diff options
-rw-r--r-- | ks.c | 19 | ||||
-rw-r--r-- | ks.h | 11 | ||||
-rw-r--r-- | ks_token.c | 24 | ||||
-rw-r--r-- | ks_volatile.c | 25 | ||||
-rw-r--r-- | unit-tests.py | 2 |
5 files changed, 59 insertions, 22 deletions
@@ -182,6 +182,7 @@ hal_error_t hal_ks_block_update(hal_ks_t *ks, if ((err = hal_ks_block_deprecate(ks, b1)) != HAL_OK || (err = hal_ks_index_replace(ks, uuid, &b2, hint)) != HAL_OK || (err = hal_ks_block_write(ks, b2, block)) != HAL_OK || + (err = hal_ks_block_copy_owner(ks, b1, b2)) != HAL_OK || (err = hal_ks_block_zero(ks, b1)) != HAL_OK) return err; @@ -243,8 +244,8 @@ hal_error_t hal_ks_alloc_common(hal_ks_t *ks, if (mem == NULL) return HAL_ERROR_ALLOCATION_FAILURE; - memset(((uint8_t *) ks) + sizeof(hal_ks_driver_t), 0, - sizeof(hal_ks_t) - sizeof(hal_ks_driver_t)); + memset(((uint8_t *) ks) + sizeof(ks->driver), 0, + sizeof(hal_ks_t) - sizeof(ks->driver)); memset(mem, 0, len); ks->index = gnaw(&mem, &len, sizeof(*ks->index) * ks_blocks); @@ -498,23 +499,21 @@ static inline hal_error_t key_visible(hal_ks_t * const ks, const hal_session_handle_t session, const unsigned blockno) { + hal_error_t err; + if (ks == NULL) return HAL_ERROR_IMPOSSIBLE; if (!ks->per_session) return HAL_OK; - hal_error_t err; - - if ((err = hal_ks_block_test_owner(ks, blockno, client, session)) != HAL_OK) + if ((err = hal_ks_block_test_owner(ks, blockno, client, session)) != HAL_ERROR_KEY_NOT_FOUND) return err; - err = hal_rpc_is_logged_in(client, HAL_USER_WHEEL); - - if (err == HAL_ERROR_FORBIDDEN) - err = HAL_ERROR_KEY_NOT_FOUND; + if ((err = hal_rpc_is_logged_in(client, HAL_USER_WHEEL)) != HAL_ERROR_FORBIDDEN) + return err; - return err; + return HAL_ERROR_KEY_NOT_FOUND; } hal_error_t hal_ks_store(hal_ks_t *ks, @@ -223,6 +223,7 @@ struct hal_ks_driver { const hal_client_handle_t client, const hal_session_handle_t session); hal_error_t (*test_owner) (hal_ks_t *ks, const unsigned blockno, const hal_client_handle_t client, const hal_session_handle_t session); + hal_error_t (*copy_owner) (hal_ks_t *ks, const unsigned source, const unsigned target); }; /* @@ -299,6 +300,16 @@ static inline hal_error_t hal_ks_block_test_owner(hal_ks_t *ks, const unsigned b ks->driver->test_owner(ks, blockno, client, session); } +static inline hal_error_t hal_ks_block_copy_owner(hal_ks_t *ks, + const unsigned source, + const unsigned target) +{ + return + ks == NULL || ks->driver == NULL ? HAL_ERROR_BAD_ARGUMENTS : + ks->driver->copy_owner == NULL ? HAL_ERROR_NOT_IMPLEMENTED : + ks->driver->copy_owner(ks, source, target); +} + /* * Type safe casts. */ @@ -267,17 +267,24 @@ static hal_error_t ks_token_write(hal_ks_t *ks, const unsigned blockno, hal_ks_b */ static hal_error_t ks_token_set_owner(hal_ks_t *ks, - const unsigned blockno, - const hal_client_handle_t client, - const hal_session_handle_t session) + const unsigned blockno, + const hal_client_handle_t client, + const hal_session_handle_t session) { return HAL_OK; } -static hal_error_t ks_token_test_owner(hal_ks_t *ks, const - unsigned blockno, - const hal_client_handle_t client, - const hal_session_handle_t session) +static hal_error_t ks_token_test_owner(hal_ks_t *ks, + const unsigned blockno, + const hal_client_handle_t client, + const hal_session_handle_t session) +{ + return HAL_OK; +} + +static hal_error_t ks_token_copy_owner(hal_ks_t *ks, + const unsigned source, + const unsigned target) { return HAL_OK; } @@ -386,7 +393,8 @@ static const hal_ks_driver_t ks_token_driver = { .erase = ks_token_erase, .erase_maybe = ks_token_erase_maybe, .set_owner = ks_token_set_owner, - .test_owner = ks_token_test_owner + .test_owner = ks_token_test_owner, + .copy_owner = ks_token_copy_owner }; static ks_token_db_t _db = { .ks.driver = &ks_token_driver }; diff --git a/ks_volatile.c b/ks_volatile.c index c1ea72d..0b39133 100644 --- a/ks_volatile.c +++ b/ks_volatile.c @@ -169,8 +169,8 @@ static hal_error_t ks_volatile_set_owner(hal_ks_t *ks, * Test key ownership. */ -static hal_error_t ks_volatile_test_owner(hal_ks_t *ks, const - unsigned blockno, +static hal_error_t ks_volatile_test_owner(hal_ks_t *ks, + const unsigned blockno, const hal_client_handle_t client, const hal_session_handle_t session) { @@ -185,6 +185,22 @@ static hal_error_t ks_volatile_test_owner(hal_ks_t *ks, const } /* + * Copy key ownership. + */ + +static hal_error_t ks_volatile_copy_owner(hal_ks_t *ks, + const unsigned source, + const unsigned target) +{ + if (ks != hal_ks_volatile || db->keys == NULL || source >= ks->size || target >= ks->size) + return HAL_ERROR_IMPOSSIBLE; + + db->keys[target].client = db->keys[source].client; + db->keys[target].session = db->keys[source].session; + return HAL_OK; +} + +/* * Initialize keystore. */ @@ -217,6 +233,8 @@ static hal_error_t ks_volatile_init(hal_ks_t *ks, const int alloc) if ((err = hal_ks_init_common(ks)) != HAL_OK) goto done; + ks->per_session = 1; + err = HAL_OK; done: @@ -238,7 +256,8 @@ static const hal_ks_driver_t ks_volatile_driver = { .erase = ks_volatile_erase, .erase_maybe = ks_volatile_erase, /* sic */ .set_owner = ks_volatile_set_owner, - .test_owner = ks_volatile_test_owner + .test_owner = ks_volatile_test_owner, + .copy_owner = ks_volatile_copy_owner }; static ks_volatile_db_t _db = { .ks.driver = &ks_volatile_driver }; diff --git a/unit-tests.py b/unit-tests.py index 338af64..a304205 100644 --- a/unit-tests.py +++ b/unit-tests.py @@ -657,7 +657,7 @@ class TestPKeyAttribute(TestCaseLoggedIn): try: with hsm.pkey_open(uuid) as pkey: pkey.delete() - except: + except Exception as e: logger.debug("Problem deleting key %s: %s", uuid, e) def load_and_fill(self, flags, n_keys = 1, n_attrs = 2, n_fill = 0): |