aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pkcs11.c151
1 files changed, 94 insertions, 57 deletions
diff --git a/pkcs11.c b/pkcs11.c
index e08b9ca..3e47c67 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -302,23 +302,81 @@ static pid_t initialized_pid;
* Error checking for libhal calls.
*/
+#define hal_whine(_expr_) (_hal_whine((_expr_), #_expr_, __FILE__, __LINE__, HAL_OK))
+#define hal_whine_allow(_expr_, ...) (_hal_whine((_expr_), #_expr_, __FILE__, __LINE__, __VA_ARGS__, HAL_OK))
+#define hal_check(_expr_) (hal_whine(_expr_) == HAL_OK)
+
#if DEBUG_HAL
-static int _hal_check(const hal_error_t err, const char * const expr, const char * const file, const unsigned line)
+static inline hal_error_t _hal_whine(const hal_error_t err,
+ const char * const expr,
+ const char * const file,
+ const unsigned line, ...)
{
- if (err == HAL_OK)
- return 1;
- fprintf(stderr, "\n%s:%u: %s returned %s\n", file, line, expr, hal_error_string(err));
- return 0;
+ va_list ap;
+ int ok = 0;
+ hal_error_t code;
+
+ va_start(ap, line)
+ do {
+ code = va_arg(ap, hal_error_t);
+ ok |= (err == code);
+ } while (code != HAL_OK);
+ va_end(ap);
+
+ if (!ok)
+ fprintf(stderr, "\n%s:%u: %s returned %s\n", file, line, expr, hal_error_string(err));
+
+ return err;
}
-#define hal_check(_expr_) (_hal_check((_expr_), #_expr_, __FILE__, __LINE__))
+#else /* DEBUG_HAL */
+
+#define _hal_whine(_expr_, ...) (_expr_)
+
+#endif /* DEBUG_HAL */
+
+/*
+ * Error translation fun for the entire family!
+ */
-#else /* DEBUG_HAL */
+#if DEBUG_PKCS11 || DEBUG_HAL
-#define hal_check(_expr_) ((_expr_) == HAL_OK)
+#define hal_p11_error_case(_hal_err_, _p11_err_) \
+ case _hal_err_: fprintf(stderr, "\n%s:%u: Mapping %s to %s\n", file, line, #_hal_err_, #_p11_err_); return _p11_err_;
+
+#else
+
+#define hal_p11_error_case(_hal_err_, _p11_err_) \
+ case _hal_err_: return _p11_err_;
+
+#endif
+
+#define p11_error_from_hal(_hal_err_) \
+ (_p11_error_from_hal((_hal_err_), __FILE__, __LINE__))
+
+#define p11_whine_from_hal(_expr_) \
+ (_p11_error_from_hal(_hal_whine((_expr_), #_expr_, __FILE__, __LINE__, HAL_OK), __FILE__, __LINE__))
+
+static CK_RV _p11_error_from_hal(const hal_error_t err, const char * const file, const unsigned line)
+{
+ switch (err) {
+ hal_p11_error_case(HAL_ERROR_PIN_INCORRECT, CKR_PIN_INCORRECT);
+ hal_p11_error_case(HAL_ERROR_INVALID_SIGNATURE, CKR_SIGNATURE_INVALID);
+
+ /*
+ * More here later, first see if this compiles.
+ */
+
+ default:
+#if DEBUG_PKCS11 || DEBUG_HAL
+ fprintf(stderr, "\n%s:%u: Mapping unhandled HAL error to CKR_FUNCTION_FAILED\n", file, line);
+#endif
+ return CKR_FUNCTION_FAILED;
+ }
+}
-#endif /* DEBUG_HAL */
+#undef hal_p11_error_case
@@ -1590,8 +1648,12 @@ static int p11_object_get_pkey_handle(const p11_session_t * const session,
switch (sqlite3_column_type(q, 1)) {
case SQLITE_BLOB:
- err = hal_rpc_pkey_find(p11_session_hal_client(session), p11_session_hal_session(session), pkey_handle,
- pkey_type, sqlite3_column_blob(q, 1), sqlite3_column_bytes(q, 1), flags);
+ err = hal_whine_allow(hal_rpc_pkey_find(p11_session_hal_client(session),
+ p11_session_hal_session(session), pkey_handle,
+ pkey_type, sqlite3_column_blob(q, 1),
+ sqlite3_column_bytes(q, 1),
+ flags),
+ HAL_ERROR_KEY_NOT_FOUND);
break;
case SQLITE_NULL:
@@ -1602,29 +1664,17 @@ static int p11_object_get_pkey_handle(const p11_session_t * const session,
goto fail;
}
- if (err == HAL_ERROR_KEY_NOT_FOUND) {
- switch (pkey_type) {
-
- case HAL_KEY_TYPE_RSA_PUBLIC:
- if (!p11_object_get_rsa_public_key(session, object_handle, pkey_handle, flags))
- goto fail;
- break;
-
- case HAL_KEY_TYPE_EC_PUBLIC:
- if (!p11_object_get_ec_public_key(session, object_handle, pkey_handle, flags))
- goto fail;
- break;
+ if (err == HAL_OK)
+ ok = 1;
- default:
- (void) hal_check(err);
- goto fail;
- }
- }
+ else if (err == HAL_ERROR_KEY_NOT_FOUND && pkey_type == HAL_KEY_TYPE_RSA_PUBLIC)
+ ok = p11_object_get_rsa_public_key(session, object_handle, pkey_handle, flags);
- else if (!hal_check(err))
- goto fail;
+ else if (err == HAL_ERROR_KEY_NOT_FOUND && pkey_type == HAL_KEY_TYPE_EC_PUBLIC)
+ ok = p11_object_get_ec_public_key(session, object_handle, pkey_handle, flags);
- ok = 1;
+ else
+ ok = 0;
fail:
sqlite3_finalize(q);
@@ -2498,13 +2548,12 @@ static CK_RV sign_hal_rpc(p11_session_t *session,
if (pSignature != NULL && rv == CKR_BUFFER_TOO_SMALL)
lose(CKR_BUFFER_TOO_SMALL);
-#warning Should pay more attention to translating error codes here
- if (pSignature != NULL &&
- !hal_check(hal_rpc_pkey_sign(p11_session_hal_session(session), pkey, session->sign_digest_handle,
- pData, ulDataLen, pSignature, &signature_len, signature_len)))
- lose(CKR_FUNCTION_FAILED);
-
- rv = CKR_OK; /* Fall through */
+ if (pSignature == NULL)
+ rv = CKR_OK;
+ else
+ rv = p11_whine_from_hal(hal_rpc_pkey_sign(p11_session_hal_session(session), pkey, session->sign_digest_handle,
+ pData, ulDataLen, pSignature, &signature_len, signature_len));
+ /* Fall through */
fail:
hal_rpc_pkey_close(pkey);
@@ -2529,14 +2578,9 @@ static CK_RV verify_hal_rpc(p11_session_t *session,
if (!p11_object_get_pkey_handle(session, session->verify_key_handle, &pkey))
lose(CKR_FUNCTION_FAILED);
-#warning Should pay more attention to translating error codes here
-
- if (!hal_check(hal_rpc_pkey_verify(p11_session_hal_session(session), pkey, session->verify_digest_handle,
- pData, ulDataLen, pSignature, ulSignatureLen)))
- lose(CKR_FUNCTION_FAILED);
- /* lose(CKR_SIGNATURE_INVALID); */
-
- rv = CKR_OK; /* Fall through */
+ rv = p11_whine_from_hal(hal_rpc_pkey_verify(p11_session_hal_session(session), pkey, session->verify_digest_handle,
+ pData, ulDataLen, pSignature, ulSignatureLen));
+ /* Fall through */
fail:
hal_rpc_pkey_close(pkey);
@@ -2978,7 +3022,6 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession,
p11_session_t *session;
hal_user_t user = HAL_USER_NONE;
CK_RV rv = CKR_OK;
- hal_error_t err;
mutex_lock_or_return_failure(p11_global_mutex);
@@ -3030,13 +3073,8 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession,
* Try to log in the HSM.
*/
-#warning Might need better error code translation here
- if (!hal_check((err = hal_rpc_login(client, user, (char *) pPin, ulPinLen)))) {
- if (err == HAL_ERROR_PIN_INCORRECT)
- lose(CKR_PIN_INCORRECT);
- else
- lose(CKR_FUNCTION_FAILED);
- }
+ if ((rv = p11_whine_from_hal(hal_rpc_login(client, user, (char *) pPin, ulPinLen))) != CKR_OK)
+ goto fail;
/*
* If we get here, the PIN was OK. Update global login state, then
@@ -3097,9 +3135,8 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession)
assert(p11_session_consistent_login());
-#warning Might want better error translation here
- if (!hal_check(hal_rpc_logout(client)))
- lose(CKR_FUNCTION_FAILED);
+ if ((rv = p11_whine_from_hal(hal_rpc_logout(client))) != CKR_OK)
+ goto fail;
logged_in_as = not_logged_in;