[Cryptech-Commits] [sw/pkcs11] 04/05: Doh, C_GetAttributeValue() lost descriptor lookup during conversion from SQL.

git at cryptech.is git at cryptech.is
Tue Nov 22 05:27:39 UTC 2016


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch ksng
in repository sw/pkcs11.

commit eff8f1875aae79760009b8b60d2a94af2d4da779
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Tue Nov 22 00:19:36 2016 -0500

    Doh, C_GetAttributeValue() lost descriptor lookup during conversion from SQL.
    
    Track change from hal_rpc_pkey_attribute_t to hal_pkey_attribute_t.
---
 pkcs11.c | 52 +++++++++++++++++++++++++++++-----------------------
 1 file changed, 29 insertions(+), 23 deletions(-)

diff --git a/pkcs11.c b/pkcs11.c
index 4a91e09..821b037 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -155,7 +155,7 @@ typedef struct p11_session {
   CK_STATE state;                       /* State (CKS_*) of this session */
   CK_NOTIFY notify;                     /* Notification callback */
   CK_VOID_PTR application;              /* Application data */
-  hal_rpc_pkey_attribute_t *find_query; /* FindObject*() query state */
+  hal_pkey_attribute_t *find_query;     /* FindObject*() query state */
   unsigned find_query_token : 1;        /* Find query for token objects in progress */
   unsigned find_query_session : 1;      /* Find query for session objects in progress */
   unsigned find_query_n : 30;           /* Number of entries in find_query */
@@ -779,7 +779,7 @@ static int p11_attributes_set(const hal_pkey_handle_t pkey,
                               const CK_ATTRIBUTE_PTR template,
                               const CK_ULONG template_length,
                               const p11_descriptor_t * const descriptor,
-                              const hal_rpc_pkey_attribute_t *extra,
+                              const hal_pkey_attribute_t *extra,
                               const unsigned extra_length)
 {
   assert(template != NULL && descriptor != NULL && (extra_length == 0 || extra != NULL));
@@ -800,7 +800,7 @@ static int p11_attributes_set(const hal_pkey_handle_t pkey,
    * private.
    */
 
-  hal_rpc_pkey_attribute_t attributes[template_length + descriptor->n_attributes + extra_length];
+  hal_pkey_attribute_t attributes[template_length + descriptor->n_attributes + extra_length];
   unsigned n = 0;
 
   for (int i = 0; i < template_length; i++) {
@@ -1181,7 +1181,7 @@ static int p11_object_create_rsa_public_key(const p11_session_t * const session,
                                             CK_OBJECT_HANDLE_PTR phObject,
                                             const hal_key_flags_t flags)
 {
-  const hal_rpc_pkey_attribute_t extra[] = {
+  const hal_pkey_attribute_t extra[] = {
     {.type = CKA_LOCAL, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)}
   };
 
@@ -1242,7 +1242,7 @@ static int p11_object_create_ec_public_key(const p11_session_t * const session,
                                            CK_OBJECT_HANDLE_PTR phObject,
                                            const hal_key_flags_t flags)
 {
-  const hal_rpc_pkey_attribute_t extra[] = {
+  const hal_pkey_attribute_t extra[] = {
     {.type = CKA_LOCAL, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)}
   };
 
@@ -1304,7 +1304,7 @@ static int p11_object_create_rsa_private_key(const p11_session_t * const session
                                              CK_OBJECT_HANDLE_PTR phObject,
                                              const hal_key_flags_t flags)
 {
-  const hal_rpc_pkey_attribute_t extra[] = {
+  const hal_pkey_attribute_t extra[] = {
     {.type = CKA_LOCAL,             .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)},
     {.type = CKA_ALWAYS_SENSITIVE,  .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)},
     {.type = CKA_NEVER_EXTRACTABLE, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)}
@@ -1388,7 +1388,7 @@ static int p11_object_create_ec_private_key(const p11_session_t * const session,
                                             CK_OBJECT_HANDLE_PTR phObject,
                                             const hal_key_flags_t flags)
 {
-  const hal_rpc_pkey_attribute_t extra[] = {
+  const hal_pkey_attribute_t extra[] = {
     {.type = CKA_LOCAL,             .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)},
     {.type = CKA_ALWAYS_SENSITIVE,  .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)},
     {.type = CKA_NEVER_EXTRACTABLE, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)}
@@ -1973,7 +1973,7 @@ static CK_RV generate_keypair_rsa_pkcs(p11_session_t *session,
     if (!hal_check(hal_rsa_key_get_modulus(key, modulus, NULL, sizeof(modulus))))
       lose(CKR_FUNCTION_FAILED);
 
-    const hal_rpc_pkey_attribute_t extra[] = {
+    const hal_pkey_attribute_t extra[] = {
       {.type  = CKA_LOCAL,
        .value = &const_CK_TRUE,         .length = sizeof(const_CK_TRUE)},
       {.type  = CKA_KEY_GEN_MECHANISM,
@@ -2073,7 +2073,7 @@ static CK_RV generate_keypair_ec(p11_session_t *session,
     if (!hal_check(hal_ecdsa_key_to_ecpoint(key, point, NULL, sizeof(point))))
       lose(CKR_FUNCTION_FAILED);
 
-    const hal_rpc_pkey_attribute_t extra[] = {
+    const hal_pkey_attribute_t extra[] = {
       {.type  = CKA_LOCAL,
        .value = &const_CK_TRUE,         .length = sizeof(const_CK_TRUE)},
       {.type  = CKA_KEY_GEN_MECHANISM,
@@ -2307,7 +2307,7 @@ static int get_signature_len(const hal_pkey_handle_t pkey,
 {
   assert(signature_len != NULL);
 
-  hal_rpc_pkey_attribute_t attribute;
+  hal_pkey_attribute_t attribute;
   uint8_t attribute_buffer[sizeof(CK_KEY_TYPE)];
   hal_curve_name_t curve;
   CK_BYTE oid[20];
@@ -2321,7 +2321,8 @@ static int get_signature_len(const hal_pkey_handle_t pkey,
 
   case CKK_RSA:
     attribute.type = CKA_MODULUS;
-    if (!hal_check(hal_rpc_pkey_get_attributes(pkey, &attribute, 1, NULL, 0)))
+    if (!hal_check(hal_rpc_pkey_get_attributes(pkey, &attribute, 1, NULL, 0)) ||
+        attribute.length == HAL_PKEY_ATTRIBUTE_NIL)
       return 0;
     *signature_len = attribute.length;
     return 1;
@@ -2936,7 +2937,7 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession)
   {
     assert(p11_session_consistent_login());
 
-    const hal_rpc_pkey_attribute_t attrs[] = {
+    const hal_pkey_attribute_t attrs[] = {
       {.type = CKA_PRIVATE, .value = &const_CK_TRUE, .length = sizeof(const_CK_TRUE)}
     };
 
@@ -3121,7 +3122,7 @@ CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession,
 
   uint8_t attributes_buffer[2 * sizeof(CK_BBOOL)];
   hal_pkey_handle_t pkey = {HAL_HANDLE_NONE};
-  hal_rpc_pkey_attribute_t attributes[] = {
+  hal_pkey_attribute_t attributes[] = {
     [0].type = CKA_PRIVATE,
     [1].type = CKA_TOKEN
   };
@@ -3171,6 +3172,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,
   const p11_descriptor_t *descriptor = NULL;
   CK_BBOOL cka_extractable, cka_sensitive;
   CK_OBJECT_CLASS cka_class;
+  CK_KEY_TYPE cka_key_type;
   CK_BBOOL cka_private;
   CK_BBOOL cka_token;
   int sensitive_object = 0;
@@ -3188,12 +3190,13 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,
     lose(CKR_OBJECT_HANDLE_INVALID);
 
   {
-    hal_rpc_pkey_attribute_t attributes[] = {
+    hal_pkey_attribute_t attributes[] = {
       [0].type = CKA_CLASS,
       [1].type = CKA_PRIVATE,
-      [2].type = CKA_TOKEN
+      [2].type = CKA_TOKEN,
+      [3].type = CKA_KEY_TYPE
     };
-    uint8_t attributes_buffer[sizeof(CK_OBJECT_CLASS) + 2 * sizeof(CK_BBOOL)];
+    uint8_t attributes_buffer[sizeof(CK_OBJECT_CLASS) + 2 * sizeof(CK_BBOOL) + sizeof(CK_KEY_TYPE)];
 
     if (!hal_check(hal_rpc_pkey_get_attributes(pkey,
                                                attributes, sizeof(attributes)/sizeof(*attributes),
@@ -3203,15 +3206,18 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,
     cka_class    = *(CK_OBJECT_CLASS*) attributes[0].value;
     cka_private  = *(CK_BBOOL*)        attributes[1].value;
     cka_token    = *(CK_BBOOL*)        attributes[2].value;
+    cka_key_type = *(CK_KEY_TYPE*)     attributes[3].value;
 
     rv = p11_object_check_rights(session, hObject, p11_object_access_read, cka_private, cka_token);
 
     if (rv != CKR_OK)
       goto fail;
+
+    descriptor = p11_descriptor_from_key_type(cka_class, cka_key_type);
   }
 
   if (cka_class == CKO_PRIVATE_KEY || cka_class == CKO_SECRET_KEY) {
-    hal_rpc_pkey_attribute_t attributes[] = {
+    hal_pkey_attribute_t attributes[] = {
       [0].type = CKA_EXTRACTABLE,
       [1].type = CKA_SENSITIVE
     };
@@ -3229,7 +3235,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,
   }
 
   {
-    hal_rpc_pkey_attribute_t attributes[ulCount];
+    hal_pkey_attribute_t attributes[ulCount];
 
     memset(attributes, 0, sizeof(attributes));
 
@@ -3251,7 +3257,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,
         rv = CKR_ATTRIBUTE_SENSITIVE;
         continue;
       }
-      if (attributes[i].length == 0) {
+      if (attributes[i].length == HAL_PKEY_ATTRIBUTE_NIL) {
         pTemplate[i].ulValueLen = -1;
         rv = CKR_ATTRIBUTE_TYPE_INVALID;
         continue;
@@ -3309,7 +3315,7 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession,
 {
   ENTER_PUBLIC_FUNCTION(C_FindObjectsInit);
 
-  const size_t attributes_len = sizeof(hal_rpc_pkey_attribute_t) * (ulCount + 1);
+  const size_t attributes_len = sizeof(hal_pkey_attribute_t) * (ulCount + 1);
   size_t len = attributes_len;
   CK_BBOOL *cka_private = NULL;
   CK_BBOOL *cka_token = NULL;
@@ -3339,7 +3345,7 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession,
   if ((mem = malloc(len)) == NULL)
     lose(CKR_HOST_MEMORY);
 
-  session->find_query = (hal_rpc_pkey_attribute_t *) mem;
+  session->find_query = (hal_pkey_attribute_t *) mem;
   mem += attributes_len;
 
   for (int i = 0; i < ulCount; i++) {
@@ -3659,7 +3665,7 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession,
 
   uint8_t attributes_buffer[sizeof(CK_OBJECT_CLASS) + sizeof(CK_KEY_TYPE) + 3 * sizeof(CK_BBOOL)];
   hal_pkey_handle_t pkey = {HAL_HANDLE_NONE};
-  hal_rpc_pkey_attribute_t attributes[] = {
+  hal_pkey_attribute_t attributes[] = {
     [0].type = CKA_KEY_TYPE,
     [1].type = CKA_SIGN,
     [2].type = CKA_PRIVATE,
@@ -3895,7 +3901,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,
 
   uint8_t attributes_buffer[sizeof(CK_OBJECT_CLASS) + sizeof(CK_KEY_TYPE) + 3 * sizeof(CK_BBOOL)];
   hal_pkey_handle_t pkey = {HAL_HANDLE_NONE};
-  hal_rpc_pkey_attribute_t attributes[] = {
+  hal_pkey_attribute_t attributes[] = {
     [0].type = CKA_KEY_TYPE,
     [1].type = CKA_VERIFY,
     [2].type = CKA_PRIVATE,



More information about the Commits mailing list