From d008267960337e9e44b270b26555a7a894808746 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Mon, 24 Apr 2017 08:33:11 -0400 Subject: Clean up pkey slots and volatile keys on client logout. --- rpc_pkey.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'rpc_pkey.c') diff --git a/rpc_pkey.c b/rpc_pkey.c index bdf8a7e..0da2410 100644 --- a/rpc_pkey.c +++ b/rpc_pkey.c @@ -128,6 +128,34 @@ static inline hal_pkey_slot_t *find_handle(const hal_pkey_handle_t handle) return slot; } +/* + * Clean up key state associated with a client. + */ + +hal_error_t hal_pkey_client_cleanup(const hal_client_handle_t client) +{ + if (client.handle == HAL_HANDLE_NONE) + return HAL_OK; + + hal_error_t err; + + if ((err = hal_ks_client_cleanup(hal_ks_volatile_driver, client)) != HAL_OK) + return err; + + if ((err = hal_ks_client_cleanup(hal_ks_flash_driver, client)) != HAL_OK) + return err; + + hal_critical_section_start(); + + for (int i = 0; i < sizeof(pkey_slot)/sizeof(*pkey_slot); i++) + if (pkey_slot[i].pkey_handle.handle == client.handle) + memset(&pkey_slot[i], 0, sizeof(pkey_slot[i])); + + hal_critical_section_end(); + + return HAL_OK; +} + /* * Access rules are a bit complicated, mostly due to PKCS #11. * -- cgit v1.2.3 From 4ee44177c6da04e210a52528763b2c96a8f3d824 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Mon, 24 Apr 2017 17:23:17 -0400 Subject: Call a portable entrenching tool a portable entrenching tool. --- rpc_pkey.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'rpc_pkey.c') diff --git a/rpc_pkey.c b/rpc_pkey.c index 0da2410..165419e 100644 --- a/rpc_pkey.c +++ b/rpc_pkey.c @@ -129,20 +129,18 @@ static inline hal_pkey_slot_t *find_handle(const hal_pkey_handle_t handle) } /* - * Clean up key state associated with a client. + * Clean up key state associated with a client when logging out. */ -hal_error_t hal_pkey_client_cleanup(const hal_client_handle_t client) +hal_error_t hal_pkey_logout(const hal_client_handle_t client) { if (client.handle == HAL_HANDLE_NONE) return HAL_OK; hal_error_t err; - if ((err = hal_ks_client_cleanup(hal_ks_volatile_driver, client)) != HAL_OK) - return err; - - if ((err = hal_ks_client_cleanup(hal_ks_flash_driver, client)) != HAL_OK) + if ((err = hal_ks_logout(hal_ks_volatile_driver, client)) != HAL_OK || + (err = hal_ks_logout(hal_ks_flash_driver, client)) != HAL_OK) return err; hal_critical_section_start(); -- cgit v1.2.3 From 358b3803cdedad607cf649221d0b7e3ce66b45f2 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 25 Apr 2017 17:14:40 -0400 Subject: Shake dumb compile-time bugs out of new logout code. What I get for writing code while build and test environment is tied up with a multi-day run testing something else. --- rpc_pkey.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'rpc_pkey.c') diff --git a/rpc_pkey.c b/rpc_pkey.c index 165419e..5af6c0e 100644 --- a/rpc_pkey.c +++ b/rpc_pkey.c @@ -138,9 +138,24 @@ hal_error_t hal_pkey_logout(const hal_client_handle_t client) return HAL_OK; hal_error_t err; + hal_ks_t *ks; - if ((err = hal_ks_logout(hal_ks_volatile_driver, client)) != HAL_OK || - (err = hal_ks_logout(hal_ks_flash_driver, client)) != HAL_OK) + if ((err = hal_ks_open(hal_ks_volatile_driver, &ks)) != HAL_OK) + return err; + if ((err = hal_ks_logout(ks, client)) == HAL_OK) + err = hal_ks_close(ks); + else + (void) hal_ks_close(ks); + if (err != HAL_OK) + return err; + + if ((err = hal_ks_open(hal_ks_token_driver, &ks)) != HAL_OK) + return err; + if ((err = hal_ks_logout(ks, client)) == HAL_OK) + err = hal_ks_close(ks); + else + (void) hal_ks_close(ks); + if (err != HAL_OK) return err; hal_critical_section_start(); -- cgit v1.2.3