gnome-keyring r1384 - in trunk: . daemon/pk daemon/pkcs11 daemon/pkix pkcs11
- From: nnielsen svn gnome org
- To: svn-commits-list gnome org
- Subject: gnome-keyring r1384 - in trunk: . daemon/pk daemon/pkcs11 daemon/pkix pkcs11
- Date: Fri, 12 Dec 2008 02:44:24 +0000 (UTC)
Author: nnielsen
Date: Fri Dec 12 02:44:24 2008
New Revision: 1384
URL: http://svn.gnome.org/viewvc/gnome-keyring?rev=1384&view=rev
Log:
* daemon/pk/gkr-pk-cert.c:
* daemon/pk/gkr-pk-privkey.c:
* daemon/pk/gkr-pk-pubkey.c:
* daemon/pk/gkr-pk-pubkey.h:
* daemon/pk/gkr-pk-util.c:
* daemon/pkcs11/gkr-pkcs11-daemon-session.c:
* daemon/pkix/gkr-pkix-asn1.c:
* pkcs11/gkr-pkcs11-module.c: Fix most of the inconsistencies and bugs
highlighted by the p11-tests tool.
Modified:
trunk/ (props changed)
trunk/ChangeLog
trunk/daemon/pk/gkr-pk-cert.c
trunk/daemon/pk/gkr-pk-privkey.c
trunk/daemon/pk/gkr-pk-pubkey.c
trunk/daemon/pk/gkr-pk-pubkey.h
trunk/daemon/pk/gkr-pk-util.c
trunk/daemon/pkcs11/gkr-pkcs11-daemon-session.c
trunk/daemon/pkix/gkr-pkix-asn1.c
trunk/pkcs11/gkr-pkcs11-module.c
Modified: trunk/daemon/pk/gkr-pk-cert.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-cert.c (original)
+++ trunk/daemon/pk/gkr-pk-cert.c Fri Dec 12 02:44:24 2008
@@ -545,11 +545,11 @@
case CKA_SERIAL_NUMBER:
if ((ret = load_certificate (cert)) != CKR_OK)
return ret;
- data = gkr_pkix_asn1_read_value (cert->data->asn1, "tbsCertificate.serialNumber", &n_data, NULL);
- if (!data)
+ cdata = gkr_pkix_asn1_read_element (cert->data->asn1, cert->data->raw, cert->data->n_raw,
+ "tbsCertificate.serialNumber", &n_data);
+ if (!cdata)
return CKR_FUNCTION_FAILED;
- gkr_pk_attribute_set_data (attr, data, n_data);
- g_free (data);
+ gkr_pk_attribute_set_data (attr, cdata, n_data);
return CKR_OK;
case CKA_VALUE:
@@ -588,8 +588,13 @@
case CKA_URL:
case CKA_HASH_OF_SUBJECT_PUBLIC_KEY:
case CKA_HASH_OF_ISSUER_PUBLIC_KEY:
- return CKR_ATTRIBUTE_TYPE_INVALID;
+ gkr_pk_attribute_set_data (attr, "", 0);
+ return CKR_OK;
+ case CKA_JAVA_MIDP_SECURITY_DOMAIN:
+ gkr_pk_attribute_set_ulong(attr, 0);
+ return CKR_OK;
+
case CKA_GNOME_PURPOSE_OIDS:
return read_certificate_purposes (cert, attr);
Modified: trunk/daemon/pk/gkr-pk-privkey.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-privkey.c (original)
+++ trunk/daemon/pk/gkr-pk-privkey.c Fri Dec 12 02:44:24 2008
@@ -316,8 +316,10 @@
obj = GKR_PK_OBJECT (key);
crt = gkr_pk_manager_find_by_id (obj->manager, GKR_TYPE_PK_CERT, keyid);
- if (crt == NULL)
- return CKR_ATTRIBUTE_TYPE_INVALID;
+ if (crt == NULL) {
+ gkr_pk_attribute_set_data(attr, "", 0);
+ return CKR_OK;
+ }
return gkr_pk_object_get_attribute (crt, attr);
}
@@ -485,17 +487,17 @@
case CKA_VALUE:
return CKR_ATTRIBUTE_SENSITIVE;
- /* TODO: We need to implement this: ARRAY[1] (CKM_RSA_PKCS) */
case CKA_ALLOWED_MECHANISMS:
- return CKR_ATTRIBUTE_TYPE_INVALID;
+ return gkr_pk_pubkey_allowed_mechanisms (key->priv->algorithm, attr);
case CKA_UNWRAP_TEMPLATE:
return CKR_ATTRIBUTE_TYPE_INVALID;
- /* We don't support these */
+ /* These will be empty */
case CKA_START_DATE:
case CKA_END_DATE:
- return CKR_ATTRIBUTE_TYPE_INVALID;
+ gkr_pk_attribute_set_data(attr, "", 0);
+ return CKR_OK;
default:
break;
Modified: trunk/daemon/pk/gkr-pk-pubkey.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-pubkey.c (original)
+++ trunk/daemon/pk/gkr-pk-pubkey.c Fri Dec 12 02:44:24 2008
@@ -374,7 +374,8 @@
/* TODO: Once we can generate keys, this should change */
case CKA_KEY_GEN_MECHANISM:
- return CK_UNAVAILABLE_INFORMATION;
+ gkr_pk_attribute_set_ulong (attr, CK_UNAVAILABLE_INFORMATION);
+ return CKR_OK;
case CKA_ID:
/* Always a SHA-1 hash output buffer */
@@ -410,17 +411,17 @@
case CKA_VALUE:
return extract_key_value (key, attr);
- /* TODO: We need to implement this: ARRAY[1] (CKM_RSA_PKCS) */
case CKA_ALLOWED_MECHANISMS:
- return CKR_ATTRIBUTE_TYPE_INVALID;
+ return gkr_pk_pubkey_allowed_mechanisms (key->pub->algorithm, attr);
case CKA_UNWRAP_TEMPLATE:
return CKR_ATTRIBUTE_TYPE_INVALID;
- /* We don't support these */
+ /* These will be empty */
case CKA_START_DATE:
case CKA_END_DATE:
- return CKR_ATTRIBUTE_TYPE_INVALID;
+ gkr_pk_attribute_set_data(attr, "", 0);
+ return CKR_OK;
default:
break;
@@ -596,3 +597,30 @@
return 0;
return key->pub->algorithm;
}
+
+CK_RV
+gkr_pk_pubkey_allowed_mechanisms (int algorithm, CK_ATTRIBUTE_PTR attr)
+{
+ CK_MECHANISM_TYPE mechanisms[3];
+ CK_ULONG n_mechanisms;
+
+ g_return_val_if_fail (attr, CKR_GENERAL_ERROR);
+
+ switch (algorithm) {
+ case GCRY_PK_RSA:
+ mechanisms[0] = CKM_RSA_PKCS;
+ mechanisms[1] = CKM_RSA_X_509;
+ n_mechanisms = 2;
+ break;
+ case GCRY_PK_DSA:
+ mechanisms[0] = CKM_DSA;
+ n_mechanisms = 1;
+ break;
+ default:
+ n_mechanisms = 0;
+ break;
+ }
+
+ gkr_pk_attribute_set_data (attr, mechanisms, sizeof(CK_MECHANISM_TYPE) * n_mechanisms);
+ return CKR_OK;
+}
Modified: trunk/daemon/pk/gkr-pk-pubkey.h
==============================================================================
--- trunk/daemon/pk/gkr-pk-pubkey.h (original)
+++ trunk/daemon/pk/gkr-pk-pubkey.h Fri Dec 12 02:44:24 2008
@@ -63,12 +63,16 @@
CK_RV gkr_pk_pubkey_create (GkrPkManager* manager,
GArray* array, GkrPkObject **object);
-gkrconstid gkr_pk_pubkey_get_keyid (GkrPkPubkey *key);
+gkrconstid gkr_pk_pubkey_get_keyid (GkrPkPubkey *key);
gcry_sexp_t gkr_pk_pubkey_get_key (GkrPkPubkey *key);
int gkr_pk_pubkey_get_algorithm (GkrPkPubkey *key);
+/* TODO: This really should go somewhere else */
+CK_RV gkr_pk_pubkey_allowed_mechanisms (int algorithm,
+ CK_ATTRIBUTE_PTR attr);
+
G_END_DECLS
#endif /* __GKR_PK_PUBKEY_H__ */
Modified: trunk/daemon/pk/gkr-pk-util.c
==============================================================================
--- trunk/daemon/pk/gkr-pk-util.c (original)
+++ trunk/daemon/pk/gkr-pk-util.c Fri Dec 12 02:44:24 2008
@@ -251,7 +251,7 @@
g_assert (attr);
g_assert (str);
- gkr_pk_attribute_set_data (attr, str, strlen (str) + 1);
+ gkr_pk_attribute_set_data (attr, str, strlen (str));
}
void
Modified: trunk/daemon/pkcs11/gkr-pkcs11-daemon-session.c
==============================================================================
--- trunk/daemon/pkcs11/gkr-pkcs11-daemon-session.c (original)
+++ trunk/daemon/pkcs11/gkr-pkcs11-daemon-session.c Fri Dec 12 02:44:24 2008
@@ -324,6 +324,7 @@
flags = 0;
if (!sinfo->readonly)
flags |= CKF_RW_SESSION;
+
write_session_info (resp, 0, state, flags, sinfo->deverror);
return CKR_OK;
@@ -377,14 +378,17 @@
if (!read_byte_array (req, &pin, &pin_len))
return PROTOCOL_ERROR;
- if (user_type != CKU_USER) {
+ if (user_type == CKU_SO) {
/* Readonly session, SO can't log in */
if (sinfo->readonly)
return CKR_SESSION_READ_ONLY_EXISTS;
/* Actually SO can't log in at all ... */
- /* PKCS#11 QUESTION: What should we really be returning here? */
+ return CKR_USER_TYPE_INVALID;
+
+ } else {
+
return CKR_USER_TYPE_INVALID;
}
@@ -1449,7 +1453,7 @@
* When there's an error any operation automatically done.
* We make an exception for functions which we don't implement.
*/
- if (ret != CKR_FUNCTION_NOT_SUPPORTED)
+ if (ret != CKR_FUNCTION_NOT_SUPPORTED && ret != CKR_OPERATION_ACTIVE)
finish_operation (sinfo);
gkr_pkcs11_message_prep (resp, PKCS11_CALL_ERROR, GKR_PKCS11_RESPONSE);
Modified: trunk/daemon/pkix/gkr-pkix-asn1.c
==============================================================================
--- trunk/daemon/pkix/gkr-pkix-asn1.c (original)
+++ trunk/daemon/pkix/gkr-pkix-asn1.c Fri Dec 12 02:44:24 2008
@@ -462,7 +462,7 @@
struct tm tm;
int century, current;
- g_return_val_if_fail (year > 0 && year <= 99, -1);
+ g_return_val_if_fail (year >= 0 && year <= 99, -1);
/* Get the current year */
now = time (NULL);
Modified: trunk/pkcs11/gkr-pkcs11-module.c
==============================================================================
--- trunk/pkcs11/gkr-pkcs11-module.c (original)
+++ trunk/pkcs11/gkr-pkcs11-module.c Fri Dec 12 02:44:24 2008
@@ -1073,7 +1073,7 @@
static CK_RV
proto_read_attribute_array (GkrPkcs11Message *msg, CK_ATTRIBUTE_PTR arr,
- CK_ULONG_PTR len, CK_ULONG max)
+ CK_ULONG_PTR len, CK_ULONG max, int *overflowed)
{
uint32_t i, num, val;
CK_ATTRIBUTE_PTR attr;
@@ -1129,10 +1129,12 @@
/* Just requesting the attribute size */
if (!attr->pValue) {
attr->ulValueLen = attrlen;
+ (*overflowed)++;
/* Wants attribute data, but too small */
} else if (attr->ulValueLen < attrlen) {
attr->ulValueLen = attrlen;
+ (*overflowed)++;
ret = CKR_BUFFER_TOO_SMALL;
/* Wants attribute data, value is null */
@@ -1157,7 +1159,7 @@
static CK_RV
proto_read_byte_array (GkrPkcs11Message *msg, CK_BYTE_PTR arr,
- CK_ULONG_PTR len, CK_ULONG max)
+ CK_ULONG_PTR len, CK_ULONG max, int *overflowed)
{
const unsigned char *val;
size_t vlen;
@@ -1176,11 +1178,15 @@
*len = vlen;
/* Just asking us for size */
- if (!arr)
+ if (!arr) {
+ (*overflowed)++;
return CKR_OK;
+ }
- if (max < vlen)
+ if (max < vlen) {
+ (*overflowed)++;
return CKR_BUFFER_TOO_SMALL;
+ }
/* Enough space, yay */
memcpy (arr, val, vlen);
@@ -1190,7 +1196,7 @@
static CK_RV
proto_read_uint32_array (GkrPkcs11Message *msg, CK_ULONG_PTR arr,
- CK_ULONG_PTR len, CK_ULONG max)
+ CK_ULONG_PTR len, CK_ULONG max, int *overflowed)
{
uint32_t i, num, val;
@@ -1207,8 +1213,12 @@
*len = num;
- if (arr && max < num)
+ if (!arr) {
+ (*overflowed)++;
+ } else if (max < num) {
+ (*overflowed)++;
return CKR_BUFFER_TOO_SMALL;
+ }
/* We need to go ahead and read everything in all cases */
for (i = 0; i < num; ++i) {
@@ -1274,7 +1284,7 @@
/* The slot id (we ignore) */
gkr_buffer_get_uint32 (&msg->buffer, msg->parsed, &msg->parsed, &val);
- info->slotID = 0;
+ info->slotID = slot_id;
/* The state */
gkr_buffer_get_uint32 (&msg->buffer, msg->parsed, &msg->parsed, &val);
@@ -1697,7 +1707,7 @@
DBG (("C_OpenSession: enter"));
PREREQ (pkcs11_initialized, CKR_CRYPTOKI_NOT_INITIALIZED);
PREREQ (session, CKR_ARGUMENTS_BAD);
- PREREQ (flags & CKF_SERIAL_SESSION, CKR_FUNCTION_NOT_PARALLEL);
+ PREREQ (flags & CKF_SERIAL_SESSION, CKR_SESSION_PARALLEL_NOT_SUPPORTED);
if (id != slot_id)
return CKR_SLOT_ID_INVALID;
@@ -1815,7 +1825,7 @@
ret = CKR_SLOT_ID_INVALID;
DBG (("C_CloseAllSessions: %d", ret));
- return CKR_OK;
+ return ret;
}
static CK_RV
@@ -1863,6 +1873,7 @@
}
#define IN_ATTRIBUTE_ARRAY(arr, num) \
+ if (num && !arr) { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \
_ret = gkr_pkcs11_message_write_attribute_array (_cs->req, (arr), (num)); \
if (_ret != CKR_OK) goto _cleanup;
@@ -1883,13 +1894,13 @@
if (_ret != CKR_OK) goto _cleanup;
#define OUT_ATTRIBUTE_ARRAY(arr, num, max) \
- if (!arr) _cs->overflowed = 1; \
- _ret = proto_read_attribute_array (_cs->resp, (arr), (num), (max)); \
+ if (!arr) _cs->overflowed++; \
+ _ret = proto_read_attribute_array (_cs->resp, (arr), (num), (max), &_cs->overflowed); \
if (_ret != CKR_OK) goto _cleanup;
#define OUT_BYTE_ARRAY(arr, len, max) \
- if (!arr) _cs->overflowed = 1; \
- _ret = proto_read_byte_array (_cs->resp, (arr), (len), (max)); \
+ if (!arr) _cs->overflowed++; \
+ _ret = proto_read_byte_array (_cs->resp, (arr), (len), (max), &_cs->overflowed); \
if (_ret != CKR_OK) goto _cleanup;
#define OUT_HANDLE(val) \
@@ -1897,8 +1908,9 @@
if (_ret != CKR_OK) goto _cleanup;
#define OUT_HANDLE_ARRAY(a, n, mx) \
- if (!a) _cs->overflowed = 1; \
- _ret = proto_read_uint32_array (_cs->resp, (a), (n), (mx)); \
+ if (!n) { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \
+ if (!a) _cs->overflowed++; \
+ _ret = proto_read_uint32_array (_cs->resp, (a), (n), (mx), &_cs->overflowed); \
if (_ret != CKR_OK) goto _cleanup;
#define OUT_RETURN_CODE() { \
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
