diff options
-rw-r--r-- | pkcs11.c | 39 | ||||
-rw-r--r-- | schema.sql | 8 |
2 files changed, 28 insertions, 19 deletions
@@ -1449,8 +1449,12 @@ static int p11_object_bind_pkey(const p11_session_t * const session, { assert(session != NULL && der != NULL && ski != NULL); - static const char update_pkey_ski[] = - " UPDATE object SET hal_pkey_type = ?1, hal_pkey_ski = ?2 WHERE object_handle = ?3"; + static const char update_format[] = + " UPDATE %s_object SET hal_pkey_type = ?1, hal_pkey_ski = ?2" + " WHERE %s_object_id = (SELECT %s_object_id FROM object WHERE object_handle = ?3)"; + + const char *flavor_1 = is_token_handle(object_handle_1) ? "token" : "session"; + const char *flavor_2 = is_token_handle(object_handle_2) ? "token" : "session"; hal_hash_handle_t hash = {HAL_HANDLE_NONE}; @@ -1466,21 +1470,23 @@ static int p11_object_bind_pkey(const p11_session_t * const session, if (!ok) return 0; - sqlite3_stmt *q = NULL; + sqlite3_stmt *q1 = NULL, *q2 = NULL; - ok = (sql_check_ok(sql_prepare(&q, update_pkey_ski)) && - sql_check_ok(sqlite3_bind_int64(q, 1, pkey_type_1)) && - sql_check_ok(sqlite3_bind_blob( q, 2, ski, ski_len, NULL)) && - sql_check_ok(sqlite3_bind_int64(q, 3, object_handle_1)) && - sql_check_done(sqlite3_step(q))); + ok = (sql_check_ok(sql_prepare(&q1, update_format, flavor_1, flavor_1, flavor_1)) && + sql_check_ok(sqlite3_bind_int64(q1, 1, pkey_type_1)) && + sql_check_ok(sqlite3_bind_blob( q1, 2, ski, ski_len, NULL)) && + sql_check_ok(sqlite3_bind_int64(q1, 3, object_handle_1)) && + sql_check_done(sqlite3_step(q1))); if (ok && object_handle_2 != CK_INVALID_HANDLE) - ok = (sql_check_ok(sqlite3_reset(q)) && - sql_check_ok(sqlite3_bind_int64(q, 1, pkey_type_2)) && - sql_check_ok(sqlite3_bind_int64(q, 3, object_handle_2)) && - sql_check_done(sqlite3_step(q))); + ok = (sql_check_ok(sql_prepare(&q2, update_format, flavor_2, flavor_2, flavor_2)) && + sql_check_ok(sqlite3_bind_int64(q2, 1, pkey_type_2)) && + sql_check_ok(sqlite3_bind_blob( q2, 2, ski, ski_len, NULL)) && + sql_check_ok(sqlite3_bind_int64(q2, 3, object_handle_2)) && + sql_check_done(sqlite3_step(q2))); - sqlite3_finalize(q); + sqlite3_finalize(q1); + sqlite3_finalize(q2); return ok; } @@ -1744,16 +1750,17 @@ static int p11_object_get_pkey_handle(const p11_session_t * const session, const CK_OBJECT_HANDLE object_handle, hal_pkey_handle_t *pkey_handle) { - static const char select_query[] = - " SELECT hal_pkey_type, hal_pkey_ski FROM object WHERE object_handle = ?1"; + static const char select_format[] = + " SELECT hal_pkey_type, hal_pkey_ski FROM %s_object NATURAL JOIN object WHERE object_handle = ?1"; hal_key_flags_t flags = is_token_handle(object_handle) ? 0 : HAL_KEY_FLAG_PROXIMATE; + const char *flavor = is_token_handle(object_handle) ? "token" : "session"; sqlite3_stmt *q = NULL; int ok = 0; assert(pkey_handle != NULL); - if (!sql_check_ok(sql_prepare(&q, select_query)) || + if (!sql_check_ok(sql_prepare(&q, select_format, flavor)) || !sql_check_ok(sqlite3_bind_int64(q, 1, object_handle)) || !sql_check_row(sqlite3_step(q)) || sqlite3_column_type(q, 0) != SQLITE_INTEGER || @@ -63,8 +63,6 @@ CREATE TEMPORARY TABLE IF NOT EXISTS object ( object_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, object_handle INTEGER NOT NULL UNIQUE CHECK (object_handle > 0 AND object_handle <= 0xFFFFFFFF), - hal_pkey_type INTEGER, - hal_pkey_ski BLOB, session_id INTEGER REFERENCES session ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE INITIALLY DEFERRED, @@ -79,6 +77,8 @@ CREATE TEMPORARY TABLE IF NOT EXISTS object ( CREATE TEMPORARY TABLE IF NOT EXISTS session_object ( session_object_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, + hal_pkey_type INTEGER, + hal_pkey_ski BLOB, object_id INTEGER NOT NULL UNIQUE REFERENCES object ON DELETE CASCADE ON UPDATE CASCADE @@ -94,7 +94,9 @@ CREATE TEMPORARY TABLE IF NOT EXISTS session_attribute ( ); CREATE TABLE IF NOT EXISTS token_object ( - token_object_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL + token_object_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, + hal_pkey_type INTEGER, + hal_pkey_ski BLOB ); CREATE TABLE IF NOT EXISTS token_attribute ( |