From 81ae5e07be01c0aacc332eb82db2f0ff452ced3d Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 11 Apr 2017 00:24:34 -0400 Subject: Track API changes on sw/libhal pkcs8 branch. --- pkcs11.c | 29 ++++++++++++++++++----------- pkcs11.h | 6 +++--- pkcs11f.h | 16 ++++++++-------- pkcs11t.h | 2 +- scripts/build-py11-attributes | 2 +- 5 files changed, 31 insertions(+), 24 deletions(-) diff --git a/pkcs11.c b/pkcs11.c index 2350012..538654f 100644 --- a/pkcs11.c +++ b/pkcs11.c @@ -160,6 +160,7 @@ typedef struct p11_session { unsigned find_query_session : 1; /* Find query for session objects in progress */ unsigned find_query_n : 30; /* Number of entries in find_query */ hal_uuid_t find_query_previous_uuid; /* Previous UUID for find queries */ + unsigned find_query_state; /* hal_rpc_pkey_match() internal state */ hal_digest_algorithm_t digest_algorithm, /* Hash algorithm for C_Digest*() */ sign_digest_algorithm, /* Hash algorithm for C_Sign*() */ @@ -1105,8 +1106,7 @@ static int p11_object_pkey_open(const p11_session_t *session, return (session != NULL && pkey != NULL && object != NULL && hal_check(hal_rpc_pkey_open(p11_session_hal_client(session), p11_session_hal_session(session), - pkey, &object->uuid, - p11_object_hal_flags(object_handle)))); + pkey, &object->uuid))); } /* @@ -2935,19 +2935,20 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession) }; hal_uuid_t uuids[64]; - unsigned n; + unsigned n, state; for (p11_session_t *session = p11_session_iterate(NULL); session != NULL; session = p11_session_iterate(session)) { memset(uuids, 0, sizeof(uuids)); + state = 0; do { rv = p11_whine_from_hal(hal_rpc_pkey_match(p11_session_hal_client(session), p11_session_hal_session(session), HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, - 0, - attrs, sizeof(attrs)/sizeof(*attrs), + HAL_KEY_FLAG_TOKEN, 0, + attrs, sizeof(attrs)/sizeof(*attrs), &state, uuids, &n, sizeof(uuids)/sizeof(*uuids), &uuids[sizeof(uuids)/sizeof(*uuids) - 1])); if (rv != CKR_OK) @@ -2957,8 +2958,8 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession) p11_object_free(p11_object_by_uuid(&uuids[i])); hal_pkey_handle_t pkey; rv = p11_whine_from_hal(hal_rpc_pkey_open(p11_session_hal_client(session), - p11_session_hal_session(session), - &pkey, &uuids[i], 0)); + p11_session_hal_session(session), + &pkey, &uuids[i])); if (rv != CKR_OK) goto fail; if ((rv = p11_whine_from_hal(hal_rpc_pkey_delete(pkey))) != CKR_OK) { @@ -2971,13 +2972,14 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession) } memset(uuids, 0, sizeof(uuids)); + state = 0; do { rv = p11_whine_from_hal(hal_rpc_pkey_match(p11_session_hal_client(session), p11_session_hal_session(session), HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, - HAL_KEY_FLAG_TOKEN, - attrs, sizeof(attrs)/sizeof(*attrs), + HAL_KEY_FLAG_TOKEN, HAL_KEY_FLAG_TOKEN, + attrs, sizeof(attrs)/sizeof(*attrs), &state, uuids, &n, sizeof(uuids)/sizeof(*uuids), &uuids[sizeof(uuids)/sizeof(*uuids) - 1])); if (rv != CKR_OK) @@ -3327,7 +3329,7 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, if (session->find_query != NULL) lose(CKR_OPERATION_ACTIVE); - assert(!session->find_query_token && !session->find_query_session); + assert(!session->find_query_token && !session->find_query_session && !session->find_query_state); for (int i = 0; i < ulCount; i++) { if (pTemplate[i].pValue == NULL || pTemplate[i].ulValueLen == 0) @@ -3356,6 +3358,7 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, session->find_query_n = ulCount; session->find_query_token = cka_token == NULL || *cka_token; session->find_query_session = cka_token == NULL || !*cka_token; + session->find_query_state = 0; memset(&session->find_query_previous_uuid, 0, sizeof(session->find_query_previous_uuid)); /* @@ -3423,8 +3426,10 @@ CK_RV C_FindObjects(CK_SESSION_HANDLE hSession, rv = p11_whine_from_hal(hal_rpc_pkey_match(p11_session_hal_client(session), p11_session_hal_session(session), - HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, flags, + HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, + HAL_KEY_FLAG_TOKEN, flags, session->find_query, session->find_query_n, + &session->find_query_state, uuids, &n, sizeof(uuids)/sizeof(*uuids), &previous_uuid)); if (rv != CKR_OK) @@ -3444,6 +3449,7 @@ CK_RV C_FindObjects(CK_SESSION_HANDLE hSession, else { memset(&session->find_query_previous_uuid, 0, sizeof(session->find_query_previous_uuid)); + session->find_query_state = 0; if (session->find_query_token) session->find_query_token = 0; @@ -3477,6 +3483,7 @@ CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession) session->find_query_n = 0; session->find_query_token = 0; session->find_query_session = 0; + session->find_query_state = 0; memset(&session->find_query_previous_uuid, 0, sizeof(session->find_query_previous_uuid)); fail: diff --git a/pkcs11.h b/pkcs11.h index 996b4db..c85110a 100644 --- a/pkcs11.h +++ b/pkcs11.h @@ -9,10 +9,10 @@ * License is also granted to make and use derivative works provided that * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or + * Cryptographic Token Interface (Cryptoki)" in all material mentioning or * referencing the derived work. - * RSA Security Inc. makes no representations concerning either the + * RSA Security Inc. makes no representations concerning either the * merchantability of this software or the suitability of this software for * any particular purpose. It is provided "as is" without express or implied * warranty of any kind. @@ -277,7 +277,7 @@ extern "C" { #define CK_PKCS11_FUNCTION_INFO(name) \ __PASTE(CK_,name) name; - + struct CK_FUNCTION_LIST { CK_VERSION version; /* Cryptoki version */ diff --git a/pkcs11f.h b/pkcs11f.h index a479384..bbd957b 100644 --- a/pkcs11f.h +++ b/pkcs11f.h @@ -7,10 +7,10 @@ * License is also granted to make and use derivative works provided that * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or + * Cryptographic Token Interface (Cryptoki)" in all material mentioning or * referencing the derived work. - * RSA Security Inc. makes no representations concerning either the + * RSA Security Inc. makes no representations concerning either the * merchantability of this software or the suitability of this software for * any particular purpose. It is provided "as is" without express or implied * warranty of any kind. @@ -564,7 +564,7 @@ CK_PKCS11_FUNCTION_INFO(C_Sign) /* C_SignUpdate continues a multiple-part signature operation, - * where the signature is (will be) an appendix to the data, + * where the signature is (will be) an appendix to the data, * and plaintext cannot be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_SignUpdate) #ifdef CK_NEED_ARG_LIST @@ -576,7 +576,7 @@ CK_PKCS11_FUNCTION_INFO(C_SignUpdate) #endif -/* C_SignFinal finishes a multiple-part signature operation, +/* C_SignFinal finishes a multiple-part signature operation, * returning the signature. */ CK_PKCS11_FUNCTION_INFO(C_SignFinal) #ifdef CK_NEED_ARG_LIST @@ -625,12 +625,12 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyInit) ( CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ - CK_OBJECT_HANDLE hKey /* verification key */ + CK_OBJECT_HANDLE hKey /* verification key */ ); #endif -/* C_Verify verifies a signature in a single-part operation, +/* C_Verify verifies a signature in a single-part operation, * where the signature is an appendix to the data, and plaintext * cannot be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_Verify) @@ -646,7 +646,7 @@ CK_PKCS11_FUNCTION_INFO(C_Verify) /* C_VerifyUpdate continues a multiple-part verification - * operation, where the signature is an appendix to the data, + * operation, where the signature is an appendix to the data, * and plaintext cannot be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) #ifdef CK_NEED_ARG_LIST @@ -772,7 +772,7 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateKey) #endif -/* C_GenerateKeyPair generates a public-key/private-key pair, +/* C_GenerateKeyPair generates a public-key/private-key pair, * creating new key objects. */ CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair) #ifdef CK_NEED_ARG_LIST diff --git a/pkcs11t.h b/pkcs11t.h index 386bb04..537a60a 100644 --- a/pkcs11t.h +++ b/pkcs11t.h @@ -891,7 +891,7 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_AES_KEY_WRAP 0x00001090 #define CKM_AES_KEY_WRAP_PAD 0x00001091 -#define CKM_BLOWFISH_CBC_PAD 0x00001094 +#define CKM_BLOWFISH_CBC_PAD 0x00001094 #define CKM_TWOFISH_CBC_PAD 0x00001095 #define CKM_DES_ECB_ENCRYPT_DATA 0x00001100 diff --git a/scripts/build-py11-attributes b/scripts/build-py11-attributes index 3904d3b..cacb63a 100755 --- a/scripts/build-py11-attributes +++ b/scripts/build-py11-attributes @@ -57,7 +57,7 @@ attribute_map = dict( (k, v["type"]) for y in yaml.safe_load(args.yaml_file) for k, v in y.iteritems() - if k.startswith("CKA_") and "type" in v) + if k.startswith("CKA_") and "type" in v) args.output_file.write('''\ # This file was generated automatically from %(input)s by %(script)s. Do not edit this file directly. -- cgit v1.2.3