[Cryptech-Commits] [sw/pkcs11] 02/02: Track API changes on sw/libhal pkcs8 branch.

git at cryptech.is git at cryptech.is
Tue Apr 11 04:31:41 UTC 2017


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch pkcs8
in repository sw/pkcs11.

commit 81ae5e07be01c0aacc332eb82db2f0ff452ced3d
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Tue Apr 11 00:24:34 2017 -0400

    Track API changes on sw/libhal pkcs8 branch.
---
 pkcs11.c                      | 29 ++++++++++++++++++-----------
 pkcs11.h                      |  6 +++---
 pkcs11f.h                     | 16 ++++++++--------
 pkcs11t.h                     |  2 +-
 scripts/build-py11-attributes |  2 +-
 5 files changed, 31 insertions(+), 24 deletions(-)

diff --git a/pkcs11.c b/pkcs11.c
index 2350012..538654f 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -160,6 +160,7 @@ typedef struct p11_session {
   unsigned find_query_session : 1;      /* Find query for session objects in progress */
   unsigned find_query_n : 30;           /* Number of entries in find_query */
   hal_uuid_t find_query_previous_uuid;  /* Previous UUID for find queries */
+  unsigned find_query_state;            /* hal_rpc_pkey_match() internal state */
   hal_digest_algorithm_t
     digest_algorithm,                   /* Hash algorithm for C_Digest*() */
     sign_digest_algorithm,              /* Hash algorithm for C_Sign*() */
@@ -1105,8 +1106,7 @@ static int p11_object_pkey_open(const p11_session_t *session,
   return (session != NULL && pkey != NULL && object != NULL &&
           hal_check(hal_rpc_pkey_open(p11_session_hal_client(session),
                                       p11_session_hal_session(session),
-                                      pkey, &object->uuid,
-                                      p11_object_hal_flags(object_handle))));
+                                      pkey, &object->uuid)));
 }
 
 /*
@@ -2935,19 +2935,20 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession)
     };
 
     hal_uuid_t uuids[64];
-    unsigned n;
+    unsigned n, state;
 
     for (p11_session_t *session = p11_session_iterate(NULL);
          session != NULL; session = p11_session_iterate(session)) {
 
       memset(uuids, 0, sizeof(uuids));
+      state = 0;
       do {
 
         rv = p11_whine_from_hal(hal_rpc_pkey_match(p11_session_hal_client(session),
                                                    p11_session_hal_session(session),
                                                    HAL_KEY_TYPE_NONE, HAL_CURVE_NONE,
-                                                   0,
-                                                   attrs, sizeof(attrs)/sizeof(*attrs),
+                                                   HAL_KEY_FLAG_TOKEN, 0,
+                                                   attrs, sizeof(attrs)/sizeof(*attrs), &state,
                                                    uuids, &n, sizeof(uuids)/sizeof(*uuids),
                                                    &uuids[sizeof(uuids)/sizeof(*uuids) - 1]));
         if (rv != CKR_OK)
@@ -2957,8 +2958,8 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession)
           p11_object_free(p11_object_by_uuid(&uuids[i]));
           hal_pkey_handle_t pkey;
           rv = p11_whine_from_hal(hal_rpc_pkey_open(p11_session_hal_client(session),
-                                                   p11_session_hal_session(session),
-                                                    &pkey, &uuids[i], 0));
+                                                    p11_session_hal_session(session),
+                                                    &pkey, &uuids[i]));
           if (rv != CKR_OK)
             goto fail;
           if ((rv = p11_whine_from_hal(hal_rpc_pkey_delete(pkey))) != CKR_OK) {
@@ -2971,13 +2972,14 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession)
     }
 
     memset(uuids, 0, sizeof(uuids));
+    state = 0;
     do {
 
       rv = p11_whine_from_hal(hal_rpc_pkey_match(p11_session_hal_client(session),
                                                  p11_session_hal_session(session),
                                                  HAL_KEY_TYPE_NONE, HAL_CURVE_NONE,
-                                                 HAL_KEY_FLAG_TOKEN,
-                                                 attrs, sizeof(attrs)/sizeof(*attrs),
+                                                 HAL_KEY_FLAG_TOKEN, HAL_KEY_FLAG_TOKEN,
+                                                 attrs, sizeof(attrs)/sizeof(*attrs), &state,
                                                  uuids, &n, sizeof(uuids)/sizeof(*uuids),
                                                  &uuids[sizeof(uuids)/sizeof(*uuids) - 1]));
       if (rv != CKR_OK)
@@ -3327,7 +3329,7 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession,
   if (session->find_query != NULL)
     lose(CKR_OPERATION_ACTIVE);
 
-  assert(!session->find_query_token && !session->find_query_session);
+  assert(!session->find_query_token && !session->find_query_session && !session->find_query_state);
 
   for (int i = 0; i < ulCount; i++) {
     if (pTemplate[i].pValue == NULL || pTemplate[i].ulValueLen == 0)
@@ -3356,6 +3358,7 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession,
   session->find_query_n       = ulCount;
   session->find_query_token   = cka_token == NULL ||  *cka_token;
   session->find_query_session = cka_token == NULL || !*cka_token;
+  session->find_query_state   = 0;
   memset(&session->find_query_previous_uuid, 0, sizeof(session->find_query_previous_uuid));
 
   /*
@@ -3423,8 +3426,10 @@ CK_RV C_FindObjects(CK_SESSION_HANDLE hSession,
 
     rv = p11_whine_from_hal(hal_rpc_pkey_match(p11_session_hal_client(session),
                                                p11_session_hal_session(session),
-                                               HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, flags,
+                                               HAL_KEY_TYPE_NONE, HAL_CURVE_NONE,
+                                               HAL_KEY_FLAG_TOKEN, flags,
                                                session->find_query, session->find_query_n,
+                                               &session->find_query_state,
                                                uuids, &n, sizeof(uuids)/sizeof(*uuids),
                                                &previous_uuid));
       if (rv != CKR_OK)
@@ -3444,6 +3449,7 @@ CK_RV C_FindObjects(CK_SESSION_HANDLE hSession,
 
       else {
         memset(&session->find_query_previous_uuid, 0, sizeof(session->find_query_previous_uuid));
+        session->find_query_state = 0;
 
         if (session->find_query_token)
           session->find_query_token = 0;
@@ -3477,6 +3483,7 @@ CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
   session->find_query_n = 0;
   session->find_query_token = 0;
   session->find_query_session = 0;
+  session->find_query_state = 0;
   memset(&session->find_query_previous_uuid, 0, sizeof(session->find_query_previous_uuid));
 
  fail:
diff --git a/pkcs11.h b/pkcs11.h
index 996b4db..c85110a 100644
--- a/pkcs11.h
+++ b/pkcs11.h
@@ -9,10 +9,10 @@
 
  * License is also granted to make and use derivative works provided that
  * such works are identified as "derived from the RSA Security Inc. PKCS #11
- * Cryptographic Token Interface (Cryptoki)" in all material mentioning or 
+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
  * referencing the derived work.
 
- * RSA Security Inc. makes no representations concerning either the 
+ * RSA Security Inc. makes no representations concerning either the
  * merchantability of this software or the suitability of this software for
  * any particular purpose. It is provided "as is" without express or implied
  * warranty of any kind.
@@ -277,7 +277,7 @@ extern "C" {
 
 #define CK_PKCS11_FUNCTION_INFO(name) \
   __PASTE(CK_,name) name;
-  
+
 struct CK_FUNCTION_LIST {
 
   CK_VERSION    version;  /* Cryptoki version */
diff --git a/pkcs11f.h b/pkcs11f.h
index a479384..bbd957b 100644
--- a/pkcs11f.h
+++ b/pkcs11f.h
@@ -7,10 +7,10 @@
 
  * License is also granted to make and use derivative works provided that
  * such works are identified as "derived from the RSA Security Inc. PKCS #11
- * Cryptographic Token Interface (Cryptoki)" in all material mentioning or 
+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
  * referencing the derived work.
 
- * RSA Security Inc. makes no representations concerning either the 
+ * RSA Security Inc. makes no representations concerning either the
  * merchantability of this software or the suitability of this software for
  * any particular purpose. It is provided "as is" without express or implied
  * warranty of any kind.
@@ -564,7 +564,7 @@ CK_PKCS11_FUNCTION_INFO(C_Sign)
 
 
 /* C_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data, 
+ * where the signature is (will be) an appendix to the data,
  * and plaintext cannot be recovered from the signature. */
 CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
 #ifdef CK_NEED_ARG_LIST
@@ -576,7 +576,7 @@ CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
 #endif
 
 
-/* C_SignFinal finishes a multiple-part signature operation, 
+/* C_SignFinal finishes a multiple-part signature operation,
  * returning the signature. */
 CK_PKCS11_FUNCTION_INFO(C_SignFinal)
 #ifdef CK_NEED_ARG_LIST
@@ -625,12 +625,12 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
 (
   CK_SESSION_HANDLE hSession,    /* the session's handle */
   CK_MECHANISM_PTR  pMechanism,  /* the verification mechanism */
-  CK_OBJECT_HANDLE  hKey         /* verification key */ 
+  CK_OBJECT_HANDLE  hKey         /* verification key */
 );
 #endif
 
 
-/* C_Verify verifies a signature in a single-part operation, 
+/* C_Verify verifies a signature in a single-part operation,
  * where the signature is an appendix to the data, and plaintext
  * cannot be recovered from the signature. */
 CK_PKCS11_FUNCTION_INFO(C_Verify)
@@ -646,7 +646,7 @@ CK_PKCS11_FUNCTION_INFO(C_Verify)
 
 
 /* C_VerifyUpdate continues a multiple-part verification
- * operation, where the signature is an appendix to the data, 
+ * operation, where the signature is an appendix to the data,
  * and plaintext cannot be recovered from the signature. */
 CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
 #ifdef CK_NEED_ARG_LIST
@@ -772,7 +772,7 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
 #endif
 
 
-/* C_GenerateKeyPair generates a public-key/private-key pair, 
+/* C_GenerateKeyPair generates a public-key/private-key pair,
  * creating new key objects. */
 CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
 #ifdef CK_NEED_ARG_LIST
diff --git a/pkcs11t.h b/pkcs11t.h
index 386bb04..537a60a 100644
--- a/pkcs11t.h
+++ b/pkcs11t.h
@@ -891,7 +891,7 @@ typedef CK_ULONG          CK_MECHANISM_TYPE;
 #define CKM_AES_KEY_WRAP               0x00001090
 #define CKM_AES_KEY_WRAP_PAD           0x00001091
 
-#define CKM_BLOWFISH_CBC_PAD           0x00001094 
+#define CKM_BLOWFISH_CBC_PAD           0x00001094
 #define CKM_TWOFISH_CBC_PAD            0x00001095
 
 #define CKM_DES_ECB_ENCRYPT_DATA       0x00001100
diff --git a/scripts/build-py11-attributes b/scripts/build-py11-attributes
index 3904d3b..cacb63a 100755
--- a/scripts/build-py11-attributes
+++ b/scripts/build-py11-attributes
@@ -57,7 +57,7 @@ attribute_map = dict(
   (k, v["type"])
   for y in yaml.safe_load(args.yaml_file)
   for k, v in y.iteritems()
-  if k.startswith("CKA_") and "type" in v) 
+  if k.startswith("CKA_") and "type" in v)
 
 args.output_file.write('''\
 # This file was generated automatically from %(input)s by %(script)s.  Do not edit this file directly.



More information about the Commits mailing list