gnome-keyring r1398 - trunk/pkcs11/rpc
- From: nnielsen svn gnome org
- To: svn-commits-list gnome org
- Subject: gnome-keyring r1398 - trunk/pkcs11/rpc
- Date: Thu, 18 Dec 2008 23:27:03 +0000 (UTC)
Author: nnielsen
Date: Thu Dec 18 23:27:03 2008
New Revision: 1398
URL: http://svn.gnome.org/viewvc/gnome-keyring?rev=1398&view=rev
Log:
* pkcs11/rpc/p11-rpc.h:
* pkcs11/rpc/p11-rpc-dispatch.c:
* pkcs11/rpc/p11-rpc-message.c:
* pkcs11/rpc/p11-rpc-module.c:
* pkcs11/rpc/p11-rpc-private.h:
* pkcs11/rpc/p11-rpc-test-daemon.c:
* pkcs11/rpc/p11-rpc-test-module.c:
* pkcs11/rpc/p11-rpc-util.c:
* pkcs11/rpc/Makefile.am: Lots of fixes to new modular
PKCS#11 RPC module.
Modified:
trunk/pkcs11/rpc/Makefile.am
trunk/pkcs11/rpc/p11-rpc-dispatch.c
trunk/pkcs11/rpc/p11-rpc-message.c
trunk/pkcs11/rpc/p11-rpc-module.c
trunk/pkcs11/rpc/p11-rpc-private.h
trunk/pkcs11/rpc/p11-rpc-test-daemon
trunk/pkcs11/rpc/p11-rpc-test-daemon.c
trunk/pkcs11/rpc/p11-rpc-test-module.c
trunk/pkcs11/rpc/p11-rpc-util.c
trunk/pkcs11/rpc/p11-rpc.h
Modified: trunk/pkcs11/rpc/Makefile.am
==============================================================================
--- trunk/pkcs11/rpc/Makefile.am (original)
+++ trunk/pkcs11/rpc/Makefile.am Thu Dec 18 23:27:03 2008
@@ -1,7 +1,13 @@
noinst_LTLIBRARIES = \
libp11-rpc-daemon.la \
- libp11-rpc-module.la \
+ libp11-rpc-module.la
+
+# Have to install this somewhere to get libtool to actually
+# build the library. Strange stuff.
+moduledir = /tmp
+
+module_LTLIBRARIES = \
p11-rpc-test-module.la
noinst_PROGRAMS = \
@@ -29,7 +35,7 @@
libp11_rpc_module_la_SOURCES = \
p11-rpc-calls.h \
- p11-rpc-dispatch.c \
+ p11-rpc-module.c \
p11-rpc-message.c \
p11-rpc-message.h \
p11-rpc-util.c
@@ -48,8 +54,6 @@
p11-rpc-test-module.c
p11_rpc_test_module_la_LIBADD = \
- -lpthread \
- $(top_builddir)/common/libgkr-common-buffer.la \
libp11-rpc-module.la
# -----------------------------------------------------------------------------
Modified: trunk/pkcs11/rpc/p11-rpc-dispatch.c
==============================================================================
--- trunk/pkcs11/rpc/p11-rpc-dispatch.c (original)
+++ trunk/pkcs11/rpc/p11-rpc-dispatch.c Thu Dec 18 23:27:03 2008
@@ -32,6 +32,7 @@
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/un.h>
+#include <pthread.h>
#include <stdlib.h>
#include <string.h>
@@ -45,6 +46,12 @@
/* Argument to pass to C_Initialize */
static CK_C_INITIALIZE_ARGS *pkcs11_initialize_args = NULL;
+/* Mutex for guarding initialization variable */
+static pthread_mutex_t init_mutex = PTHREAD_MUTEX_INITIALIZER;
+
+/* The number of times we've initialized */
+static int pkcs11_initialized = 0;
+
/* The error returned on protocol failures */
#define PARSE_ERROR CKR_DEVICE_ERROR
#define PREP_ERROR CKR_DEVICE_MEMORY
@@ -127,7 +134,6 @@
allocated = cs->allocated;
while (allocated) {
data = (void**)allocated;
- --data;
/* Pointer to the next allocation */
allocated = *data;
@@ -368,6 +374,36 @@
}
static CK_RV
+proto_write_attribute_array (CallState *cs, CK_ATTRIBUTE_PTR array, CK_ULONG len, CK_RV ret)
+{
+ assert (cs);
+
+ /*
+ * When returning an attribute array, certain errors aren't
+ * actually real errors, these are passed through to the other
+ * side along with the attribute array.
+ */
+
+ switch (ret) {
+ case CKR_ATTRIBUTE_SENSITIVE:
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ case CKR_BUFFER_TOO_SMALL:
+ case CKR_OK:
+ break;
+
+ /* Pass all other errors straight through */
+ default:
+ return ret;
+ };
+
+ if (!p11_rpc_message_write_attribute_array (cs->resp, array, len) ||
+ !p11_rpc_message_write_ulong (cs->resp, ret))
+ return PREP_ERROR;
+
+ return CKR_OK;
+}
+
+static CK_RV
proto_read_null_string (CallState *cs, CK_UTF8CHAR_PTR* val)
{
P11RpcMessage *msg;
@@ -601,16 +637,16 @@
_ret = PREP_ERROR;
#define OUT_BYTE_ARRAY(array, len) \
- if (_ret == CKR_OK && !p11_rpc_message_write_byte_array (cs->req, array, len)) \
+ if (_ret == CKR_OK && !p11_rpc_message_write_byte_array (cs->resp, array, len)) \
_ret = PREP_ERROR;
#define OUT_ULONG_ARRAY(array, len) \
- if (_ret == CKR_OK && !p11_rpc_message_write_ulong_array (cs->req, array, len)) \
+ if (_ret == CKR_OK && !p11_rpc_message_write_ulong_array (cs->resp, array, len)) \
_ret = PREP_ERROR;
#define OUT_ATTRIBUTE_ARRAY(array, len) \
- if (_ret == CKR_OK && !p11_rpc_message_write_attribute_array (cs->req, array, len)) \
- _ret = PREP_ERROR;
+ /* Note how we filter return codes */ \
+ _ret = proto_write_attribute_array (cs, array, len, _ret);
#define OUT_INFO(val) \
if (_ret == CKR_OK) \
@@ -639,17 +675,67 @@
static CK_RV
rpc_C_Initialize (CallState *cs)
{
- BEGIN_CALL (C_Initialize);
- PROCESS_CALL ((pkcs11_initialize_args));
- END_CALL;
+ CK_BYTE_PTR handshake;
+ CK_ULONG n_handshake;
+ CK_RV ret = CKR_OK;
+
+ debug (("C_Initialize: enter"));
+
+ assert (cs);
+ assert (pkcs11_module);
+
+ ret = proto_read_byte_array (cs, &handshake, &n_handshake);
+ if (ret == CKR_OK) {
+
+ /* Check to make sure the header matches */
+ if (n_handshake != P11_RPC_HANDSHAKE_LEN ||
+ memcmp (handshake, P11_RPC_HANDSHAKE, n_handshake) != 0) {
+ p11_rpc_warn ("invalid handshake received from connecting module");
+ ret = CKR_GENERAL_ERROR;
+ }
+
+ assert (p11_rpc_message_is_verified (cs->req));
+ }
+
+ if (ret == CKR_OK) {
+
+ pthread_mutex_lock (&init_mutex);
+
+ if (pkcs11_initialized == 0)
+ ret = pkcs11_module->C_Initialize (pkcs11_initialize_args);
+
+ if (ret == CKR_OK)
+ ++pkcs11_initialized;
+
+ pthread_mutex_unlock (&init_mutex);
+ }
+
+ debug (("ret: %d", ret));
+ return ret;
}
static CK_RV
rpc_C_Finalize (CallState *cs)
{
- BEGIN_CALL (C_Finalize);
- PROCESS_CALL ((NULL));
- END_CALL;
+ CK_RV ret;
+
+ debug (("C_Finalize: enter"));
+
+ assert (cs);
+ assert (pkcs11_module);
+
+ pthread_mutex_lock (&init_mutex);
+
+ if (pkcs11_initialized == 1)
+ ret = pkcs11_module->C_Finalize (NULL);
+
+ if (ret == CKR_OK)
+ --pkcs11_initialized;
+
+ pthread_mutex_unlock (&init_mutex);
+
+ debug (("ret: %d", ret));
+ return ret;
}
static CK_RV
@@ -1147,7 +1233,6 @@
IN_ULONG (key);
PROCESS_CALL ((session, &mechanism, key));
END_CALL;
-
}
static CK_RV
@@ -1397,7 +1482,7 @@
BEGIN_CALL (C_Verify);
IN_ULONG (session);
IN_BYTE_ARRAY (data, data_len);
- IN_BYTE_BUFFER (signature, signature_len);
+ IN_BYTE_ARRAY (signature, signature_len);
PROCESS_CALL ((session, data, data_len, signature, signature_len));
END_CALL;
}
@@ -1425,9 +1510,8 @@
BEGIN_CALL (C_VerifyFinal);
IN_ULONG (session);
- IN_BYTE_BUFFER (signature, signature_len);
+ IN_BYTE_ARRAY (signature, signature_len);
PROCESS_CALL ((session, signature, signature_len));
- OUT_BYTE_ARRAY (signature, signature_len);
END_CALL;
}
@@ -1816,7 +1900,7 @@
} else {
if (!p11_rpc_message_prep (resp, P11_RPC_CALL_ERROR, P11_RPC_RESPONSE) ||
!p11_rpc_message_write_ulong (resp, (uint32_t)ret) ||
- !p11_rpc_message_buffer_error (resp)) {
+ p11_rpc_message_buffer_error (resp)) {
p11_rpc_warn ("out of memory responding with error");
return 0;
}
@@ -1902,7 +1986,7 @@
p11_rpc_warn ("out of memory");
return;
}
-
+
/* The main thread loop */
while (TRUE) {
@@ -1955,6 +2039,11 @@
int *sock = arg;
assert (*sock != -1);
+ /* Try and initialize the PKCS#11 module */
+ if (!pkcs11_initialized) {
+
+ }
+
run_dispatch_loop (*sock);
/* The thread closes the socket and marks as done */
@@ -1996,7 +2085,7 @@
/* Cleanup any completed dispatch threads */
for (here = &pkcs11_dispatchers, ds = *here; ds != NULL; ds = *here) {
if (ds->socket == -1) {
- p11_rpc_join_thread (ds->thread);
+ p11_rpc_join_child (ds->thread);
*here = ds->next;
free (ds);
} else {
@@ -2019,8 +2108,8 @@
ds->socket = new_fd;
- /* And create a new thread */
- ds->thread = p11_rpc_create_thread (run_dispatch_thread, &(ds->socket));
+ /* And create a new thread/process */
+ ds->thread = p11_rpc_create_child (run_dispatch_thread, &(ds->socket));
if (!ds->thread) {
free (ds);
p11_rpc_warn ("couldn't create thread for pkcs11 dispatch: %s", strerror (errno));
@@ -2057,12 +2146,12 @@
assert (pkcs11_dispatchers == NULL);
snprintf (pkcs11_socket_path, sizeof (pkcs11_socket_path),
- "%s.%s", socket_path, P11_RPC_SOCKET_EXT);
+ "%s", socket_path);
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
p11_rpc_warn ("couldn't create pkcs11 socket: %s", strerror (errno));
- return -1;
+ return 0;
}
memset(&addr, 0, sizeof(addr));
@@ -2071,20 +2160,20 @@
if (bind (sock, (struct sockaddr*)&addr, sizeof (addr)) < 0) {
p11_rpc_warn ("couldn't bind to pkcs11 socket: %s: %s",
pkcs11_socket_path, strerror (errno));
- return -1;
+ return 0;
}
if (listen (sock, 128) < 0) {
p11_rpc_warn ("couldn't listen on pkcs11 socket: %s: %s",
pkcs11_socket_path, strerror (errno));
- return -1;
+ return 0;
}
pkcs11_module = module;
pkcs11_initialize_args = init_args;
pkcs11_socket = sock;
pkcs11_dispatchers = NULL;
- return 0;
+ return 1;
}
void
@@ -2112,7 +2201,7 @@
/* Forcibly shutdown the connection */
if (ds->socket)
shutdown (ds->socket, SHUT_RDWR);
- p11_rpc_join_thread (ds->thread);
+ p11_rpc_join_child (ds->thread);
/* This is always closed by dispatch thread */
assert (ds->socket == -1);
Modified: trunk/pkcs11/rpc/p11-rpc-message.c
==============================================================================
--- trunk/pkcs11/rpc/p11-rpc-message.c (original)
+++ trunk/pkcs11/rpc/p11-rpc-message.c Thu Dec 18 23:27:03 2008
@@ -456,3 +456,14 @@
return gkr_buffer_add_byte_array (&msg->buffer, buffer, length);
}
+
+int
+p11_rpc_message_write_zero_string (P11RpcMessage *msg, CK_UTF8CHAR* string)
+{
+ assert (msg);
+ assert (string);
+
+ assert (!msg->signature || p11_rpc_message_verify_part (msg, "z"));
+
+ return gkr_buffer_add_string (&msg->buffer, (const char*)string);
+}
Modified: trunk/pkcs11/rpc/p11-rpc-module.c
==============================================================================
--- trunk/pkcs11/rpc/p11-rpc-module.c (original)
+++ trunk/pkcs11/rpc/p11-rpc-module.c Thu Dec 18 23:27:03 2008
@@ -69,12 +69,6 @@
* LOGGING and DEBUGGING
*/
-void
-p11_rpc_log (const char* line)
-{
- fprintf (stderr, "%s\n", line);
-}
-
#if DEBUG_OUTPUT
#define debug(x) p11_rpc_debug x
#else
@@ -86,100 +80,6 @@
if (!(x)) { p11_rpc_warn ("'%s' not true at %s", #x, __func__); return v; }
/* -----------------------------------------------------------------------------
- * MODULE ARGUMENTS
- */
-
-static void
-parse_argument (char *arg)
-{
- char *value;
-
- value = arg + strcspn (arg, ":=");
- if (!*value)
- value = NULL;
- else
- *(value++) = 0;
-
- /* Setup the socket path from the arguments */
- if (strcmp (arg, "socket") == 0) {
- strncpy (pkcs11_socket_path, value, sizeof (pkcs11_socket_path));
- pkcs11_socket_path[sizeof (pkcs11_socket_path) - 1] = 0;
- } else {
- warning(("unrecognized argument: %s", arg));
- }
-}
-
-static void
-parse_arguments (const char *string)
-{
- char quote = '\0';
- char *src, *dup, *at, *arg;
-
- if (!string)
- return;
-
- src = dup = strdup (string);
- if (!dup) {
- warning (("couldn't allocate memory for argument string"));
- return;
- }
-
- arg = at = src;
- for (src = dup; *src; src++) {
-
- /* Matching quote */
- if (quote == *src) {
- quote = '\0';
-
- /* Inside of quotes */
- } else if (quote != '\0') {
- if (*src == '\\') {
- *at++ = *src++;
- if (!*src) {
- warning (("couldn't parse argument string: %s", string));
- goto done;
- }
- if (*src != quote)
- *at++ = '\\';
- }
- *at++ = *src;
-
- /* Space, not inside of quotes */
- } else if (isspace(*src)) {
- *at = 0;
- parse_argument (arg);
- arg = at;
-
- /* Other character outside of quotes */
- } else {
- switch (*src) {
- case '\'':
- case '"':
- quote = *src;
- break;
- case '\\':
- *at++ = *src++;
- if (!*src) {
- warning (("couldn't parse argument string: %s", string));
- goto done;
- }
- /* fall through */
- default:
- *at++ = *src;
- break;
- }
- }
- }
-
-
- if (at != arg)
- parse_argument (arg);
-
-done:
- free (dup);
-}
-
-/* -----------------------------------------------------------------------------
* CALL SESSION
*/
@@ -217,7 +117,6 @@
assert (cs);
assert (cs->socket == -1);
assert (cs->call_status == CALL_INVALID);
- assert (pkcs11_initialized);
assert (pkcs11_socket_path[0]);
debug (("connecting to: %s", pkcs11_socket_path));
@@ -556,10 +455,9 @@
/* If it's an error code then return it */
if (cs->resp->call_id == P11_RPC_CALL_ERROR) {
- ret = p11_rpc_message_read_ulong (cs->resp, &ckerr);
- if (ret != CKR_OK) {
+ if (!p11_rpc_message_read_ulong (cs->resp, &ckerr)) {
warning (("invalid error response from gnome-keyring-daemon: too short"));
- return ret;
+ return CKR_DEVICE_ERROR;
}
if (ckerr <= CKR_OK) {
@@ -858,30 +756,15 @@
static CK_RV
proto_read_info (P11RpcMessage *msg, CK_INFO_PTR info)
{
- CK_RV rv;
-
assert (msg);
assert (info);
- /* The version */
- rv = p11_rpc_message_read_version (msg, &info->cryptokiVersion);
- if (rv != CKR_OK) return rv;
-
- /* The manufacturer */
- rv = p11_rpc_message_read_space_string (msg, info->manufacturerID, 32);
- if (rv != CKR_OK) return rv;
-
- /* The flags */
- rv = p11_rpc_message_read_ulong (msg, &info->flags);
- if (rv != CKR_OK) return rv;
-
- /* The manufacturer */
- rv = p11_rpc_message_read_space_string (msg, info->libraryDescription, 32);
- if (rv != CKR_OK) return rv;
-
- /* The version */
- rv = p11_rpc_message_read_version (msg, &info->libraryVersion);
- if (rv != CKR_OK) return rv;
+ if (!p11_rpc_message_read_version (msg, &info->cryptokiVersion) ||
+ !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) ||
+ !p11_rpc_message_read_ulong (msg, &info->flags) ||
+ !p11_rpc_message_read_space_string (msg, info->libraryDescription, 32) ||
+ !p11_rpc_message_read_version (msg, &info->libraryVersion))
+ return PARSE_ERROR;
return CKR_OK;
}
@@ -889,30 +772,15 @@
static CK_RV
proto_read_slot_info (P11RpcMessage *msg, CK_SLOT_INFO_PTR info)
{
- CK_RV rv;
-
assert (msg);
assert (info);
- /* The description */
- rv = p11_rpc_message_read_space_string (msg, info->slotDescription, 64);
- if (rv != CKR_OK) return rv;
-
- /* The manufacturer */
- rv = p11_rpc_message_read_space_string (msg, info->manufacturerID, 32);
- if (rv != CKR_OK) return rv;
-
- /* The flags */
- rv = p11_rpc_message_read_ulong (msg, &info->flags);
- if (rv != CKR_OK) return rv;
-
- /* The hardware version */
- rv = p11_rpc_message_read_version (msg, &info->hardwareVersion);
- if (rv != CKR_OK) return rv;
-
- /* The firmware version */
- rv = p11_rpc_message_read_version (msg, &info->firmwareVersion);
- if (rv != CKR_OK) return rv;
+ if (!p11_rpc_message_read_space_string (msg, info->slotDescription, 64) ||
+ !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) ||
+ !p11_rpc_message_read_ulong (msg, &info->flags) ||
+ !p11_rpc_message_read_version (msg, &info->hardwareVersion) ||
+ !p11_rpc_message_read_version (msg, &info->firmwareVersion))
+ return PARSE_ERROR;
return CKR_OK;
}
@@ -920,82 +788,28 @@
static CK_RV
proto_read_token_info (P11RpcMessage *msg, CK_TOKEN_INFO_PTR info)
{
- CK_RV rv;
-
assert (msg);
assert (info);
- /* The label */
- rv = p11_rpc_message_read_space_string (msg, info->label, 32);
- if (rv != CKR_OK) return rv;
-
- /* The manufacturer */
- rv = p11_rpc_message_read_space_string (msg, info->manufacturerID, 32);
- if (rv != CKR_OK) return rv;
-
- /* The model */
- rv = p11_rpc_message_read_space_string (msg, info->model, 16);
- if (rv != CKR_OK) return rv;
-
- /* The serial number */
- rv = p11_rpc_message_read_space_string (msg, info->serialNumber, 16);
- if (rv != CKR_OK) return rv;
-
- /* The flags */
- rv = p11_rpc_message_read_ulong (msg, &info->flags);
- if (rv != CKR_OK) return rv;
-
- /* The max session count */
- rv = p11_rpc_message_read_ulong (msg, &info->ulMaxSessionCount);
- if (rv != CKR_OK) return rv;
-
- /* The session count */
- rv = p11_rpc_message_read_ulong (msg, &info->ulSessionCount);
- if (rv != CKR_OK) return rv;
-
- /* The max rw session count */
- rv = p11_rpc_message_read_ulong (msg, &info->ulMaxRwSessionCount);
- if (rv != CKR_OK) return rv;
-
- /* The rw session count */
- rv = p11_rpc_message_read_ulong (msg, &info->ulRwSessionCount);
- if (rv != CKR_OK) return rv;
-
- /* The max pin len */
- rv = p11_rpc_message_read_ulong (msg, &info->ulMaxPinLen);
- if (rv != CKR_OK) return rv;
-
- /* The min pin len */
- rv = p11_rpc_message_read_ulong (msg, &info->ulMinPinLen);
- if (rv != CKR_OK) return rv;
-
- /* The total public memory */
- rv = p11_rpc_message_read_ulong (msg, &info->ulTotalPublicMemory);
- if (rv != CKR_OK) return rv;
-
- /* The free public memory */
- rv = p11_rpc_message_read_ulong (msg, &info->ulFreePublicMemory);
- if (rv != CKR_OK) return rv;
-
- /* The total private memory */
- rv = p11_rpc_message_read_ulong (msg, &info->ulTotalPrivateMemory);
- if (rv != CKR_OK) return rv;
-
- /* The free private memory */
- rv = p11_rpc_message_read_ulong (msg, &info->ulFreePrivateMemory);
- if (rv != CKR_OK) return rv;
-
- /* The hardware version */
- rv = p11_rpc_message_read_version (msg, &info->hardwareVersion);
- if (rv != CKR_OK) return rv;
-
- /* The firmware version */
- rv = p11_rpc_message_read_version (msg, &info->firmwareVersion);
- if (rv != CKR_OK) return rv;
-
- /* The current utc time */
- rv = p11_rpc_message_read_space_string (msg, info->utcTime, 16);
- if (rv != CKR_OK) return rv;
+ if (!p11_rpc_message_read_space_string (msg, info->label, 32) ||
+ !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) ||
+ !p11_rpc_message_read_space_string (msg, info->model, 16) ||
+ !p11_rpc_message_read_space_string (msg, info->serialNumber, 16) ||
+ !p11_rpc_message_read_ulong (msg, &info->flags) ||
+ !p11_rpc_message_read_ulong (msg, &info->ulMaxSessionCount) ||
+ !p11_rpc_message_read_ulong (msg, &info->ulSessionCount) ||
+ !p11_rpc_message_read_ulong (msg, &info->ulMaxRwSessionCount) ||
+ !p11_rpc_message_read_ulong (msg, &info->ulRwSessionCount) ||
+ !p11_rpc_message_read_ulong (msg, &info->ulMaxPinLen) ||
+ !p11_rpc_message_read_ulong (msg, &info->ulMinPinLen) ||
+ !p11_rpc_message_read_ulong (msg, &info->ulTotalPublicMemory) ||
+ !p11_rpc_message_read_ulong (msg, &info->ulFreePublicMemory) ||
+ !p11_rpc_message_read_ulong (msg, &info->ulTotalPrivateMemory) ||
+ !p11_rpc_message_read_ulong (msg, &info->ulFreePrivateMemory) ||
+ !p11_rpc_message_read_version (msg, &info->hardwareVersion) ||
+ !p11_rpc_message_read_version (msg, &info->firmwareVersion) ||
+ !p11_rpc_message_read_space_string (msg, info->utcTime, 16))
+ return PARSE_ERROR;
return CKR_OK;
}
@@ -1003,22 +817,13 @@
static CK_RV
proto_read_mechanism_info (P11RpcMessage *msg, CK_MECHANISM_INFO_PTR info)
{
- CK_RV rv;
-
assert (msg);
assert (info);
- /* The min key size */
- rv = p11_rpc_message_read_ulong (msg, &info->ulMinKeySize);
- if (rv != CKR_OK) return rv;
-
- /* The max key size */
- rv = p11_rpc_message_read_ulong (msg, &info->ulMaxKeySize);
- if (rv != CKR_OK) return rv;
-
- /* The flags */
- rv = p11_rpc_message_read_ulong (msg, &info->flags);
- if (rv != CKR_OK) return rv;
+ if (!p11_rpc_message_read_ulong (msg, &info->ulMinKeySize) ||
+ !p11_rpc_message_read_ulong (msg, &info->ulMaxKeySize) ||
+ !p11_rpc_message_read_ulong (msg, &info->flags))
+ return PARSE_ERROR;
return CKR_OK;
}
@@ -1026,26 +831,14 @@
static CK_RV
proto_read_sesssion_info (P11RpcMessage *msg, CK_SESSION_INFO_PTR info)
{
- CK_RV rv;
-
assert (msg);
assert (info);
- /* The slot id */
- rv = p11_rpc_message_read_ulong (msg, &info->slotID);
- if (rv != CKR_OK) return rv;
-
- /* The state */
- rv = p11_rpc_message_read_ulong (msg, &info->state);
- if (rv != CKR_OK) return rv;
-
- /* The flags */
- rv = p11_rpc_message_read_ulong (msg, &info->flags);
- if (rv != CKR_OK) return rv;
-
- /* The device error code */
- rv = p11_rpc_message_read_ulong (msg, &info->ulDeviceError);
- if (rv != CKR_OK) return rv;
+ if (!p11_rpc_message_read_ulong (msg, &info->slotID) ||
+ !p11_rpc_message_read_ulong (msg, &info->state) ||
+ !p11_rpc_message_read_ulong (msg, &info->flags) ||
+ !p11_rpc_message_read_ulong (msg, &info->ulDeviceError))
+ return PARSE_ERROR;
return CKR_OK;
}
@@ -1200,7 +993,7 @@
_ret = CKR_ARGUMENTS_BAD; \
if (_ret == CKR_OK) \
_ret = proto_read_ulong_array (_cs->resp, (arr), (len), *(len)); \
- if (_ret == CKR_OK) \
+ if (_ret == CKR_OK && arr) \
p11_rpc_mechanism_list_purge (arr, len);
#define OUT_MECHANISM_INFO(info) \
@@ -1219,7 +1012,7 @@
{
CK_C_INITIALIZE_ARGS_PTR args = NULL;
CK_RV ret = CKR_OK;
- const char *env;
+ const char *path;
CallState *cs;
pid_t pid;
int err;
@@ -1279,42 +1072,29 @@
goto done;
}
}
-
- /*
- * We support setting the socket path and other arguments from from the
- * pReserved pointer, similar to how NSS PKCS#11 components are initialized.
- *
- * What we do not support is passing through the pReserved pointer to the other
- * side of the RPC. The other side can have these arguments set on its own.
- */
- if (args && args->pReserved)
- parse_arguments ((const char*)args->pReserved);
-
- /* Lookup the socket path, append '.pkcs11' */
- if (pkcs11_socket_path[0] == 0) {
- env = getenv ("GNOME_KEYRING_SOCKET");
- if (env && env[0]) {
- snprintf (pkcs11_socket_path, sizeof (pkcs11_socket_path),
- "%s.%s", env, P11_RPC_SOCKET_EXT);
- pkcs11_socket_path[sizeof (pkcs11_socket_path) - 1] = 0;
- }
-
- if (pkcs11_socket_path[0] == 0) {
- warning (("missing pkcs11 socket path in environment"));
- ret = CKR_GENERAL_ERROR;
- goto done;
- }
+
+ path = p11_rpc_module_init (args);
+ if (!path || !path[0]) {
+ warning (("missing pkcs11 socket path in environment"));
+ ret = CKR_GENERAL_ERROR;
+ goto done;
}
+
+ /* Make a copy of the socket path */
+ snprintf (pkcs11_socket_path, sizeof (pkcs11_socket_path), "%s", path);
/* Call through and initialize the daemon */
ret = call_lookup (&cs);
if (ret == CKR_OK) {
ret = call_prepare (cs, P11_RPC_CALL_C_Initialize);
if (ret == CKR_OK)
- ret = p11_rpc_message_write_byte_array (cs->req, P11_RPC_HANDSHAKE,
- P11_RPC_HANDSHAKE_LEN);
- if (ret == CKR_OK)
+ if (!p11_rpc_message_write_byte_array (cs->req, P11_RPC_HANDSHAKE, P11_RPC_HANDSHAKE_LEN))
+ ret = CKR_HOST_MEMORY;
+ if (ret == CKR_OK) {
ret = call_run (cs);
+ if (ret == CKR_CRYPTOKI_ALREADY_INITIALIZED)
+ ret = CKR_OK;
+ }
call_done (cs, ret);
}
@@ -1323,7 +1103,7 @@
if (ret == CKR_OK) {
pkcs11_initialized = 1;
pkcs11_initialized_pid = pid;
- } else {
+ } else if (ret != CKR_CRYPTOKI_ALREADY_INITIALIZED) {
pkcs11_initialized = 0;
pkcs11_initialized_pid = 0;
pkcs11_socket_path[0] = 0;
@@ -1712,7 +1492,6 @@
BEGIN_CALL (C_FindObjects);
IN_ULONG (session);
- IN_ULONG (max_count);
IN_ULONG_BUFFER (objects, &max_count);
PROCESS_CALL;
*count = max_count;
@@ -2312,4 +2091,4 @@
*list = &functionList;
return CKR_OK;
-}
\ No newline at end of file
+}
Modified: trunk/pkcs11/rpc/p11-rpc-private.h
==============================================================================
--- trunk/pkcs11/rpc/p11-rpc-private.h (original)
+++ trunk/pkcs11/rpc/p11-rpc-private.h Thu Dec 18 23:27:03 2008
@@ -124,85 +124,86 @@
} P11RpcCall;
/*
- *
- * f = buffer
- *
- *
- *
+ * a_ = prefix denotes array of _
+ * A = CK_ATTRIBUTE
+ * f_ = prefix denotes buffer for _
+ * M = CK_MECHANISM
+ * u = CK_ULONG
+ * s = space padded string
+ * v = CK_VERSION
+ * y = CK_BYTE
+ * z = null terminated string
*/
+
const static P11RpcCall p11_rpc_calls[] = {
{ P11_RPC_CALL_ERROR, "ERROR", NULL, NULL },
-
{ P11_RPC_CALL_C_Initialize, "C_Initialize", "ay", "" },
{ P11_RPC_CALL_C_Finalize, "C_Finalize", "", "" },
{ P11_RPC_CALL_C_GetInfo, "C_GetInfo", "", "vsusv" },
- { P11_RPC_CALL_C_GetSlotList, "C_GetSlotList", "b", "au" },
+ { P11_RPC_CALL_C_GetSlotList, "C_GetSlotList", "yfu", "au" },
{ P11_RPC_CALL_C_GetSlotInfo, "C_GetSlotInfo", "u", "ssuvv" },
{ P11_RPC_CALL_C_GetTokenInfo, "C_GetTokenInfo", "u", "ssssuuuuuuuuuuuvvs" },
- { P11_RPC_CALL_C_GetMechanismList, "C_GetMechanismList", "u", "au" },
+ { P11_RPC_CALL_C_GetMechanismList, "C_GetMechanismList", "ufu", "au" },
{ P11_RPC_CALL_C_GetMechanismInfo, "C_GetMechanismInfo", "uu", "uuu" },
- { P11_RPC_CALL_C_InitToken, "C_InitToken", "uays", "" },
+ { P11_RPC_CALL_C_InitToken, "C_InitToken", "uayz", "" },
{ P11_RPC_CALL_C_WaitForSlotEvent, "C_WaitForSlotEvent", "u", "u" },
-
{ P11_RPC_CALL_C_OpenSession, "C_OpenSession", "uu", "u" },
-
{ P11_RPC_CALL_C_CloseSession, "C_CloseSession", "u", "" },
{ P11_RPC_CALL_C_CloseAllSessions, "C_CloseAllSessions", "u", "" },
{ P11_RPC_CALL_C_GetFunctionStatus, "C_GetFunctionStatus", "u", "" },
{ P11_RPC_CALL_C_CancelFunction, "C_CancelFunction", "u", "" },
-
- { P11_RPC_CALL_C_GetSessionInfo, "C_GetSessionInfo", "", "uuuu" },
- { P11_RPC_CALL_C_InitPIN, "C_InitPIN", "ay", "" },
- { P11_RPC_CALL_C_SetPIN, "C_SetPIN", "ayay", "" },
- { P11_RPC_CALL_C_GetOperationState, "C_GetOperationState", "", "ay" },
- { P11_RPC_CALL_C_SetOperationState, "C_SetOperationState", "ayuu", "" },
- { P11_RPC_CALL_C_Login, "C_Login", "uay", "" },
- { P11_RPC_CALL_C_Logout, "C_Logout", "", "" },
- { P11_RPC_CALL_C_CreateObject, "C_CreateObject", "aA", "u" },
- { P11_RPC_CALL_C_CopyObject, "C_CopyObject", "uaA", "u" },
- { P11_RPC_CALL_C_DestroyObject, "C_DestroyObject", "u", "" },
- { P11_RPC_CALL_C_GetObjectSize, "C_GetObjectSize", "u", "u" },
- { P11_RPC_CALL_C_GetAttributeValue, "C_GetAttributeValue", "uaA", "aAu" },
- { P11_RPC_CALL_C_SetAttributeValue, "C_SetAttributeValue", "uaA", "" },
- { P11_RPC_CALL_C_FindObjectsInit, "C_FindObjectsInit", "aA", "" },
- { P11_RPC_CALL_C_FindObjects, "C_FindObjects", "u", "au" },
- { P11_RPC_CALL_C_FindObjectsFinal, "C_FindObjectsFinal", "", "" },
- { P11_RPC_CALL_C_EncryptInit, "C_EncryptInit", "Mu", "" },
- { P11_RPC_CALL_C_Encrypt, "C_Encrypt", "ay", "ay" },
- { P11_RPC_CALL_C_EncryptUpdate, "C_EncryptUpdate", "ay", "ay" },
- { P11_RPC_CALL_C_EncryptFinal, "C_EncryptFinal", "", "ay" },
- { P11_RPC_CALL_C_DecryptInit, "C_DecryptInit", "Mu", "" },
- { P11_RPC_CALL_C_Decrypt, "C_Decrypt", "ay", "ay" },
- { P11_RPC_CALL_C_DecryptUpdate, "C_DecryptUpdate", "ay", "ay" },
- { P11_RPC_CALL_C_DecryptFinal, "C_DecryptFinal", "", "ay" },
- { P11_RPC_CALL_C_DigestInit, "C_DigestInit", "M", "" },
- { P11_RPC_CALL_C_Digest, "C_Digest", "ay", "ay" },
- { P11_RPC_CALL_C_DigestUpdate, "C_DigestUpdate", "ay", "" },
- { P11_RPC_CALL_C_DigestKey, "C_DigestKey", "u", "" },
- { P11_RPC_CALL_C_DigestFinal, "C_DigestFinal", "", "ay" },
- { P11_RPC_CALL_C_SignInit, "C_SignInit", "Mu", "" },
- { P11_RPC_CALL_C_Sign, "C_Sign", "ay", "ay" },
- { P11_RPC_CALL_C_SignUpdate, "C_SignUpdate", "ay", "" },
- { P11_RPC_CALL_C_SignFinal, "C_SignFinal", "", "ay" },
- { P11_RPC_CALL_C_SignRecoverInit, "C_SignRecoverInit", "Mu", "" },
- { P11_RPC_CALL_C_SignRecover, "C_SignRecover", "ay", "ay" },
- { P11_RPC_CALL_C_VerifyInit, "C_VerifyInit", "Mu", "" },
- { P11_RPC_CALL_C_Verify, "C_Verify", "ayay", "" },
- { P11_RPC_CALL_C_VerifyUpdate, "C_VerifyUpdate", "ay", "" },
- { P11_RPC_CALL_C_VerifyFinal, "C_VerifyFinal", "", "ay" },
- { P11_RPC_CALL_C_VerifyRecoverInit, "C_VerifyRecoverInit", "Mu", "" },
- { P11_RPC_CALL_C_VerifyRecover, "C_VerifyRecover", "ay", "ay" },
- { P11_RPC_CALL_C_DigestEncryptUpdate, "C_DigestEncryptUpdate", "ay", "ay" },
- { P11_RPC_CALL_C_DecryptDigestUpdate, "C_DecryptDigestUpdate", "ay", "ay" },
- { P11_RPC_CALL_C_SignEncryptUpdate, "C_SignEncryptUpdate", "ay", "ay" },
- { P11_RPC_CALL_C_DecryptVerifyUpdate, "C_DecryptVerifyUpdate", "ay", "ay" },
- { P11_RPC_CALL_C_GenerateKey, "C_GenerateKey", "MaA", "u" },
- { P11_RPC_CALL_C_GenerateKeyPair, "C_GenerateKeyPair", "MaAaA", "uu" },
- { P11_RPC_CALL_C_WrapKey, "C_WrapKey", "Muu", "ay" },
- { P11_RPC_CALL_C_UnwrapKey, "C_UnwrapKey", "MuayaA", "u" },
- { P11_RPC_CALL_C_DeriveKey, "C_DeriveKey", "MuaA", "u" },
- { P11_RPC_CALL_C_SeedRandom, "C_SeedRandom", "ay", "" },
- { P11_RPC_CALL_C_GenerateRandom, "C_GenerateRandom", "u", "ay" },
+ { P11_RPC_CALL_C_GetSessionInfo, "C_GetSessionInfo", "u", "uuuu" },
+ { P11_RPC_CALL_C_InitPIN, "C_InitPIN", "uay", "" },
+ { P11_RPC_CALL_C_SetPIN, "C_SetPIN", "uayay", "" },
+ { P11_RPC_CALL_C_GetOperationState, "C_GetOperationState", "ufy", "ay" },
+ { P11_RPC_CALL_C_SetOperationState, "C_SetOperationState", "uayuu", "" },
+ { P11_RPC_CALL_C_Login, "C_Login", "uuay", "" },
+ { P11_RPC_CALL_C_Logout, "C_Logout", "u", "" },
+ { P11_RPC_CALL_C_CreateObject, "C_CreateObject", "uaA", "u" },
+ { P11_RPC_CALL_C_CopyObject, "C_CopyObject", "uuaA", "u" },
+ { P11_RPC_CALL_C_DestroyObject, "C_DestroyObject", "uu", "" },
+ { P11_RPC_CALL_C_GetObjectSize, "C_GetObjectSize", "uu", "u" },
+ { P11_RPC_CALL_C_GetAttributeValue, "C_GetAttributeValue", "uufA", "aAu" },
+ { P11_RPC_CALL_C_SetAttributeValue, "C_SetAttributeValue", "uuaA", "" },
+ { P11_RPC_CALL_C_FindObjectsInit, "C_FindObjectsInit", "uaA", "" },
+ { P11_RPC_CALL_C_FindObjects, "C_FindObjects", "ufu", "au" },
+ { P11_RPC_CALL_C_FindObjectsFinal, "C_FindObjectsFinal", "u", "" },
+ { P11_RPC_CALL_C_EncryptInit, "C_EncryptInit", "uMu" "" },
+ { P11_RPC_CALL_C_Encrypt, "C_Encrypt", "uayfy", "ay" },
+ { P11_RPC_CALL_C_EncryptUpdate, "C_EncryptUpdate", "uayfy", "ay" },
+ { P11_RPC_CALL_C_EncryptFinal, "C_EncryptFinal", "ufy", "ay" },
+ { P11_RPC_CALL_C_DecryptInit, "C_DecryptInit", "uMu", "" },
+ { P11_RPC_CALL_C_Decrypt, "C_Decrypt", "uayfy", "ay" },
+ { P11_RPC_CALL_C_DecryptUpdate, "C_DecryptUpdate", "uayfy", "ay" },
+ { P11_RPC_CALL_C_DecryptFinal, "C_DecryptFinal", "ufy", "ay" },
+ { P11_RPC_CALL_C_DigestInit, "C_DigestInit", "uM", "" },
+ { P11_RPC_CALL_C_Digest, "C_Digest", "uayfy", "ay" },
+ { P11_RPC_CALL_C_DigestUpdate, "C_DigestUpdate", "uay", "" },
+ { P11_RPC_CALL_C_DigestKey, "C_DigestKey", "uu", "" },
+ { P11_RPC_CALL_C_DigestFinal, "C_DigestFinal", "ufy", "ay" },
+ { P11_RPC_CALL_C_SignInit, "C_SignInit", "uMu", "" },
+ { P11_RPC_CALL_C_Sign, "C_Sign", "uayfy", "ay" },
+ { P11_RPC_CALL_C_SignUpdate, "C_SignUpdate", "uay", "" },
+ { P11_RPC_CALL_C_SignFinal, "C_SignFinal", "ufy", "ay" },
+ { P11_RPC_CALL_C_SignRecoverInit, "C_SignRecoverInit", "uMu", "" },
+ { P11_RPC_CALL_C_SignRecover, "C_SignRecover", "uayfy", "ay" },
+ { P11_RPC_CALL_C_VerifyInit, "C_VerifyInit", "uMu", "" },
+ { P11_RPC_CALL_C_Verify, "C_Verify", "uayay", "" },
+ { P11_RPC_CALL_C_VerifyUpdate, "C_VerifyUpdate", "uay", "" },
+ { P11_RPC_CALL_C_VerifyFinal, "C_VerifyFinal", "uay", "" },
+ { P11_RPC_CALL_C_VerifyRecoverInit, "C_VerifyRecoverInit", "uMu", "" },
+ { P11_RPC_CALL_C_VerifyRecover, "C_VerifyRecover", "uayfy", "ay" },
+ { P11_RPC_CALL_C_DigestEncryptUpdate, "C_DigestEncryptUpdate", "uayfy", "ay" },
+ { P11_RPC_CALL_C_DecryptDigestUpdate, "C_DecryptDigestUpdate", "uayfy", "ay" },
+ { P11_RPC_CALL_C_SignEncryptUpdate, "C_SignEncryptUpdate", "uayfy", "ay" },
+ { P11_RPC_CALL_C_DecryptVerifyUpdate, "C_DecryptVerifyUpdate", "uayfy", "ay" },
+ { P11_RPC_CALL_C_GenerateKey, "C_GenerateKey", "uMaA", "u" },
+ { P11_RPC_CALL_C_GenerateKeyPair, "C_GenerateKeyPair", "uMaAaA", "uu" },
+ { P11_RPC_CALL_C_WrapKey, "C_WrapKey", "uMuufy", "ay" },
+ { P11_RPC_CALL_C_UnwrapKey, "C_UnwrapKey", "uMuayaA", "u" },
+ { P11_RPC_CALL_C_DeriveKey, "C_DeriveKey", "uMuaA", "u" },
+ { P11_RPC_CALL_C_SeedRandom, "C_SeedRandom", "uay", "" },
+ { P11_RPC_CALL_C_GenerateRandom, "C_GenerateRandom", "ufy", "ay" },
};
#ifdef _DEBUG
Modified: trunk/pkcs11/rpc/p11-rpc-test-daemon
==============================================================================
Binary files. No diff available.
Modified: trunk/pkcs11/rpc/p11-rpc-test-daemon.c
==============================================================================
--- trunk/pkcs11/rpc/p11-rpc-test-daemon.c (original)
+++ trunk/pkcs11/rpc/p11-rpc-test-daemon.c Thu Dec 18 23:27:03 2008
@@ -37,15 +37,16 @@
#include <dlfcn.h>
#include <pthread.h>
-#define SOCKET_PREFIX "/tmp/p11-rpc-daemon-sock"
+#define SOCKET_PATH "/tmp/p11-rpc-daemon.sock"
+/* Sample configuration for loading NSS remotely */
static CK_C_INITIALIZE_ARGS p11_init_args = {
NULL,
NULL,
NULL,
NULL,
CKF_OS_LOCKING_OK,
- NULL
+ "init-string = configdir='/tmp' certPrefix='' keyPrefix='' secmod='/tmp/secmod.db' flags="
};
static int is_running = 1;
@@ -57,7 +58,7 @@
}
void*
-p11_rpc_create_thread (void (*thread_func) (void*), void* thread_arg)
+p11_rpc_create_child (void (*thread_func) (void*), void* thread_arg)
{
pthread_t *thread;
int error;
@@ -73,7 +74,7 @@
}
void
-p11_rpc_join_thread (void *th)
+p11_rpc_join_child (void *th)
{
pthread_t *thread = th;
void *value;
@@ -131,15 +132,17 @@
errx (1, "couldn't get function list from C_GetFunctionList in libary: %s: 0x%08x",
argv[1], (int)rv);
- if (!p11_rpc_dispatch_init (SOCKET_PREFIX, funcs, &p11_init_args))
+ unlink (SOCKET_PATH);
+ if (!p11_rpc_dispatch_init (SOCKET_PATH, funcs, &p11_init_args))
exit (1);
sock = p11_rpc_dispatch_fd ();
is_running = 1;
while (is_running) {
+ FD_ZERO (&read_fds);
FD_SET (sock, &read_fds);
- ret = select (sock, &read_fds, NULL, NULL, NULL);
+ ret = select (sock + 1, &read_fds, NULL, NULL, NULL);
if (ret < 0) {
if (errno == EINTR)
continue;
Modified: trunk/pkcs11/rpc/p11-rpc-test-module.c
==============================================================================
--- trunk/pkcs11/rpc/p11-rpc-test-module.c (original)
+++ trunk/pkcs11/rpc/p11-rpc-test-module.c Thu Dec 18 23:27:03 2008
@@ -39,3 +39,16 @@
/* Do nothing */
return 1;
}
+
+extern const char*
+p11_rpc_module_init (CK_C_INITIALIZE_ARGS_PTR init_args)
+{
+ /* Same as in daemon */
+ return "/tmp/p11-rpc-daemon.sock";
+}
+
+extern void
+p11_rpc_module_uninit (void)
+{
+ /* Nothing to do */
+}
Modified: trunk/pkcs11/rpc/p11-rpc-util.c
==============================================================================
--- trunk/pkcs11/rpc/p11-rpc-util.c (original)
+++ trunk/pkcs11/rpc/p11-rpc-util.c Thu Dec 18 23:27:03 2008
@@ -28,6 +28,7 @@
#include <stdarg.h>
#include <string.h>
+#include <stdio.h>
static void
do_log (const char *pref, const char *msg, va_list va)
Modified: trunk/pkcs11/rpc/p11-rpc.h
==============================================================================
--- trunk/pkcs11/rpc/p11-rpc.h (original)
+++ trunk/pkcs11/rpc/p11-rpc.h Thu Dec 18 23:27:03 2008
@@ -11,9 +11,13 @@
/* IMPLEMENT: These functions must be implemented by glue code */
-extern void p11_rpc_log (const char *line);
+extern void p11_rpc_log (const char *line);
-extern int p11_rpc_write_credentials (int socket);
+extern const char* p11_rpc_module_init (CK_C_INITIALIZE_ARGS_PTR init_args);
+
+extern void p11_rpc_module_uninit (void);
+
+extern int p11_rpc_write_credentials (int socket);
/* ------------------------------------------------------------------
@@ -39,10 +43,10 @@
extern void p11_rpc_log (const char *line);
-extern void* p11_rpc_create_thread (void (*thread_func) (void*),
- void* thread_arg);
+extern void* p11_rpc_create_child (void (*child_func) (void*),
+ void* child_arg);
-extern void p11_rpc_join_thread (void *thread);
+extern void p11_rpc_join_child (void *child);
extern int p11_rpc_read_credentials (int socket);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
