From eff8f1875aae79760009b8b60d2a94af2d4da779 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 22 Nov 2016 00:19:36 -0500 Subject: Doh, C_GetAttributeValue() lost descriptor lookup during conversion from SQL. Track change from hal_rpc_pkey_attribute_t to hal_pkey_attribute_t. --- pkcs11.c | 52 +++++++++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/pkcs11.c b/pkcs11.c index 4a91e09..821b037 100644 --- a/pkcs11.c +++ b/pkcs11.c @@ -155,7 +155,7 @@ typedef struct p11_session { CK_STATE state; /* State (CKS_*) of this session */ CK_NOTIFY notify; /* Notification callback */ CK_VOID_PTR application; /* Application data */ - hal_rpc_pkey_attribute_t *find_query; /* FindObject*() query state */ + hal_pkey_attribute_t *find_query; /* FindObject*() query state */ unsigned find_query_token : 1; /* Find query for token objects in progress */ unsigned find_query_session : 1; /* Find query for session objects in progress */ unsigned find_query_n : 30; /* Number of entries in find_query */ @@ -779,7 +779,7 @@ static int p11_attributes_set(const hal_pkey_handle_t pkey, const CK_ATTRIBUTE_PTR template, const CK_ULONG template_length, const p11_descriptor_t * const descriptor, - const hal_rpc_pkey_attribute_t *extra, + const hal_pkey_attribute_t *extra, const unsigned extra_length) { assert(template != NULL && descriptor != NULL && (extra_length == 0 || extra != NULL)); @@ -800,7 +800,7 @@ static int p11_attributes_set(const hal_pkey_handle_t pkey, * private. */ - hal_rpc_pkey_attribute_t attributes[template_length + descriptor->n_attributes + extra_length]; + hal_pkey_attribute_t attributes[template_length + descriptor->n_attributes + extra_length]; unsigned n = 0; for (int i = 0; i < template_length; i++) { @@ -1181,7 +1181,7 @@ static int p11_object_create_rsa_public_key(const p11_session_t * const session, CK_OBJECT_HANDLE_PTR phObject, const hal_key_flags_t flags) { - const hal_rpc_pkey_attribute_t extra[] = { + const hal_pkey_attribute_t extra[] = { {.type = CKA_LOCAL, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)} }; @@ -1242,7 +1242,7 @@ static int p11_object_create_ec_public_key(const p11_session_t * const session, CK_OBJECT_HANDLE_PTR phObject, const hal_key_flags_t flags) { - const hal_rpc_pkey_attribute_t extra[] = { + const hal_pkey_attribute_t extra[] = { {.type = CKA_LOCAL, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)} }; @@ -1304,7 +1304,7 @@ static int p11_object_create_rsa_private_key(const p11_session_t * const session CK_OBJECT_HANDLE_PTR phObject, const hal_key_flags_t flags) { - const hal_rpc_pkey_attribute_t extra[] = { + const hal_pkey_attribute_t extra[] = { {.type = CKA_LOCAL, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)}, {.type = CKA_ALWAYS_SENSITIVE, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)}, {.type = CKA_NEVER_EXTRACTABLE, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)} @@ -1388,7 +1388,7 @@ static int p11_object_create_ec_private_key(const p11_session_t * const session, CK_OBJECT_HANDLE_PTR phObject, const hal_key_flags_t flags) { - const hal_rpc_pkey_attribute_t extra[] = { + const hal_pkey_attribute_t extra[] = { {.type = CKA_LOCAL, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)}, {.type = CKA_ALWAYS_SENSITIVE, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)}, {.type = CKA_NEVER_EXTRACTABLE, .value = &const_CK_FALSE, .length = sizeof(const_CK_FALSE)} @@ -1973,7 +1973,7 @@ static CK_RV generate_keypair_rsa_pkcs(p11_session_t *session, if (!hal_check(hal_rsa_key_get_modulus(key, modulus, NULL, sizeof(modulus)))) lose(CKR_FUNCTION_FAILED); - const hal_rpc_pkey_attribute_t extra[] = { + const hal_pkey_attribute_t extra[] = { {.type = CKA_LOCAL, .value = &const_CK_TRUE, .length = sizeof(const_CK_TRUE)}, {.type = CKA_KEY_GEN_MECHANISM, @@ -2073,7 +2073,7 @@ static CK_RV generate_keypair_ec(p11_session_t *session, if (!hal_check(hal_ecdsa_key_to_ecpoint(key, point, NULL, sizeof(point)))) lose(CKR_FUNCTION_FAILED); - const hal_rpc_pkey_attribute_t extra[] = { + const hal_pkey_attribute_t extra[] = { {.type = CKA_LOCAL, .value = &const_CK_TRUE, .length = sizeof(const_CK_TRUE)}, {.type = CKA_KEY_GEN_MECHANISM, @@ -2307,7 +2307,7 @@ static int get_signature_len(const hal_pkey_handle_t pkey, { assert(signature_len != NULL); - hal_rpc_pkey_attribute_t attribute; + hal_pkey_attribute_t attribute; uint8_t attribute_buffer[sizeof(CK_KEY_TYPE)]; hal_curve_name_t curve; CK_BYTE oid[20]; @@ -2321,7 +2321,8 @@ static int get_signature_len(const hal_pkey_handle_t pkey, case CKK_RSA: attribute.type = CKA_MODULUS; - if (!hal_check(hal_rpc_pkey_get_attributes(pkey, &attribute, 1, NULL, 0))) + if (!hal_check(hal_rpc_pkey_get_attributes(pkey, &attribute, 1, NULL, 0)) || + attribute.length == HAL_PKEY_ATTRIBUTE_NIL) return 0; *signature_len = attribute.length; return 1; @@ -2936,7 +2937,7 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession) { assert(p11_session_consistent_login()); - const hal_rpc_pkey_attribute_t attrs[] = { + const hal_pkey_attribute_t attrs[] = { {.type = CKA_PRIVATE, .value = &const_CK_TRUE, .length = sizeof(const_CK_TRUE)} }; @@ -3121,7 +3122,7 @@ CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession, uint8_t attributes_buffer[2 * sizeof(CK_BBOOL)]; hal_pkey_handle_t pkey = {HAL_HANDLE_NONE}; - hal_rpc_pkey_attribute_t attributes[] = { + hal_pkey_attribute_t attributes[] = { [0].type = CKA_PRIVATE, [1].type = CKA_TOKEN }; @@ -3171,6 +3172,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, const p11_descriptor_t *descriptor = NULL; CK_BBOOL cka_extractable, cka_sensitive; CK_OBJECT_CLASS cka_class; + CK_KEY_TYPE cka_key_type; CK_BBOOL cka_private; CK_BBOOL cka_token; int sensitive_object = 0; @@ -3188,12 +3190,13 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, lose(CKR_OBJECT_HANDLE_INVALID); { - hal_rpc_pkey_attribute_t attributes[] = { + hal_pkey_attribute_t attributes[] = { [0].type = CKA_CLASS, [1].type = CKA_PRIVATE, - [2].type = CKA_TOKEN + [2].type = CKA_TOKEN, + [3].type = CKA_KEY_TYPE }; - uint8_t attributes_buffer[sizeof(CK_OBJECT_CLASS) + 2 * sizeof(CK_BBOOL)]; + uint8_t attributes_buffer[sizeof(CK_OBJECT_CLASS) + 2 * sizeof(CK_BBOOL) + sizeof(CK_KEY_TYPE)]; if (!hal_check(hal_rpc_pkey_get_attributes(pkey, attributes, sizeof(attributes)/sizeof(*attributes), @@ -3203,15 +3206,18 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, cka_class = *(CK_OBJECT_CLASS*) attributes[0].value; cka_private = *(CK_BBOOL*) attributes[1].value; cka_token = *(CK_BBOOL*) attributes[2].value; + cka_key_type = *(CK_KEY_TYPE*) attributes[3].value; rv = p11_object_check_rights(session, hObject, p11_object_access_read, cka_private, cka_token); if (rv != CKR_OK) goto fail; + + descriptor = p11_descriptor_from_key_type(cka_class, cka_key_type); } if (cka_class == CKO_PRIVATE_KEY || cka_class == CKO_SECRET_KEY) { - hal_rpc_pkey_attribute_t attributes[] = { + hal_pkey_attribute_t attributes[] = { [0].type = CKA_EXTRACTABLE, [1].type = CKA_SENSITIVE }; @@ -3229,7 +3235,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, } { - hal_rpc_pkey_attribute_t attributes[ulCount]; + hal_pkey_attribute_t attributes[ulCount]; memset(attributes, 0, sizeof(attributes)); @@ -3251,7 +3257,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, rv = CKR_ATTRIBUTE_SENSITIVE; continue; } - if (attributes[i].length == 0) { + if (attributes[i].length == HAL_PKEY_ATTRIBUTE_NIL) { pTemplate[i].ulValueLen = -1; rv = CKR_ATTRIBUTE_TYPE_INVALID; continue; @@ -3309,7 +3315,7 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, { ENTER_PUBLIC_FUNCTION(C_FindObjectsInit); - const size_t attributes_len = sizeof(hal_rpc_pkey_attribute_t) * (ulCount + 1); + const size_t attributes_len = sizeof(hal_pkey_attribute_t) * (ulCount + 1); size_t len = attributes_len; CK_BBOOL *cka_private = NULL; CK_BBOOL *cka_token = NULL; @@ -3339,7 +3345,7 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, if ((mem = malloc(len)) == NULL) lose(CKR_HOST_MEMORY); - session->find_query = (hal_rpc_pkey_attribute_t *) mem; + session->find_query = (hal_pkey_attribute_t *) mem; mem += attributes_len; for (int i = 0; i < ulCount; i++) { @@ -3659,7 +3665,7 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, uint8_t attributes_buffer[sizeof(CK_OBJECT_CLASS) + sizeof(CK_KEY_TYPE) + 3 * sizeof(CK_BBOOL)]; hal_pkey_handle_t pkey = {HAL_HANDLE_NONE}; - hal_rpc_pkey_attribute_t attributes[] = { + hal_pkey_attribute_t attributes[] = { [0].type = CKA_KEY_TYPE, [1].type = CKA_SIGN, [2].type = CKA_PRIVATE, @@ -3895,7 +3901,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, uint8_t attributes_buffer[sizeof(CK_OBJECT_CLASS) + sizeof(CK_KEY_TYPE) + 3 * sizeof(CK_BBOOL)]; hal_pkey_handle_t pkey = {HAL_HANDLE_NONE}; - hal_rpc_pkey_attribute_t attributes[] = { + hal_pkey_attribute_t attributes[] = { [0].type = CKA_KEY_TYPE, [1].type = CKA_VERIFY, [2].type = CKA_PRIVATE, -- cgit v1.2.3