gnome-keyring r1407 - in trunk: . pkcs11/dot-ssh pkcs11/dot-ssh/tests pkcs11/dot-ssh/tests/test-data pkcs11/gck
- From: nnielsen svn gnome org
- To: svn-commits-list gnome org
- Subject: gnome-keyring r1407 - in trunk: . pkcs11/dot-ssh pkcs11/dot-ssh/tests pkcs11/dot-ssh/tests/test-data pkcs11/gck
- Date: Tue, 23 Dec 2008 19:31:10 +0000 (UTC)
Author: nnielsen
Date: Tue Dec 23 19:31:10 2008
New Revision: 1407
URL: http://svn.gnome.org/viewvc/gnome-keyring?rev=1407&view=rev
Log:
* pkcs11/dot-ssh/gck-ssh-module.c:
* pkcs11/dot-ssh/gck-ssh-private-key.c:
* pkcs11/dot-ssh/gck-ssh-public-key.c:
* pkcs11/dot-ssh/gck-ssh-standalone.c:
* pkcs11/dot-ssh/tests/Makefile.am:
* pkcs11/dot-ssh/tests/p11-tests.conf: (added)
* pkcs11/dot-ssh/tests/*.pub: (added)
* pkcs11/gck/gck-crypto.c:
* pkcs11/gck/gck-manager.c:
* pkcs11/gck/gck-manager.h:
* pkcs11/gck/gck-module.c:
* pkcs11/gck/gck-module.h:
* pkcs11/gck/gck-module-ep.h:
* pkcs11/gck/gck-object.c:
* pkcs11/gck/gck-object.h:
* pkcs11/gck/gck-private-key.c:
* pkcs11/gck/gck-public-key.c:
* pkcs11/gck/gck-util.c: Ran dot-ssh component through testing paces.
Fixed lots of bugs. Implemented string based initialization in gck
ala NSS. dot-ssh can now use any directory.
Added:
trunk/pkcs11/dot-ssh/tests/p11-tests.conf
trunk/pkcs11/dot-ssh/tests/test-data/id_dsa_encrypted.pub
trunk/pkcs11/dot-ssh/tests/test-data/id_dsa_plain.pub
trunk/pkcs11/dot-ssh/tests/test-data/id_rsa_encrypted.pub
trunk/pkcs11/dot-ssh/tests/test-data/id_rsa_plain.pub
Modified:
trunk/ChangeLog
trunk/pkcs11/dot-ssh/gck-ssh-module.c
trunk/pkcs11/dot-ssh/gck-ssh-private-key.c
trunk/pkcs11/dot-ssh/gck-ssh-public-key.c
trunk/pkcs11/dot-ssh/gck-ssh-standalone.c
trunk/pkcs11/dot-ssh/tests/Makefile.am
trunk/pkcs11/gck/gck-crypto.c
trunk/pkcs11/gck/gck-manager.c
trunk/pkcs11/gck/gck-manager.h
trunk/pkcs11/gck/gck-module-ep.h
trunk/pkcs11/gck/gck-module.c
trunk/pkcs11/gck/gck-module.h
trunk/pkcs11/gck/gck-object.c
trunk/pkcs11/gck/gck-object.h
trunk/pkcs11/gck/gck-private-key.c
trunk/pkcs11/gck/gck-public-key.c
trunk/pkcs11/gck/gck-session.c
trunk/pkcs11/gck/gck-util.c
Modified: trunk/pkcs11/dot-ssh/gck-ssh-module.c
==============================================================================
--- trunk/pkcs11/dot-ssh/gck-ssh-module.c (original)
+++ trunk/pkcs11/dot-ssh/gck-ssh-module.c Tue Dec 23 19:31:10 2008
@@ -32,6 +32,7 @@
struct _GckSshModule {
GckModule parent;
GckFileTracker *tracker;
+ gchar *directory;
GHashTable *keys_by_path;
};
@@ -152,6 +153,16 @@
* OBJECT
*/
+static void
+gck_ssh_module_real_parse_argument (GckModule *base, const gchar *name, const gchar *value)
+{
+ GckSshModule *self = GCK_SSH_MODULE (base);
+ if (g_str_equal (name, "directory")) {
+ g_free (self->directory);
+ self->directory = g_strdup (value);
+ }
+}
+
static CK_RV
gck_ssh_module_real_refresh_token (GckModule *base)
{
@@ -166,7 +177,12 @@
GckSshModule *self = GCK_SSH_MODULE (G_OBJECT_CLASS (gck_ssh_module_parent_class)->constructor(type, n_props, props));
g_return_val_if_fail (self, NULL);
-
+ if (!self->directory)
+ self->directory = g_strdup ("~/.ssh");
+ self->tracker = gck_file_tracker_new (self->directory, "*.pub", NULL);
+ g_signal_connect (self->tracker, "file-added", G_CALLBACK (file_load), self);
+ g_signal_connect (self->tracker, "file-changed", G_CALLBACK (file_load), self);
+ g_signal_connect (self->tracker, "file-removed", G_CALLBACK (file_remove), self);
return G_OBJECT (self);
}
@@ -174,10 +190,7 @@
static void
gck_ssh_module_init (GckSshModule *self)
{
- self->tracker = gck_file_tracker_new ("~/.ssh", "*.pub", NULL);
- g_signal_connect (self->tracker, "file-added", G_CALLBACK (file_load), self);
- g_signal_connect (self->tracker, "file-changed", G_CALLBACK (file_load), self);
- g_signal_connect (self->tracker, "file-removed", G_CALLBACK (file_remove), self);
+ self->keys_by_path = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_object_unref);
}
static void
@@ -188,6 +201,8 @@
if (self->tracker)
g_object_unref (self->tracker);
self->tracker = NULL;
+
+ g_hash_table_remove_all (self->keys_by_path);
G_OBJECT_CLASS (gck_ssh_module_parent_class)->dispose (obj);
}
@@ -198,6 +213,12 @@
GckSshModule *self = GCK_SSH_MODULE (obj);
g_assert (self->tracker == NULL);
+
+ g_hash_table_destroy (self->keys_by_path);
+ self->keys_by_path = NULL;
+
+ g_free (self->directory);
+ self->directory = NULL;
G_OBJECT_CLASS (gck_ssh_module_parent_class)->finalize (obj);
}
@@ -212,6 +233,7 @@
gobject_class->dispose = gck_ssh_module_dispose;
gobject_class->finalize = gck_ssh_module_finalize;
+ module_class->parse_argument = gck_ssh_module_real_parse_argument;
module_class->refresh_token = gck_ssh_module_real_refresh_token;
module_class->slot_info = &gck_ssh_module_slot_info;
Modified: trunk/pkcs11/dot-ssh/gck-ssh-private-key.c
==============================================================================
--- trunk/pkcs11/dot-ssh/gck-ssh-private-key.c (original)
+++ trunk/pkcs11/dot-ssh/gck-ssh-private-key.c Tue Dec 23 19:31:10 2008
@@ -66,7 +66,7 @@
res = gck_ssh_openssh_parse_private_key (self->private_data,
self->n_private_data,
- password, -1, &sexp);
+ password, n_password, &sexp);
switch (res) {
case GCK_DATA_LOCKED:
@@ -88,7 +88,7 @@
self->is_encrypted = FALSE;
wrapper = gck_sexp_new (sexp);
- gck_private_key_store_private (GCK_PRIVATE_KEY (self), wrapper, self->is_encrypted ? 1 : 0);
+ gck_private_key_store_private (GCK_PRIVATE_KEY (self), wrapper, self->is_encrypted ? 1 : G_MAXUINT);
gck_sexp_unref (wrapper);
return CKR_OK;
@@ -117,14 +117,14 @@
g_free (self->private_data);
self->private_data = private_data;
self->n_private_data = n_private_data;
+
+ /* Force parsing next time required */
+ gck_private_key_store_private (GCK_PRIVATE_KEY (self), NULL, 0);
/* Try to parse the private data, and note if it's not actually encrypted */
self->is_encrypted = TRUE;
if (unlock_private_key (self, "", 0) == CKR_OK)
self->is_encrypted = FALSE;
-
- /* Force parsing next time required */
- gck_private_key_store_private (GCK_PRIVATE_KEY (self), NULL, 0);
}
/* -----------------------------------------------------------------------------
@@ -141,7 +141,7 @@
return gck_util_set_string (attr, self->label ? self->label : "");
}
- return GCK_OBJECT_GET_CLASS (base)->get_attribute (base, attr);
+ return GCK_OBJECT_CLASS (gck_ssh_private_key_parent_class)->get_attribute (base, attr);
}
static CK_RV
Modified: trunk/pkcs11/dot-ssh/gck-ssh-public-key.c
==============================================================================
--- trunk/pkcs11/dot-ssh/gck-ssh-public-key.c (original)
+++ trunk/pkcs11/dot-ssh/gck-ssh-public-key.c Tue Dec 23 19:31:10 2008
@@ -54,7 +54,7 @@
return gck_util_set_string (attr, self->label ? self->label : "");
}
- return GCK_OBJECT_GET_CLASS (base)->get_attribute (base, attr);
+ return GCK_OBJECT_CLASS (gck_ssh_public_key_parent_class)->get_attribute (base, attr);
}
static void
Modified: trunk/pkcs11/dot-ssh/gck-ssh-standalone.c
==============================================================================
--- trunk/pkcs11/dot-ssh/gck-ssh-standalone.c (original)
+++ trunk/pkcs11/dot-ssh/gck-ssh-standalone.c Tue Dec 23 19:31:10 2008
@@ -43,7 +43,8 @@
CK_RV
C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
{
- g_return_val_if_fail (list, CKR_ARGUMENTS_BAD);
+ if (!list)
+ return CKR_ARGUMENTS_BAD;
g_type_init ();
Modified: trunk/pkcs11/dot-ssh/tests/Makefile.am
==============================================================================
--- trunk/pkcs11/dot-ssh/tests/Makefile.am (original)
+++ trunk/pkcs11/dot-ssh/tests/Makefile.am Tue Dec 23 19:31:10 2008
@@ -9,3 +9,7 @@
$(top_builddir)/common/libgkr-module-common.la
include $(top_srcdir)/tests/gtest.make
+
+p11-tests:
+ p11-tests -f p11-tests.conf ../.libs/gck-dot-ssh-module.so
+
\ No newline at end of file
Added: trunk/pkcs11/dot-ssh/tests/p11-tests.conf
==============================================================================
--- (empty file)
+++ trunk/pkcs11/dot-ssh/tests/p11-tests.conf Tue Dec 23 19:31:10 2008
@@ -0,0 +1,3 @@
+# Configuration for running p11-tests on this module
+init-string = directory='test-data'
+login-context-pin = password
Added: trunk/pkcs11/dot-ssh/tests/test-data/id_dsa_encrypted.pub
==============================================================================
--- (empty file)
+++ trunk/pkcs11/dot-ssh/tests/test-data/id_dsa_encrypted.pub Tue Dec 23 19:31:10 2008
@@ -0,0 +1 @@
+ssh-dss AAAAB3NzaC1kc3MAAACBANHNmw2YHEodUj4Ae27i8Rm8uoLnpS68QEiCJx8bv9P1o0AaD0w55sH+TBzlo7vtAEDlAzIOBY3PMpy5WarELTIeXmFPzKfHL8tuxMbOPaN/wDkDZNnJZsqlyRwlQKStPcAlvLBNuMjA53u2ndMTVghtUHXETQzwxKhXf7TmvfLBAAAAFQDnF/Y8MgFCP0PpRC5ZAQo1dyDEwwAAAIEAr4iOpTeZx8i1QgQpRl+dmbBAtHTXbPiophzNJBge9lixqF0T3egN2B9wGGnumIXmnst9RPPjuu+cHCLfxhXHzLlW8MLwoiF6ZQOx9M8WcfWIl5oiGyr2e969woRf5OcMGQPOQBdws6MEtemRqq5gu6dqDqVl3xfhSZSP9LpqAI8AAACAUjiuQ3qGErsCz++qd0qrR++QA185XGXAPZqQEHcr4iKSlO17hSUYA03kOWtDaeRtJOlxjIjl9iLo3juKGFgxUfo2StScOSO2saTWFGjA4MybHCK1+mIYXRcYrq314yK2Tmbql/UGDWpcCCGXLWpSFHTaXTbJjPd6VL+TO9/8tFk=
Added: trunk/pkcs11/dot-ssh/tests/test-data/id_dsa_plain.pub
==============================================================================
--- (empty file)
+++ trunk/pkcs11/dot-ssh/tests/test-data/id_dsa_plain.pub Tue Dec 23 19:31:10 2008
@@ -0,0 +1 @@
+ssh-dss AAAAB3NzaC1kc3MAAACBAMLJmKPrXjxxvoanZdrNUmv7Otx9KRs3UzJ5HmEKAAJOpyfUPhGG5/v25Z7uW/Ji4/Jc151917SIU/sV/2TVP2Le2HJiOzWxx3ClurGcBWeY3hI2/+98Vc+nrDQQM2qYA7CD4+rC57uO6I9UnI8FyxI9lkpM4wMJL/Z9WJsUJeCzAAAAFQDlup4DQoOneAp/hh0LRGzVbWaUXQAAAIA/YuEQf7NQJiuLTGLfaX1syeWoMIF3DbM4xt4bZcNG3jRbg5uITX4882n8IMW5is6MPizsKXiz9T6KingMqw9wvBt2vcKhYTqES450fSOTNy+3yRnlia2bc6KoRbYBGLytTBUn35tFuR9F6s2sN4f89DPAJZ/svOn2U9M1WMIO2wAAAIANW+HtuJWVmfXRRDJ1goMK+GXixDvBLBbFSDf74kYInt3vUBm4MKprHbmC27TLRymb6IOH1ENpYT3MffZJusQTqqZJKPba5nwLvPP9lzN60bJAtqiWUsqfwHEh6Jx+qoMggm8i6ogJJO2zDlki5Twf1ilN+tinHdOL/2CmPPRMgA==
Added: trunk/pkcs11/dot-ssh/tests/test-data/id_rsa_encrypted.pub
==============================================================================
--- (empty file)
+++ trunk/pkcs11/dot-ssh/tests/test-data/id_rsa_encrypted.pub Tue Dec 23 19:31:10 2008
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4+W0j6ubMFOkdaQ+bSZ5UQCa/HztFKajLjAmJBjiQ2HxMkYTyVhgel1+VXzEMF0mFJx+FML5kF2sf7GA6EXCz7f1A/UiUBfFkD2BYI8WE6o71iFUQ0UK7q8gnPfckSunGdUbb3MZUz+04K6ovR8XQKaOel0EP5rZ4qF457JRg4/w7jrQU9wOuL9m05aaFbPUemACa2M0Yw49PKu6pO8RcjQ3pKokFHkigqTtoRtbk186Rponw4btFt1bQfxxyDWMA1PHz4Gts+EHgOoLfwEN/IErfpYMamgff+1O74qamOTb9LnEkgnWh0UVyf3LcMJLB/fJaEEnoqX0mzf2yon28w==
Added: trunk/pkcs11/dot-ssh/tests/test-data/id_rsa_plain.pub
==============================================================================
--- (empty file)
+++ trunk/pkcs11/dot-ssh/tests/test-data/id_rsa_plain.pub Tue Dec 23 19:31:10 2008
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoD6VKqkhay6pKHSRjAGWWfFPU8xfsi2gnOwP/B1UHDoztx3czhO+py/fTlhCnSP1jsjkrVIZcnzah2fUNFFRgS4+jROBtvbgHsS72V1E6+ZogV+mBJWWAhw0iPrmQ3Kvm38D3PByo5Y7yKO5kIG2LloYLjosJ5F4sx2xh0uz2wXNtnY1b5xhe2+VEksm9OB+FXaUkZC2fQrTNo8ZGFJQSFd8kUhIfbUDJmlYuZ+vvHM+A3Lc9rHyW4IPaRyxFQciRmb+ZQqU2uSdOXAhg17lskuX/q8yCI5Hy5eDicC222oUMdJTtYgwX4dQCU8TICWhxb3x4RCV+g7D99+tkIvv+w==
Modified: trunk/pkcs11/gck/gck-crypto.c
==============================================================================
--- trunk/pkcs11/gck/gck-crypto.c (original)
+++ trunk/pkcs11/gck/gck-crypto.c Tue Dec 23 19:31:10 2008
@@ -111,7 +111,6 @@
g_assert (data);
g_assert (n_data);
g_assert (*n_data);
- g_assert (padding);
g_assert (bits);
/* First try and dig out sexp child based on arguments */
@@ -131,7 +130,7 @@
n_block = (bits + 7) / 8;
gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &len, mpi);
g_return_val_if_fail (gcry == 0, CKR_GENERAL_ERROR);
- g_return_val_if_fail (len > n_block, CKR_GENERAL_ERROR);
+ g_return_val_if_fail (len <= n_block, CKR_GENERAL_ERROR);
offset = n_block - len;
block = g_malloc0 (n_block);
memset (block, 0, offset);
@@ -251,11 +250,11 @@
switch (mech) {
case CKM_RSA_PKCS:
g_return_val_if_fail (algorithm == GCRY_PK_RSA, CKR_GENERAL_ERROR);
- rv = gck_crypto_decrypt_rsa (sexp, gck_crypto_rsa_pad_two, data, n_data, encrypted, n_encrypted);
+ rv = gck_crypto_encrypt_rsa (sexp, gck_crypto_rsa_pad_two, data, n_data, encrypted, n_encrypted);
break;
case CKM_RSA_X_509:
g_return_val_if_fail (algorithm == GCRY_PK_RSA, CKR_GENERAL_ERROR);
- rv = gck_crypto_decrypt_rsa (sexp, gck_crypto_rsa_pad_raw, data, n_data, encrypted, n_encrypted);
+ rv = gck_crypto_encrypt_rsa (sexp, gck_crypto_rsa_pad_raw, data, n_data, encrypted, n_encrypted);
break;
default:
/* Again shouldn't be reached */
@@ -304,7 +303,7 @@
}
/* Now extract and send it back out */
- rv = sexp_to_data (sexp, nbits, encrypted, n_encrypted, NULL, "enc-val", "rsa", "a", NULL);
+ rv = sexp_to_data (sdata, nbits, encrypted, n_encrypted, NULL, "enc-val", "rsa", "a", NULL);
gcry_sexp_release (sdata);
return rv;
@@ -685,13 +684,13 @@
switch (method) {
case CKA_ENCRYPT:
- return gck_crypto_encrypt (sexp, method, bufone, n_bufone, buftwo, n_buftwo);
+ return gck_crypto_encrypt (sexp, mech, bufone, n_bufone, buftwo, n_buftwo);
case CKA_DECRYPT:
- return gck_crypto_decrypt (sexp, method, bufone, n_bufone, buftwo, n_buftwo);
+ return gck_crypto_decrypt (sexp, mech, bufone, n_bufone, buftwo, n_buftwo);
case CKA_SIGN:
- return gck_crypto_sign (sexp, method, bufone, n_bufone, buftwo, n_buftwo);
+ return gck_crypto_sign (sexp, mech, bufone, n_bufone, buftwo, n_buftwo);
case CKA_VERIFY:
- return gck_crypto_verify (sexp, method, bufone, n_bufone, buftwo, *n_buftwo);
+ return gck_crypto_verify (sexp, mech, bufone, n_bufone, buftwo, *n_buftwo);
default:
g_return_val_if_reached (CKR_GENERAL_ERROR);
}
Modified: trunk/pkcs11/gck/gck-manager.c
==============================================================================
--- trunk/pkcs11/gck/gck-manager.c (original)
+++ trunk/pkcs11/gck/gck-manager.c Tue Dec 23 19:31:10 2008
@@ -74,7 +74,7 @@
/* Note objects is being managed */
self->pv->objects = g_list_prepend (self->pv->objects, object);
- gck_object_set_manager (object, self);
+ g_object_set (object, "manager", self, NULL);
}
static void
@@ -95,7 +95,7 @@
/* Release object management */
self->pv->objects = g_list_remove (self->pv->objects, object);
- gck_object_set_manager (object, NULL);
+ g_object_set (object, "manager", NULL, NULL);
}
/* -----------------------------------------------------------------------------
@@ -233,11 +233,12 @@
}
CK_RV
-gck_manager_find_handles (GckManager *self, CK_ATTRIBUTE_PTR template,
- CK_ULONG count, GArray *found)
+gck_manager_find_handles (GckManager *self, gboolean also_private,
+ CK_ATTRIBUTE_PTR template, CK_ULONG count, GArray *found)
{
CK_OBJECT_HANDLE handle;
GckObject *object;
+ gboolean is_private;
GList *l;
g_return_val_if_fail (GCK_IS_MANAGER (self), CKR_GENERAL_ERROR);
@@ -246,6 +247,16 @@
for (l = self->pv->objects; l; l = g_list_next (l)) {
object = GCK_OBJECT (l->data);
+
+ /* Exclude private objects if required */
+ if (!also_private) {
+ if (gck_object_get_attribute_boolean (object, CKA_PRIVATE, &is_private)) {
+ if (is_private)
+ continue;
+ }
+ }
+
+ /* Match all the other attributes */
if (gck_object_match_all (object, template, count)) {
handle = gck_object_get_handle (object);
g_return_val_if_fail (handle != 0, CKR_GENERAL_ERROR);
Modified: trunk/pkcs11/gck/gck-manager.h
==============================================================================
--- trunk/pkcs11/gck/gck-manager.h (original)
+++ trunk/pkcs11/gck/gck-manager.h Tue Dec 23 19:31:10 2008
@@ -89,6 +89,7 @@
CK_OBJECT_HANDLE obj);
CK_RV gck_manager_find_handles (GckManager *self,
+ gboolean also_private,
CK_ATTRIBUTE_PTR template,
CK_ULONG count,
GArray *found);
Modified: trunk/pkcs11/gck/gck-module-ep.h
==============================================================================
--- trunk/pkcs11/gck/gck-module-ep.h (original)
+++ trunk/pkcs11/gck/gck-module-ep.h Tue Dec 23 19:31:10 2008
@@ -53,12 +53,12 @@
args->LockMutex != NULL && args->UnlockMutex != NULL);
if (!supplied_ok) {
- g_warning ("invalid set of mutex calls supplied");
+ g_message ("invalid set of mutex calls supplied");
return CKR_ARGUMENTS_BAD;
}
if (!(args->flags & CKF_OS_LOCKING_OK)) {
- g_warning ("must be able to use our own locking and multi-thread primitives");
+ g_message ("must be able to use our own locking and multi-thread primitives");
return CKR_CANT_LOCK;
}
}
@@ -92,13 +92,15 @@
{
CK_RV rv = CKR_OK;
- g_return_val_if_fail (!reserved, CKR_ARGUMENTS_BAD);
+ if (reserved)
+ return CKR_ARGUMENTS_BAD;
g_static_mutex_lock (&pkcs11_module_mutex);
if (pkcs11_module == NULL) {
rv = CKR_CRYPTOKI_NOT_INITIALIZED;
} else {
+ g_object_run_dispose (G_OBJECT (pkcs11_module));
g_object_unref (pkcs11_module);
pkcs11_module = NULL;
pkcs11_module_pid = 0;
@@ -127,7 +129,8 @@
static CK_RV
gck_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
{
- g_return_val_if_fail (list, CKR_ARGUMENTS_BAD);
+ if (!list)
+ return CKR_ARGUMENTS_BAD;
*list = &gck_module_function_list;
return CKR_OK;
}
Modified: trunk/pkcs11/gck/gck-module.c
==============================================================================
--- trunk/pkcs11/gck/gck-module.c (original)
+++ trunk/pkcs11/gck/gck-module.c Tue Dec 23 19:31:10 2008
@@ -32,18 +32,10 @@
enum {
PROP_0,
PROP_MANAGER,
- PROP_WRITE_PROTECTED
+ PROP_WRITE_PROTECTED,
+ PROP_INITIALIZE_ARGS
};
-#if 0
-enum {
- SIGNAL,
- LAST_SIGNAL
-};
-
-static guint signals[LAST_SIGNAL] = { 0 };
-#endif
-
struct _GckModulePrivate {
GckManager *token_manager;
GHashTable *virtual_slots_by_id; /* Various slot partitions by their ID */
@@ -211,10 +203,106 @@
g_assert_not_reached ();
}
+static void
+parse_argument (GckModule *self, char *arg)
+{
+ gchar *value;
+
+ g_assert (GCK_IS_MODULE (self));
+
+ value = arg + strcspn (arg, ":=");
+ if (!*value)
+ value = NULL;
+ else
+ *(value++) = 0;
+
+ g_strstrip (arg);
+ g_strstrip (value);
+
+ g_return_if_fail (GCK_MODULE_GET_CLASS (self)->parse_argument);
+ GCK_MODULE_GET_CLASS (self)->parse_argument (self, arg, value);
+}
+
+static void
+parse_arguments (GckModule *self, const gchar *string)
+{
+ gchar quote = '\0';
+ gchar *src, *dup, *at, *arg;
+
+ g_assert (GCK_IS_MODULE (self));
+
+ if (!string)
+ return;
+
+ src = dup = g_strdup (string);
+
+ arg = at = src;
+ for (src = dup; *src; src++) {
+
+ /* Matching quote */
+ if (quote == *src) {
+ quote = '\0';
+
+ /* Inside of quotes */
+ } else if (quote != '\0') {
+ if (*src == '\\') {
+ *at++ = *src++;
+ if (!*src) {
+ g_warning ("couldn't parse module argument string");
+ goto done;
+ }
+ if (*src != quote)
+ *at++ = '\\';
+ }
+ *at++ = *src;
+
+ /* Space, not inside of quotes */
+ } else if (g_ascii_isspace(*src)) {
+ *at = 0;
+ parse_argument (self, arg);
+ arg = at;
+
+ /* Other character outside of quotes */
+ } else {
+ switch (*src) {
+ case '\'':
+ case '"':
+ quote = *src;
+ break;
+ case '\\':
+ *at++ = *src++;
+ if (!*src) {
+ g_warning ("couldn't parse module argument string");
+ goto done;
+ }
+ /* fall through */
+ default:
+ *at++ = *src;
+ break;
+ }
+ }
+ }
+
+
+ if (at != arg) {
+ *at = 0;
+ parse_argument (self, arg);
+ }
+
+done:
+ g_free (dup);
+}
+
/* -----------------------------------------------------------------------------
* OBJECT
*/
+static void
+gck_module_real_parse_argument (GckModule *self, const gchar *name, const gchar *value)
+{
+ /* Derived classes should do something interesting */
+}
+
static CK_RV
gck_module_real_refresh_token (GckModule *self)
{
@@ -317,13 +405,17 @@
static void
gck_module_set_property (GObject *obj, guint prop_id, const GValue *value,
- GParamSpec *pspec)
+ GParamSpec *pspec)
{
-#if 0
GckModule *self = GCK_MODULE (obj);
-#endif
+ CK_C_INITIALIZE_ARGS_PTR args;
switch (prop_id) {
+ case PROP_INITIALIZE_ARGS:
+ args = g_value_get_pointer (value);
+ if (args != NULL && args->pReserved != NULL)
+ parse_arguments (self, args->pReserved);
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
break;
@@ -367,6 +459,7 @@
klass->slot_info = &default_slot_info;
klass->token_info = &default_token_info;
+ klass->parse_argument = gck_module_real_parse_argument;
klass->refresh_token = gck_module_real_refresh_token;
klass->login_user = gck_module_real_login_user;
klass->logout_user = gck_module_real_logout_user;
@@ -378,6 +471,10 @@
g_object_class_install_property (gobject_class, PROP_WRITE_PROTECTED,
g_param_spec_boolean ("write-protected", "Write Protected", "Token is write protected",
TRUE, G_PARAM_READABLE));
+
+ g_object_class_install_property (gobject_class, PROP_INITIALIZE_ARGS,
+ g_param_spec_pointer ("initialize-args", "Initialize Args", "Arguments passed to C_Initialize",
+ G_PARAM_WRITABLE | G_PARAM_CONSTRUCT_ONLY));
#if 0
signals[SIGNAL] = g_signal_new ("signal", GCK_TYPE_MODULE,
@@ -446,6 +543,14 @@
return (self->pv->handle_counter)++;
}
+CK_RV
+gck_module_refresh_token (GckModule *self)
+{
+ g_return_val_if_fail (GCK_IS_MODULE (self), CKR_GENERAL_ERROR);
+ g_assert (GCK_MODULE_GET_CLASS (self)->refresh_token);
+ return GCK_MODULE_GET_CLASS (self)->refresh_token (self);
+}
+
/* -----------------------------------------------------------------------------
* PKCS#11
*/
@@ -456,7 +561,9 @@
GckModuleClass *klass;
g_return_val_if_fail (GCK_IS_MODULE (self), CKR_CRYPTOKI_NOT_INITIALIZED);
- g_return_val_if_fail (info, CKR_ARGUMENTS_BAD);
+
+ if (!info)
+ return CKR_ARGUMENTS_BAD;
klass = GCK_MODULE_GET_CLASS (self);
g_return_val_if_fail (klass, CKR_GENERAL_ERROR);
@@ -474,7 +581,9 @@
gck_module_C_GetSlotList (GckModule *self, CK_BBOOL token_present, CK_SLOT_ID_PTR slot_list, CK_ULONG_PTR count)
{
g_return_val_if_fail (GCK_IS_MODULE (self), CKR_CRYPTOKI_NOT_INITIALIZED);
- g_return_val_if_fail (count, CKR_ARGUMENTS_BAD);
+
+ if (!count)
+ return CKR_ARGUMENTS_BAD;
/* Just want to get the count */
if (slot_list == NULL) {
@@ -501,7 +610,9 @@
GckModuleClass *klass;
g_return_val_if_fail (GCK_IS_MODULE (self), CKR_CRYPTOKI_NOT_INITIALIZED);
- g_return_val_if_fail (info, CKR_ARGUMENTS_BAD);
+
+ if (!info)
+ return CKR_ARGUMENTS_BAD;
/* Any slot ID is valid for partitioned module */
@@ -523,7 +634,9 @@
GckModuleClass *klass;
g_return_val_if_fail (GCK_IS_MODULE (self), CKR_CRYPTOKI_NOT_INITIALIZED);
- g_return_val_if_fail (info, CKR_ARGUMENTS_BAD);
+
+ if (!info)
+ return CKR_ARGUMENTS_BAD;
/* Any slot ID is valid for partitioned module */
@@ -552,7 +665,9 @@
guint i;
g_return_val_if_fail (GCK_IS_MODULE (self), CKR_CRYPTOKI_NOT_INITIALIZED);
- g_return_val_if_fail (count, CKR_ARGUMENTS_BAD);
+
+ if (!count)
+ return CKR_ARGUMENTS_BAD;
/* Just want to get the count */
if (mech_list == NULL) {
@@ -566,8 +681,6 @@
return CKR_BUFFER_TOO_SMALL;
}
- g_return_val_if_fail (mech_list, CKR_ARGUMENTS_BAD);
-
*count = n_mechanisms;
for (i = 0; i < n_mechanisms; ++i)
mech_list[i] = mechanism_list[i].mechanism;
@@ -583,7 +696,9 @@
guint index;
g_return_val_if_fail (GCK_IS_MODULE (self), CKR_CRYPTOKI_NOT_INITIALIZED);
- g_return_val_if_fail (info, CKR_ARGUMENTS_BAD);
+
+ if (!info)
+ return CKR_ARGUMENTS_BAD;
for (index = 0; index < n_mechanisms; ++index) {
if (mechanism_list[index].mechanism == type)
@@ -614,7 +729,9 @@
GckSession *session;
g_return_val_if_fail (GCK_IS_MODULE (self), CKR_CRYPTOKI_NOT_INITIALIZED);
- g_return_val_if_fail (handle, CKR_ARGUMENTS_BAD);
+
+ if (!result)
+ return CKR_ARGUMENTS_BAD;
if (!(flags & CKF_SERIAL_SESSION))
return CKR_SESSION_PARALLEL_NOT_SUPPORTED;
@@ -679,6 +796,8 @@
gck_module_C_CloseAllSessions (GckModule *self, CK_SLOT_ID slot_id)
{
VirtualSlot *slot;
+ CK_SESSION_HANDLE handle;
+ GList *l;
g_return_val_if_fail (GCK_IS_MODULE (self), CKR_CRYPTOKI_NOT_INITIALIZED);
@@ -686,6 +805,13 @@
slot = lookup_virtual_slot (self, slot_id);
if (!slot)
return CKR_OK;
+
+ /* Unregister all its sessions */
+ for (l = slot->sessions; l; l = g_list_next (l)) {
+ handle = gck_session_get_handle (l->data);
+ if (!g_hash_table_remove (self->pv->sessions_by_handle, &handle))
+ g_assert_not_reached ();
+ }
unregister_virtual_slot (self, slot);
return CKR_OK;
@@ -712,6 +838,10 @@
/* We don't have support for SO logins */
if (user_type == CKU_SO)
return CKR_USER_TYPE_INVALID;
+
+ /* Some random crap... */
+ if (user_type != CKU_USER)
+ return CKR_USER_TYPE_INVALID;
/* Calculate the virtual slot */
slot_id = gck_session_get_slot_id (session);
Modified: trunk/pkcs11/gck/gck-module.h
==============================================================================
--- trunk/pkcs11/gck/gck-module.h (original)
+++ trunk/pkcs11/gck/gck-module.h Tue Dec 23 19:31:10 2008
@@ -55,12 +55,10 @@
const CK_SLOT_INFO *slot_info;
const CK_TOKEN_INFO *token_info;
- /* signals --------------------------------------------------------- */
-
- void (*signal) (GckModule *module);
-
/* virtual methods */
-
+
+ void (*parse_argument) (GckModule *self, const gchar *name, const gchar *value);
+
CK_RV (*refresh_token) (GckModule *self);
CK_RV (*login_user) (GckModule *self, CK_SLOT_ID slot_id,
@@ -87,7 +85,7 @@
#define GCK_DEFINE_MODULE(prefix, type) \
static GckModule* gck_module_instantiate (CK_C_INITIALIZE_ARGS_PTR args) \
- { return g_object_new ((type), NULL); } \
+ { return g_object_new ((type), "initialize-args", args, NULL); } \
const CK_FUNCTION_LIST_PTR prefix ## _function_list = &gck_module_function_list;
GType gck_module_get_type (void);
@@ -109,6 +107,7 @@
CK_RV gck_module_logout_user (GckModule *self,
CK_SLOT_ID slot_id);
+CK_RV gck_module_refresh_token (GckModule *self);
Modified: trunk/pkcs11/gck/gck-object.c
==============================================================================
--- trunk/pkcs11/gck/gck-object.c (original)
+++ trunk/pkcs11/gck/gck-object.c Tue Dec 23 19:31:10 2008
@@ -129,7 +129,9 @@
{
GckObject *self = GCK_OBJECT (obj);
- gck_object_set_manager (self, NULL);
+ if (self->pv->manager)
+ gck_manager_unregister_object (self->pv->manager, self);
+ g_assert (self->pv->manager == NULL);
G_OBJECT_CLASS (gck_object_parent_class)->dispose (obj);
}
@@ -149,13 +151,25 @@
GParamSpec *pspec)
{
GckObject *self = GCK_OBJECT (obj);
+ GckManager *manager;
switch (prop_id) {
case PROP_HANDLE:
gck_object_set_handle (self, g_value_get_ulong (value));
break;
case PROP_MANAGER:
- gck_object_set_manager (self, g_value_get_object (value));
+ manager = g_value_get_object (value);
+ if (self->pv->manager) {
+ g_return_if_fail (!manager);
+ g_object_remove_weak_pointer (G_OBJECT (self->pv->manager),
+ (gpointer*)&(self->pv->manager));
+ }
+ self->pv->manager = manager;
+ if (self->pv->manager)
+ g_object_add_weak_pointer (G_OBJECT (self->pv->manager),
+ (gpointer*)&(self->pv->manager));
+
+ g_object_notify (G_OBJECT (self), "manager");
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
@@ -298,26 +312,6 @@
return self->pv->manager;
}
-void
-gck_object_set_manager (GckObject *self, GckManager *manager)
-{
- g_return_if_fail (GCK_IS_OBJECT (self));
- g_return_if_fail (!manager || GCK_IS_MANAGER (manager));
-
- if (self->pv->manager) {
- g_return_if_fail (!manager);
- g_object_remove_weak_pointer (G_OBJECT (self->pv->manager),
- (gpointer*)&(self->pv->manager));
- }
-
- self->pv->manager = manager;
- if (self->pv->manager)
- g_object_add_weak_pointer (G_OBJECT (self->pv->manager),
- (gpointer*)&(self->pv->manager));
-
- g_object_notify (G_OBJECT (self), "manager");
-}
-
CK_RV
gck_object_unlock (GckObject *self, CK_UTF8CHAR_PTR pin, CK_ULONG n_pin)
{
@@ -392,5 +386,6 @@
return NULL;
}
+ *n_data = attr.ulValueLen;
return attr.pValue;
}
Modified: trunk/pkcs11/gck/gck-object.h
==============================================================================
--- trunk/pkcs11/gck/gck-object.h (original)
+++ trunk/pkcs11/gck/gck-object.h Tue Dec 23 19:31:10 2008
@@ -67,9 +67,6 @@
GckManager* gck_object_get_manager (GckObject *self);
-void gck_object_set_manager (GckObject *self,
- GckManager *manager);
-
CK_RV gck_object_unlock (GckObject *self,
CK_UTF8CHAR_PTR pin,
CK_ULONG n_pin);
Modified: trunk/pkcs11/gck/gck-private-key.c
==============================================================================
--- trunk/pkcs11/gck/gck-private-key.c (original)
+++ trunk/pkcs11/gck/gck-private-key.c Tue Dec 23 19:31:10 2008
@@ -90,7 +90,7 @@
return CKR_ATTRIBUTE_TYPE_INVALID;
case CKA_ALWAYS_AUTHENTICATE:
- return gck_util_set_bool (attr, self->pv->sexp_uses > 1);
+ return gck_util_set_bool (attr, self->pv->sexp_uses <= 1);
case CKA_MODULUS:
return gck_key_set_key_part (GCK_KEY (self), GCRY_PK_RSA, "n", attr);
@@ -280,6 +280,7 @@
gck_private_key_store_private (GckPrivateKey *self, GckSexp *sexp, guint num_uses)
{
g_return_if_fail (GCK_IS_PRIVATE_KEY (self));
+ g_return_if_fail (!sexp || num_uses);
if (sexp)
gck_sexp_ref (sexp);
Modified: trunk/pkcs11/gck/gck-public-key.c
==============================================================================
--- trunk/pkcs11/gck/gck-public-key.c (original)
+++ trunk/pkcs11/gck/gck-public-key.c Tue Dec 23 19:31:10 2008
@@ -23,6 +23,7 @@
#include "pkcs11/pkcs11.h"
+#include "gck-crypto.h"
#include "gck-public-key.h"
#include "gck-util.h"
@@ -42,6 +43,34 @@
* INTERNAL
*/
+static CK_RV
+return_modulus_bits (GckPublicKey *self, CK_ATTRIBUTE_PTR attr)
+{
+ gcry_sexp_t numbers;
+ gcry_mpi_t mpi;
+ int algorithm;
+ CK_RV rv;
+
+ if (!gck_crypto_sexp_parse_key (gck_sexp_get (gck_key_get_base_sexp (GCK_KEY (self))),
+ &algorithm, NULL, &numbers))
+ g_return_val_if_reached (CKR_GENERAL_ERROR);
+
+ if (algorithm != GCRY_PK_RSA) {
+ gcry_sexp_release (numbers);
+ return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
+
+ g_assert (numbers);
+ if (!gck_crypto_sexp_extract_mpi (numbers, &mpi, "n", NULL))
+ g_return_val_if_reached (CKR_GENERAL_ERROR);
+
+ gcry_sexp_release (numbers);
+ rv = gck_util_set_ulong (attr, gcry_mpi_get_nbits (mpi));
+ gcry_mpi_release (mpi);
+
+ return rv;
+}
+
/* -----------------------------------------------------------------------------
* PUBLIC_KEY
*/
@@ -54,6 +83,9 @@
switch (attr->type)
{
+ case CKA_CLASS:
+ return gck_util_set_ulong (attr, CKO_PUBLIC_KEY);
+
case CKA_ENCRYPT:
return gck_util_set_bool (attr, gck_key_get_algorithm (GCK_KEY (self)) == GCRY_PK_RSA);
@@ -72,6 +104,9 @@
case CKA_WRAP_TEMPLATE:
return CKR_ATTRIBUTE_TYPE_INVALID;
+ case CKA_MODULUS_BITS:
+ return return_modulus_bits (self, attr);
+
case CKA_MODULUS:
return gck_key_set_key_part (GCK_KEY (self), GCRY_PK_RSA, "n", attr);
@@ -115,6 +150,18 @@
}
#endif
+static GckSexp*
+gck_public_key_acquire_crypto_sexp (GckKey *self)
+{
+ GckSexp* sexp;
+
+ sexp = gck_key_get_base_sexp (self);
+ if (sexp != NULL)
+ gck_sexp_ref (sexp);
+
+ return sexp;
+}
+
static GObject*
gck_public_key_constructor (GType type, guint n_props, GObjectConstructParam *props)
{
@@ -185,6 +232,7 @@
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GckObjectClass *gck_class = GCK_OBJECT_CLASS (klass);
+ GckKeyClass *key_class = GCK_KEY_CLASS (klass);
gck_public_key_parent_class = g_type_class_peek_parent (klass);
#if 0
@@ -202,6 +250,8 @@
gck_class->set_attribute = gck_public_key_real_set_attribute;
#endif
+ key_class->acquire_crypto_sexp = gck_public_key_acquire_crypto_sexp;
+
#if 0
g_public_key_class_install_property (gobject_class, PROP_PUBLIC_KEY,
g_param_spec_pointer ("public_key", "PublicKey", "PublicKey.", G_PARAM_READWRITE));
Modified: trunk/pkcs11/gck/gck-session.c
==============================================================================
--- trunk/pkcs11/gck/gck-session.c (original)
+++ trunk/pkcs11/gck/gck-session.c Tue Dec 23 19:31:10 2008
@@ -96,8 +96,8 @@
self->pv->crypto_method = 0;
if (self->pv->current_object)
- g_object_remove_weak_pointer (G_OBJECT (self->pv->current_object),
- (gpointer*)&(self->pv->current_object));
+ g_object_unref (self->pv->current_object);
+
self->pv->current_object = NULL;
self->pv->current_operation = NULL;
}
@@ -437,7 +437,7 @@
g_param_spec_ulong ("handle", "Handle", "PKCS#11 session handle",
0, G_MAXULONG, 0, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
- g_object_class_install_property (gobject_class, PROP_HANDLE,
+ g_object_class_install_property (gobject_class, PROP_SLOT_ID,
g_param_spec_ulong ("slot-id", "Slot ID", "Slot ID this session is opened on",
0, G_MAXULONG, 0, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
@@ -579,7 +579,8 @@
gck_session_C_GetSessionInfo(GckSession* self, CK_SESSION_INFO_PTR info)
{
g_return_val_if_fail (GCK_IS_SESSION (self), CKR_SESSION_HANDLE_INVALID);
- g_return_val_if_fail (info, CKR_ARGUMENTS_BAD);
+ if (!info)
+ return CKR_ARGUMENTS_BAD;
info->slotID = self->pv->slot_id;
if (self->pv->logged_in)
@@ -587,7 +588,7 @@
else
info->state = self->pv->read_only ? CKS_RO_PUBLIC_SESSION : CKS_RW_PUBLIC_SESSION;
info->flags = CKF_SERIAL_SESSION;
- if (self->pv->read_only)
+ if (!self->pv->read_only)
info->flags |= CKF_RW_SESSION;
info->ulDeviceError = 0;
@@ -664,7 +665,8 @@
CK_RV code, rv;
g_return_val_if_fail (GCK_IS_SESSION (self), CKR_SESSION_HANDLE_INVALID);
- g_return_val_if_fail (!count || template, CKR_ARGUMENTS_BAD);
+ if (!(!count || template))
+ return CKR_ARGUMENTS_BAD;
rv = gck_session_lookup_readable_object (self, handle, &object);
if (rv != CKR_OK)
@@ -677,8 +679,11 @@
/* Not a true error, keep going */
if (code == CKR_ATTRIBUTE_SENSITIVE ||
- code == CKR_ATTRIBUTE_TYPE_INVALID ||
- code == CKR_BUFFER_TOO_SMALL) {
+ code == CKR_ATTRIBUTE_TYPE_INVALID) {
+ template[i].ulValueLen = (CK_ULONG)-1;
+ rv = code;
+
+ } else if(code == CKR_BUFFER_TOO_SMALL) {
rv = code;
/* Any other error aborts */
@@ -710,13 +715,15 @@
gck_session_C_FindObjectsInit (GckSession* self, CK_ATTRIBUTE_PTR template,
CK_ULONG count)
{
+ gboolean also_private;
CK_BBOOL token;
GArray *found;
gboolean all;
CK_RV rv;
g_return_val_if_fail (GCK_IS_SESSION (self), CKR_SESSION_HANDLE_INVALID);
- g_return_val_if_fail (template || !count, CKR_ARGUMENTS_BAD);
+ if (!(template || !count))
+ return CKR_ARGUMENTS_BAD;
if (self->pv->current_operation)
return CKR_OPERATION_ACTIVE;
@@ -726,20 +733,27 @@
/* An array of object handles */
found = g_array_new (FALSE, TRUE, sizeof (CK_OBJECT_HANDLE));
+
+ /* If not logged in, then skip private objects */
+ also_private = gck_session_get_logged_in (self);
+
+ if (all || token) {
+ rv = gck_module_refresh_token (self->pv->module);
+ if (rv == CKR_OK)
+ rv = gck_manager_find_handles (gck_module_get_manager (self->pv->module),
+ also_private, template, count, found);
+ }
- if (all || token)
- rv = gck_manager_find_handles (gck_module_get_manager (self->pv->module),
+ if (rv == CKR_OK && (all || !token)) {
+ rv = gck_manager_find_handles (self->pv->manager, also_private,
template, count, found);
-
- if (rv == CKR_OK && (all || !token))
- rv = gck_manager_find_handles (self->pv->manager, template,
- count, found);
+ }
if (rv != CKR_OK) {
g_array_free (found, TRUE);
return rv;
}
-
+
g_assert (!self->pv->current_operation);
g_assert (!self->pv->found_objects);
@@ -757,8 +771,10 @@
GArray *found;
g_return_val_if_fail (GCK_IS_SESSION (self), CKR_SESSION_HANDLE_INVALID);
- g_return_val_if_fail (objects || !max_count, CKR_ARGUMENTS_BAD);
- g_return_val_if_fail (count, CKR_ARGUMENTS_BAD);
+ if (!(objects || !max_count))
+ return CKR_ARGUMENTS_BAD;
+ if (!count)
+ return CKR_ARGUMENTS_BAD;
if (self->pv->current_operation != cleanup_found)
return CKR_OPERATION_NOT_INITIALIZED;
@@ -767,11 +783,13 @@
found = self->pv->found_objects;
n_objects = MIN (max_count, found->len);
+ if (n_objects > 0) {
+ for (i = 0; i < n_objects; ++i)
+ objects[i] = g_array_index (found, CK_OBJECT_HANDLE, i);
+ g_array_remove_range (found, 0, n_objects);
+ }
- for (i = 0; i < n_objects; ++i)
- objects[i] = g_array_index (found, CK_OBJECT_HANDLE, i);
-
- g_array_remove_range (found, 0, n_objects);
+ *count = n_objects;
return CKR_OK;
}
@@ -793,7 +811,8 @@
CK_OBJECT_HANDLE key)
{
g_return_val_if_fail (GCK_IS_SESSION (self), CKR_SESSION_HANDLE_INVALID);
- g_return_val_if_fail (mechanism, CKR_ARGUMENTS_BAD);
+ if (!mechanism)
+ return CKR_ARGUMENTS_BAD;
return prepare_crypto (self, mechanism, CKA_ENCRYPT, key);
}
@@ -802,7 +821,8 @@
CK_BYTE_PTR encrypted_data, CK_ULONG_PTR encrypted_data_len)
{
g_return_val_if_fail (GCK_IS_SESSION (self), CKR_SESSION_HANDLE_INVALID);
- g_return_val_if_fail (data, CKR_ARGUMENTS_BAD);
+ if (!data || !encrypted_data_len)
+ return CKR_ARGUMENTS_BAD;
return process_crypto (self, CKA_ENCRYPT, data, data_len, encrypted_data, encrypted_data_len);
}
@@ -828,7 +848,8 @@
CK_OBJECT_HANDLE key)
{
g_return_val_if_fail (GCK_IS_SESSION (self), CKR_SESSION_HANDLE_INVALID);
- g_return_val_if_fail (mechanism, CKR_ARGUMENTS_BAD);
+ if (!mechanism)
+ return CKR_ARGUMENTS_BAD;
return prepare_crypto (self, mechanism, CKA_DECRYPT, key);
}
@@ -837,7 +858,8 @@
CK_ULONG enc_data_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len)
{
g_return_val_if_fail (GCK_IS_SESSION (self), CKR_SESSION_HANDLE_INVALID);
- g_return_val_if_fail (data, CKR_ARGUMENTS_BAD);
+ if (!enc_data || !data_len)
+ return CKR_ARGUMENTS_BAD;
return process_crypto (self, CKA_DECRYPT, enc_data, enc_data_len, data, data_len);
}
@@ -899,7 +921,8 @@
CK_OBJECT_HANDLE key)
{
g_return_val_if_fail (GCK_IS_SESSION (self), CKR_SESSION_HANDLE_INVALID);
- g_return_val_if_fail (mechanism, CKR_ARGUMENTS_BAD);
+ if (!mechanism)
+ return CKR_ARGUMENTS_BAD;
return prepare_crypto (self, mechanism, CKA_SIGN, key);
}
@@ -908,7 +931,8 @@
CK_BYTE_PTR signature, CK_ULONG_PTR signature_len)
{
g_return_val_if_fail (GCK_IS_SESSION (self), CKR_SESSION_HANDLE_INVALID);
- g_return_val_if_fail (data, CKR_ARGUMENTS_BAD);
+ if (!data || !signature_len)
+ return CKR_ARGUMENTS_BAD;
return process_crypto (self, CKA_SIGN, data, data_len, signature, signature_len);
}
@@ -948,7 +972,8 @@
CK_OBJECT_HANDLE key)
{
g_return_val_if_fail (GCK_IS_SESSION (self), CKR_SESSION_HANDLE_INVALID);
- g_return_val_if_fail (mechanism, CKR_ARGUMENTS_BAD);
+ if (!mechanism)
+ return CKR_ARGUMENTS_BAD;
return prepare_crypto (self, mechanism, CKA_VERIFY, key);
}
@@ -957,7 +982,8 @@
CK_BYTE_PTR signature, CK_ULONG signature_len)
{
g_return_val_if_fail (GCK_IS_SESSION (self), CKR_SESSION_HANDLE_INVALID);
- g_return_val_if_fail (data, CKR_ARGUMENTS_BAD);
+ if (!data || !signature)
+ return CKR_ARGUMENTS_BAD;
return process_crypto (self, CKA_VERIFY, data, data_len, signature, &signature_len);
}
Modified: trunk/pkcs11/gck/gck-util.c
==============================================================================
--- trunk/pkcs11/gck/gck-util.c (original)
+++ trunk/pkcs11/gck/gck-util.c Tue Dec 23 19:31:10 2008
@@ -70,7 +70,7 @@
gck_util_set_string (CK_ATTRIBUTE_PTR attr, const gchar* string)
{
g_return_val_if_fail (string, CKR_GENERAL_ERROR);
- return gck_util_set_data (attr, string, strlen (string));
+ return gck_util_set_data (attr, (CK_VOID_PTR)string, strlen (string));
}
CK_RV
@@ -130,6 +130,7 @@
gcry = gcry_mpi_print (GCRYMPI_FMT_USG, attr->pValue, len, &len, mpi);
g_return_val_if_fail (gcry == 0, CKR_GENERAL_ERROR);
+ attr->ulValueLen = len;
return CKR_OK;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]