Move hal_pkey_* columns from the object table into

{session,token}_object tables to preserve the mapping from pkcs11 token objects to libhal pkey objects.
author: Rob Austein <sra@hactrn.net> 2016-06-28 16:11:44 -0400
committer: Rob Austein <sra@hactrn.net> 2016-06-28 16:11:44 -0400
commit: 5b29ea6472dd5ac71771ce9dc61c1193f81267a5 (patch)
tree: b096b0bb7ba8fd64c4f9fbf670c05ac76dfc2fff
parent: f13948ea98afb9cb1e8ea0f7a15554621c1fe08a (diff)
2 files changed, 28 insertions, 19 deletions
diff --git a/pkcs11.c b/pkcs11.c
index 641c032..52e5e47 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -1449,8 +1449,12 @@ static int p11_object_bind_pkey(const p11_session_t * const session,
 {
   assert(session != NULL && der != NULL && ski != NULL);
 
-  static const char update_pkey_ski[] =
-    " UPDATE object SET hal_pkey_type = ?1, hal_pkey_ski = ?2 WHERE object_handle = ?3";
+  static const char update_format[] =
+    " UPDATE %s_object SET hal_pkey_type = ?1, hal_pkey_ski = ?2"
+    " WHERE %s_object_id = (SELECT %s_object_id FROM object WHERE object_handle = ?3)";
+
+  const char *flavor_1 = is_token_handle(object_handle_1) ? "token" : "session";
+  const char *flavor_2 = is_token_handle(object_handle_2) ? "token" : "session";
 
   hal_hash_handle_t hash = {HAL_HANDLE_NONE};
 
@@ -1466,21 +1470,23 @@ static int p11_object_bind_pkey(const p11_session_t * const session,
   if (!ok)
     return 0;
 
-  sqlite3_stmt *q = NULL;
+  sqlite3_stmt *q1 = NULL, *q2 = NULL;
 
-  ok = (sql_check_ok(sql_prepare(&q, update_pkey_ski))                  &&
-        sql_check_ok(sqlite3_bind_int64(q, 1, pkey_type_1))             &&
-        sql_check_ok(sqlite3_bind_blob( q, 2, ski, ski_len, NULL))      &&
-        sql_check_ok(sqlite3_bind_int64(q, 3, object_handle_1))         &&
-        sql_check_done(sqlite3_step(q)));
+  ok = (sql_check_ok(sql_prepare(&q1, update_format, flavor_1, flavor_1, flavor_1))     &&
+        sql_check_ok(sqlite3_bind_int64(q1, 1, pkey_type_1))                            &&
+        sql_check_ok(sqlite3_bind_blob( q1, 2, ski, ski_len, NULL))                     &&
+        sql_check_ok(sqlite3_bind_int64(q1, 3, object_handle_1))                        &&
+        sql_check_done(sqlite3_step(q1)));
 
   if (ok && object_handle_2 != CK_INVALID_HANDLE)
-    ok = (sql_check_ok(sqlite3_reset(q))                                &&
-          sql_check_ok(sqlite3_bind_int64(q, 1, pkey_type_2))           &&
-          sql_check_ok(sqlite3_bind_int64(q, 3, object_handle_2))       &&
-          sql_check_done(sqlite3_step(q)));
+    ok = (sql_check_ok(sql_prepare(&q2, update_format, flavor_2, flavor_2, flavor_2))   &&
+          sql_check_ok(sqlite3_bind_int64(q2, 1, pkey_type_2))                          &&
+          sql_check_ok(sqlite3_bind_blob( q2, 2, ski, ski_len, NULL))                   &&
+          sql_check_ok(sqlite3_bind_int64(q2, 3, object_handle_2))                      &&
+          sql_check_done(sqlite3_step(q2)));
 
-  sqlite3_finalize(q);
+  sqlite3_finalize(q1);
+  sqlite3_finalize(q2);
   return ok;
 }
 
@@ -1744,16 +1750,17 @@ static int p11_object_get_pkey_handle(const p11_session_t * const session,
                                       const CK_OBJECT_HANDLE object_handle,
                                       hal_pkey_handle_t *pkey_handle)
 {
-  static const char select_query[] =
-    " SELECT hal_pkey_type, hal_pkey_ski FROM object WHERE object_handle = ?1";
+  static const char select_format[] =
+    " SELECT hal_pkey_type, hal_pkey_ski FROM %s_object NATURAL JOIN object WHERE object_handle = ?1";
 
   hal_key_flags_t flags = is_token_handle(object_handle) ? 0 : HAL_KEY_FLAG_PROXIMATE;
+  const char *flavor = is_token_handle(object_handle) ? "token" : "session";
   sqlite3_stmt *q = NULL;
   int ok = 0;
 
   assert(pkey_handle != NULL);
 
-  if (!sql_check_ok(sql_prepare(&q, select_query))              ||
+  if (!sql_check_ok(sql_prepare(&q, select_format, flavor))     ||
       !sql_check_ok(sqlite3_bind_int64(q, 1, object_handle))    ||
       !sql_check_row(sqlite3_step(q))                           ||
       sqlite3_column_type(q, 0) != SQLITE_INTEGER               ||
diff --git a/schema.sql b/schema.sql
index bc984ab..9de8ce2 100644
--- a/schema.sql
+++ b/schema.sql
@@ -63,8 +63,6 @@ CREATE TEMPORARY TABLE IF NOT EXISTS object (
         object_id               INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
         object_handle           INTEGER NOT NULL UNIQUE
                                 CHECK (object_handle > 0 AND object_handle <= 0xFFFFFFFF),
-        hal_pkey_type           INTEGER,
-        hal_pkey_ski            BLOB,
         session_id              INTEGER REFERENCES session
                                 ON DELETE CASCADE ON UPDATE CASCADE
                                 DEFERRABLE INITIALLY DEFERRED,
@@ -79,6 +77,8 @@ CREATE TEMPORARY TABLE IF NOT EXISTS object (
 
 CREATE TEMPORARY TABLE IF NOT EXISTS session_object (
         session_object_id       INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+        hal_pkey_type           INTEGER,
+        hal_pkey_ski            BLOB,
         object_id               INTEGER NOT NULL UNIQUE
                                 REFERENCES object
                                 ON DELETE CASCADE ON UPDATE CASCADE
@@ -94,7 +94,9 @@ CREATE TEMPORARY TABLE IF NOT EXISTS session_attribute (
 );
 
 CREATE TABLE IF NOT EXISTS token_object (
-        token_object_id         INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL
+        token_object_id         INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+        hal_pkey_type           INTEGER,
+        hal_pkey_ski            BLOB
 );
 
 CREATE TABLE IF NOT EXISTS token_attribute (
author	Rob Austein <sra@hactrn.net>	2016-06-28 16:11:44 -0400
committer	Rob Austein <sra@hactrn.net>	2016-06-28 16:11:44 -0400
commit	5b29ea6472dd5ac71771ce9dc61c1193f81267a5 (patch)
tree	b096b0bb7ba8fd64c4f9fbf670c05ac76dfc2fff
parent	f13948ea98afb9cb1e8ea0f7a15554621c1fe08a (diff)