[Cryptech-Commits] [sw/pkcs11] 02/05: More access control cleanup.
git at cryptech.is
git at cryptech.is
Sat May 20 22:15:21 UTC 2017
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch master
in repository sw/pkcs11.
commit e3895b98b1ddaf8303f1374b52f91b85b92df94b
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Fri May 19 19:50:15 2017 -0400
More access control cleanup.
---
pkcs11.c | 181 +++++++++++++++++++++++++++------------------------------------
1 file changed, 78 insertions(+), 103 deletions(-)
diff --git a/pkcs11.c b/pkcs11.c
index de96a79..0be7513 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -946,6 +946,78 @@ static void p11_attribute_apply_keyusage(hal_key_flags_t *keyusage, const CK_ATT
/*
+ * Access rights.
+ */
+
+static CK_RV p11_check_read_access(const p11_session_t *session,
+ const CK_BBOOL cka_private,
+ const CK_BBOOL cka_token)
+{
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ switch (session->state) {
+
+ case CKS_RO_PUBLIC_SESSION:
+ /* RO access to public token objects, RW access to public session objects */
+ return (cka_private) ? CKR_OBJECT_HANDLE_INVALID : CKR_OK;
+
+ case CKS_RO_USER_FUNCTIONS:
+ /* RO access to all token objects, RW access to all session objects */
+ return CKR_OK;
+
+ case CKS_RW_PUBLIC_SESSION:
+ /* RW access all public objects */
+ return (cka_private) ? CKR_OBJECT_HANDLE_INVALID : CKR_OK;
+
+ case CKS_RW_USER_FUNCTIONS:
+ /* RW acess to all objects */
+ return CKR_OK;
+
+ case CKS_RW_SO_FUNCTIONS:
+ /* RW access to public token objects only */
+ return (cka_private || ! cka_token) ? CKR_OBJECT_HANDLE_INVALID : CKR_OK;
+ }
+
+ return CKR_SESSION_HANDLE_INVALID;
+}
+
+static CK_RV p11_check_write_access(const p11_session_t *session,
+ const CK_BBOOL cka_private,
+ const CK_BBOOL cka_token)
+{
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ switch (session->state) {
+
+ case CKS_RO_PUBLIC_SESSION:
+ /* RO access to public token objects, RW access to public session objects */
+ return (cka_private || cka_token) ? CKR_USER_NOT_LOGGED_IN : CKR_OK;
+
+ case CKS_RO_USER_FUNCTIONS:
+ /* RO access to all token objects, RW access to all session objects */
+ return (cka_token) ? CKR_SESSION_READ_ONLY : CKR_OK;
+
+ case CKS_RW_PUBLIC_SESSION:
+ /* RW access all public objects */
+ return (cka_private) ? CKR_USER_NOT_LOGGED_IN : CKR_OK;
+
+ case CKS_RW_USER_FUNCTIONS:
+ /* RW acess to all objects */
+ return CKR_OK;
+
+ case CKS_RW_SO_FUNCTIONS:
+ /* RW access to public token objects only */
+ return (cka_private || ! cka_token) ? CKR_USER_NOT_LOGGED_IN : CKR_OK;
+ }
+
+ return CKR_SESSION_HANDLE_INVALID;
+}
+
+
+
+/*
* Object methods.
*/
@@ -1131,66 +1203,6 @@ static int p11_object_pkey_open(const p11_session_t *session,
}
/*
- * Check access rights for an object.
- */
-
-typedef enum { p11_object_access_read, p11_object_access_write } p11_object_access_t;
-
-static CK_RV p11_object_check_rights(const p11_session_t *session,
- const CK_OBJECT_HANDLE object_handle,
- const p11_object_access_t rights,
- const CK_BBOOL cka_private,
- const CK_BBOOL cka_token)
-{
- CK_RV rv;
-
- if (session == NULL)
- lose(CKR_SESSION_HANDLE_INVALID);
-
- /*
- * Read-only sessions are, um, read-only. Well, except, in PKCS #11,
- * read-only only sort of means what you might expect.
- */
-
- if (rights == p11_object_access_write) {
- switch (session->state) {
- case CKS_RO_PUBLIC_SESSION:
- if (cka_private)
- lose(CKR_SESSION_READ_ONLY);
- /* Fall through */
- case CKS_RO_USER_FUNCTIONS:
- if (cka_token)
- lose(CKR_SESSION_READ_ONLY);
- /* Fall through */
- }
- }
-
- /*
- * Private objects don't exist for sessions in the wrong state.
- */
-
- switch (session->state) {
- case CKS_RO_PUBLIC_SESSION:
- case CKS_RW_PUBLIC_SESSION:
- case CKS_RW_SO_FUNCTIONS:
- if (cka_private)
- lose(CKR_OBJECT_HANDLE_INVALID);
- }
-
-#warning Want session-object visibility sanity check here?
- /*
- * At this point the old code checked for objects which are not
- * supposed to be visible to this session. In theory, the keystore
- * now handles that, but we might want a sanity check here too.
- */
-
- rv = CKR_OK;
-
- fail:
- return rv;
-}
-
-/*
* Create pkeys to go with PKCS #11 key objects loaded by C_CreateObject().
*/
@@ -1747,37 +1759,8 @@ static CK_RV p11_template_check_2(const p11_session_t *session,
* acecss to the object in question, which simplifies this a bit.
*/
- switch (session->state) {
-
- case CKS_RO_PUBLIC_SESSION:
- /* RO access to public token objects, RW access to public session objects */
- if (*cka_private || *cka_token)
- lose(CKR_USER_NOT_LOGGED_IN);
- break;
-
- case CKS_RO_USER_FUNCTIONS:
- /* RO access to all token objects, RW access to all session objects */
- if (*cka_token)
- lose(CKR_SESSION_READ_ONLY);
- break;
-
- case CKS_RW_PUBLIC_SESSION:
- /* RW access all public objects */
- if (*cka_private)
- lose(CKR_USER_NOT_LOGGED_IN);
- break;
-
- case CKS_RW_USER_FUNCTIONS:
- /* RW acess to all objects */
- break;
-
- case CKS_RW_SO_FUNCTIONS:
- /* RW access to public token objects only */
- if (*cka_private || ! *cka_token)
- lose(CKR_USER_NOT_LOGGED_IN);
- break;
-
- }
+ if ((rv = p11_check_write_access(session, *cka_private, *cka_token)) != CKR_OK)
+ goto fail;
for (int i = 0; i < descriptor->n_attributes; i++) {
const p11_attribute_descriptor_t * const atd = &descriptor->attributes[i];
@@ -3174,9 +3157,7 @@ CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession,
cka_private = *(CK_BBOOL*) attributes[0].value;
cka_token = *(CK_BBOOL*) attributes[1].value;
- rv = p11_object_check_rights(session, hObject, p11_object_access_write, cka_private, cka_token);
-
- if (rv != CKR_OK)
+ if ((rv = p11_check_write_access(session, cka_private, cka_token)) != CKR_OK)
goto fail;
if (!hal_check(hal_rpc_pkey_delete(pkey)))
@@ -3237,9 +3218,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,
cka_token = *(CK_BBOOL*) attributes[2].value;
cka_key_type = *(CK_KEY_TYPE*) attributes[3].value;
- rv = p11_object_check_rights(session, hObject, p11_object_access_read, cka_private, cka_token);
-
- if (rv != CKR_OK)
+ if ((rv = p11_check_read_access(session, cka_private, cka_token)) != CKR_OK)
goto fail;
descriptor = p11_descriptor_from_key_type(cka_class, cka_key_type);
@@ -3735,9 +3714,7 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession,
cka_private = *(CK_BBOOL*) attributes[2].value;
cka_token = *(CK_BBOOL*) attributes[3].value;
- rv = p11_object_check_rights(session, hKey, p11_object_access_read, cka_private, cka_token);
-
- if (rv != CKR_OK)
+ if ((rv = p11_check_read_access(session, cka_private, cka_token)) != CKR_OK)
goto fail;
if (!cka_sign)
@@ -3972,9 +3949,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,
cka_private = *(CK_BBOOL*) attributes[2].value;
cka_token = *(CK_BBOOL*) attributes[3].value;
- rv = p11_object_check_rights(session, hKey, p11_object_access_read, cka_private, cka_token);
-
- if (rv != CKR_OK)
+ if ((rv = p11_check_read_access(session, cka_private, cka_token)) != CKR_OK)
goto fail;
if (!cka_verify)
More information about the Commits
mailing list