t * const session,
{
assert(session != NULL && der != NULL && ski != NULL);
- static const char update_pkey_ski[] =
- " UPDATE object SET hal_pkey_type = ?1, hal_pkey_ski = ?2 WHERE object_handle = ?3";
+ static const char update_format[] =
+ " UPDATE %s_object SET hal_pkey_type = ?1, hal_pkey_ski = ?2"
+ " WHERE %s_object_id = (SELECT %s_object_id FROM object WHERE object_handle = ?3)";
+
+ const char *flavor_1 = is_token_handle(object_handle_1) ? "token" : "session";
+ const char *flavor_2 = is_token_handle(object_handle_2) ? "token" : "session";
hal_hash_handle_t hash = {HAL_HANDLE_NONE};
@@ -1466,21 +1470,23 @@ static int p11_object_bind_pkey(const p11_session_t * const session,
if (!ok)
return 0;
- sqlite3_stmt *q = NULL;
+ sqlite3_stmt *q1 = NULL, *q2 = NULL;
- ok = (sql_check_ok(sql_prepare(&q, update_pkey_ski)) &&
- sql_check_ok(sqlite3_bind_int64(q, 1, pkey_type_1)) &&
- sql_check_ok(sqlite3_bind_blob( q, 2, ski, ski_len, NULL)) &&
- sql_check_ok(sqlite3_bind_int64(q, 3, object_handle_1)) &&
- sql_check_done(sqlite3_step(q)));
+ ok = (sql_check_ok(sql_prepare(&q1, update_format, flavor_1, flavor_1, flavor_1)) &&
+ sql_check_ok(sqlite3_bind_int64(q1, 1, pkey_type_1)) &&
+ sql_check_ok(sqlite3_bind_blob( q1, 2, ski, ski_len, NULL)) &&
+ sql_check_ok(sqlite3_bind_int64(q1, 3, object_handle_1)) &&
+ sql_check_done(sqlite3_step(q1)));
if (ok && object_handle_2 != CK_INVALID_HANDLE)
- ok = (sql_check_ok(sqlite3_reset(q)) &&
- sql_check_ok(sqlite3_bind_int64(q, 1, pkey_type_2)) &&
- sql_check_ok(sqlite3_bind_int64(q, 3, object_handle_2)) &&
- sql_check_done(sqlite3_step(q)));
+ ok = (sql_check_ok(sql_prepare(&q2, update_format, flavor_2, flavor_2, flavor_2)) &&
+ sql_check_ok(sqlite3_bind_int64(q2, 1, pkey_type_2)) &&
+ sql_check_ok(sqlite3_bind_blob( q2, 2, ski, ski_len, NULL)) &&
+ sql_check_ok(sqlite3_bind_int64(q2, 3, object_handle_2)) &&
+ sql_check_done(sqlite3_step(q2)));
- sqlite3_finalize(q);
+ sqlite3_finalize(q1);
+ sqlite3_finalize(q2);
return ok;
}
@@ -1744,16 +1750,17 @@ static int p11_object_get_pkey_handle(const p11_session_t * const session,
const CK_OBJECT_HANDLE object_handle,
hal_pkey_handle_t *pkey_handle)
{
- static const char select_query[] =
- " SELECT hal_pkey_type, hal_pkey_ski FROM object WHERE object_handle = ?1";
+ static const char select_format[] =
+ " SELECT hal_pkey_type, hal_pkey_ski FROM %s_object NATURAL JOIN object WHERE object_handle = ?1";
hal_key_flags_t flags = is_token_handle(object_handle) ? 0 : HAL_KEY_FLAG_PROXIMATE;
+ const char *flavor = is_token_handle(object_handle) ? "token" : "session";
sqlite3_stmt *q = NULL;
int ok = 0;
assert(pkey_handle != NULL);
- if (!sql_check_ok(sql_prepare(&q, select_query)) ||
+ if (!sql_check_ok(sql_prepare(&q, select_format, flavor)) ||
!sql_check_ok(sqlite3_bind_int64(q, 1, object_handle)) ||
!sql_check_row(sqlite3_step(q)) ||
sqlite3_column_type(q, 0) != SQLITE_INTEGER ||
diff --git a/schema.sql b/schema.sql
index bc984ab..9de8ce2 100644
--- a/schema.sql
+++ b/schema.sql
@@ -63,8 +63,6 @@ CREATE TEMPORARY TABLE IF NOT EXISTS object (
object_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
object_handle INTEGER NOT NULL UNIQUE
CHECK (object_handle > 0 AND object_handle <= 0xFFFFFFFF),
- hal_pkey_type INTEGER,
- hal_pkey_ski BLOB,
session_id INTEGER REFERENCES session
ON DELETE CASCADE ON UPDATE CASCADE
DEFERRABLE INITIALLY DEFERRED,
@@ -79,6 +77,8 @@ CREATE TEMPORARY TABLE IF NOT EXISTS object (
CREATE TEMPORARY TABLE IF NOT EXISTS session_object (
session_object_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+ hal_pkey_type INTEGER,
+ hal_pkey_ski BLOB,
object_id INTEGER NOT NULL UNIQUE
REFERENCES object
ON DELETE CASCADE ON UPDATE CASCADE
@@ -94,7 +94,9 @@ CREATE TEMPORARY TABLE IF NOT EXISTS session_attribute (
);
CREATE TABLE IF NOT EXISTS token_object (
- token_object_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL
+ token_object_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+ hal_pkey_type INTEGER,
+ hal_pkey_ski BLOB
);
CREATE TABLE IF NOT EXISTS token_attribute (
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Commits
mailing list