[Cryptech-Commits] [sw/pkcs11] 04/05: Doh, C_GetAttributeValue() lost descriptor lookup during conversion from SQL.
git at cryptech.is
git at cryptech.is
Tue Nov 22 05:27:39 UTC 2016
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch ksng
in repository sw/pkcs11.
commit eff8f1875aae79760009b8b60d2a94af2d4da779
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Tue Nov 22 00:19:36 2016 -0500
Doh, C_GetAttributeValue() lost descriptor lookup during conversion from SQL.
Track change from hal_rpc_pkey_attribute_t to hal_pkey_attribute_t.
---
pkcs11.c | 52 +++++++++++++++++++++++++++++-----------------------
1 file changed, 29 insertions(+), 23 deletions(-)
diff --git a/pkcs11.c b/pkcs11.c
index 4a91e09..821b037 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -155,7 +155,7 @@ typedef struct p11_session {
CK_STATE state; /* State (CKS_*) of this session */
CK_NOTIFY notify; /* Notification callback */
CK_VOID_PTR application; /* Application data */
- hal_rpc_pkey_attribute_t *find_query; /* FindObject*() query state */
+ hal_pkey_attribute_t *find_query; /* FindObject*() query state */
unsigned find_query_token : 1; /* Find query for token objects in progress */
unsigned find_query_session : 1; /* Find query for session objects in progress */
unsigned find_query_n : 30; /* Number of entries in find_query */
@@ -779,7 +779,7 @@ static int p11_attributes_set(const hal_pkey_handle_t pkey,
const CK_ATTRIBUTE_PTR template,
const CK_ULONG template_length,
const p11_descriptor_t * const descriptor,
- const hal_rpc_pkey_attribute_t *extra,
+ const hal_pkey_attribute_t *extra,
const unsigned extra_length)
{
assert(template != NULL && descriptor != NULL && (extra_length == 0 || extra != NULL));
@@ -800,7 +800,7 @@ static int p11_attributes_set(const hal_pkey_handle_t pkey,
* private.
*/
- hal_rpc_pkey_attribute_t attributes[template_length + descriptor->n_attributes + extra_length];
+ hal_pkey_attribute_t attributes[template_length + descriptor->n_attributes + extra_length];
unsigned n = 0;
for (int i = 0; i < template_length; i++) {
@@ -1181,7 +1181,7 @@ static int p11_object_create_rsa_public_key(const p11_session_t * const session,
CK_OBJECT_HANDLE_PTR phObject,
const hal_key_flags_t flags)
{
- const hal_rpc_pkey_attribute_t extra[] = {
+ const hal_pkey_attribute_t extra[] = {
{.type = CKA_LOCAL, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)}
};
@@ -1242,7 +1242,7 @@ static int p11_object_create_ec_public_key(const p11_session_t * const session,
CK_OBJECT_HANDLE_PTR phObject,
const hal_key_flags_t flags)
{
- const hal_rpc_pkey_attribute_t extra[] = {
+ const hal_pkey_attribute_t extra[] = {
{.type = CKA_LOCAL, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)}
};
@@ -1304,7 +1304,7 @@ static int p11_object_create_rsa_private_key(const p11_session_t * const session
CK_OBJECT_HANDLE_PTR phObject,
const hal_key_flags_t flags)
{
- const hal_rpc_pkey_attribute_t extra[] = {
+ const hal_pkey_attribute_t extra[] = {
{.type = CKA_LOCAL, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)},
{.type = CKA_ALWAYS_SENSITIVE, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)},
{.type = CKA_NEVER_EXTRACTABLE, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)}
@@ -1388,7 +1388,7 @@ static int p11_object_create_ec_private_key(const p11_session_t * const session,
CK_OBJECT_HANDLE_PTR phObject,
const hal_key_flags_t flags)
{
- const hal_rpc_pkey_attribute_t extra[] = {
+ const hal_pkey_attribute_t extra[] = {
{.type = CKA_LOCAL, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)},
{.type = CKA_ALWAYS_SENSITIVE, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)},
{.type = CKA_NEVER_EXTRACTABLE, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)}
@@ -1973,7 +1973,7 @@ static CK_RV generate_keypair_rsa_pkcs(p11_session_t *session,
if (!hal_check(hal_rsa_key_get_modulus(key, modulus, NULL, sizeof(modulus))))
lose(CKR_FUNCTION_FAILED);
- const hal_rpc_pkey_attribute_t extra[] = {
+ const hal_pkey_attribute_t extra[] = {
{.type = CKA_LOCAL,
.value = &const_CK_TRUE, .length = sizeof(const_CK_TRUE)},
{.type = CKA_KEY_GEN_MECHANISM,
@@ -2073,7 +2073,7 @@ static CK_RV generate_keypair_ec(p11_session_t *session,
if (!hal_check(hal_ecdsa_key_to_ecpoint(key, point, NULL, sizeof(point))))
lose(CKR_FUNCTION_FAILED);
- const hal_rpc_pkey_attribute_t extra[] = {
+ const hal_pkey_attribute_t extra[] = {
{.type = CKA_LOCAL,
.value = &const_CK_TRUE, .length = sizeof(const_CK_TRUE)},
{.type = CKA_KEY_GEN_MECHANISM,
@@ -2307,7 +2307,7 @@ static int get_signature_len(const hal_pkey_handle_t pkey,
{
assert(signature_len != NULL);
- hal_rpc_pkey_attribute_t attribute;
+ hal_pkey_attribute_t attribute;
uint8_t attribute_buffer[sizeof(CK_KEY_TYPE)];
hal_curve_name_t curve;
CK_BYTE oid[20];
@@ -2321,7 +2321,8 @@ static int get_signature_len(const hal_pkey_handle_t pkey,
case CKK_RSA:
attribute.type = CKA_MODULUS;
- if (!hal_check(hal_rpc_pkey_get_attributes(pkey, &attribute, 1, NULL, 0)))
+ if (!hal_check(hal_rpc_pkey_get_attributes(pkey, &attribute, 1, NULL, 0)) ||
+ attribute.length == HAL_PKEY_ATTRIBUTE_NIL)
return 0;
*signature_len = attribute.length;
return 1;
@@ -2936,7 +2937,7 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession)
{
assert(p11_session_consistent_login());
- const hal_rpc_pkey_attribute_t attrs[] = {
+ const hal_pkey_attribute_t attrs[] = {
{.type = CKA_PRIVATE, .value = &const_CK_TRUE, .length = sizeof(const_CK_TRUE)}
};
@@ -3121,7 +3122,7 @@ CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession,
uint8_t attributes_buffer[2 * sizeof(CK_BBOOL)];
hal_pkey_handle_t pkey = {HAL_HANDLE_NONE};
- hal_rpc_pkey_attribute_t attributes[] = {
+ hal_pkey_attribute_t attributes[] = {
[0].type = CKA_PRIVATE,
[1].type = CKA_TOKEN
};
@@ -3171,6 +3172,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,
const p11_descriptor_t *descriptor = NULL;
CK_BBOOL cka_extractable, cka_sensitive;
CK_OBJECT_CLASS cka_class;
+ CK_KEY_TYPE cka_key_type;
CK_BBOOL cka_private;
CK_BBOOL cka_token;
int sensitive_object = 0;
@@ -3188,12 +3190,13 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,
lose(CKR_OBJECT_HANDLE_INVALID);
{
- hal_rpc_pkey_attribute_t attributes[] = {
+ hal_pkey_attribute_t attributes[] = {
[0].type = CKA_CLASS,
[1].type = CKA_PRIVATE,
- [2].type = CKA_TOKEN
+ [2].type = CKA_TOKEN,
+ [3].type = CKA_KEY_TYPE
};
- uint8_t attributes_buffer[sizeof(CK_OBJECT_CLASS) + 2 * sizeof(CK_BBOOL)];
+ uint8_t attributes_buffer[sizeof(CK_OBJECT_CLASS) + 2 * sizeof(CK_BBOOL) + sizeof(CK_KEY_TYPE)];
if (!hal_check(hal_rpc_pkey_get_attributes(pkey,
attributes, sizeof(attributes)/sizeof(*attributes),
@@ -3203,15 +3206,18 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,
cka_class = *(CK_OBJECT_CLASS*) attributes[0].value;
cka_private = *(CK_BBOOL*) attributes[1].value;
cka_token = *(CK_BBOOL*) attributes[2].value;
+ cka_key_type = *(CK_KEY_TYPE*) attributes[3].value;
rv = p11_object_check_rights(session, hObject, p11_object_access_read, cka_private, cka_token);
if (rv != CKR_OK)
goto fail;
+
+ descriptor = p11_descriptor_from_key_type(cka_class, cka_key_type);
}
if (cka_class == CKO_PRIVATE_KEY || cka_class == CKO_SECRET_KEY) {
- hal_rpc_pkey_attribute_t attributes[] = {
+ hal_pkey_attribute_t attributes[] = {
[0].type = CKA_EXTRACTABLE,
[1].type = CKA_SENSITIVE
};
@@ -3229,7 +3235,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,
}
{
- hal_rpc_pkey_attribute_t attributes[ulCount];
+ hal_pkey_attribute_t attributes[ulCount];
memset(attributes, 0, sizeof(attributes));
@@ -3251,7 +3257,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,
rv = CKR_ATTRIBUTE_SENSITIVE;
continue;
}
- if (attributes[i].length == 0) {
+ if (attributes[i].length == HAL_PKEY_ATTRIBUTE_NIL) {
pTemplate[i].ulValueLen = -1;
rv = CKR_ATTRIBUTE_TYPE_INVALID;
continue;
@@ -3309,7 +3315,7 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession,
{
ENTER_PUBLIC_FUNCTION(C_FindObjectsInit);
- const size_t attributes_len = sizeof(hal_rpc_pkey_attribute_t) * (ulCount + 1);
+ const size_t attributes_len = sizeof(hal_pkey_attribute_t) * (ulCount + 1);
size_t len = attributes_len;
CK_BBOOL *cka_private = NULL;
CK_BBOOL *cka_token = NULL;
@@ -3339,7 +3345,7 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession,
if ((mem = malloc(len)) == NULL)
lose(CKR_HOST_MEMORY);
- session->find_query = (hal_rpc_pkey_attribute_t *) mem;
+ session->find_query = (hal_pkey_attribute_t *) mem;
mem += attributes_len;
for (int i = 0; i < ulCount; i++) {
@@ -3659,7 +3665,7 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession,
uint8_t attributes_buffer[sizeof(CK_OBJECT_CLASS) + sizeof(CK_KEY_TYPE) + 3 * sizeof(CK_BBOOL)];
hal_pkey_handle_t pkey = {HAL_HANDLE_NONE};
- hal_rpc_pkey_attribute_t attributes[] = {
+ hal_pkey_attribute_t attributes[] = {
[0].type = CKA_KEY_TYPE,
[1].type = CKA_SIGN,
[2].type = CKA_PRIVATE,
@@ -3895,7 +3901,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,
uint8_t attributes_buffer[sizeof(CK_OBJECT_CLASS) + sizeof(CK_KEY_TYPE) + 3 * sizeof(CK_BBOOL)];
hal_pkey_handle_t pkey = {HAL_HANDLE_NONE};
- hal_rpc_pkey_attribute_t attributes[] = {
+ hal_pkey_attribute_t attributes[] = {
[0].type = CKA_KEY_TYPE,
[1].type = CKA_VERIFY,
[2].type = CKA_PRIVATE,
More information about the Commits
mailing list