From 0dd2c8bb4045f6a80bb48528b27eb8f967e474cf Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich Date: Mon, 19 Feb 2024 15:18:53 +0100 Subject: [PATCH] rpc: add support for recursive attributes Signed-off-by: Zoltan Fridrich --- common/mock.c | 87 +++++++++++++++++++- common/mock.h | 1 + p11-kit/rpc-client.c | 17 +--- p11-kit/rpc-message.c | 187 +++++++++++++++++++++++++----------------- p11-kit/rpc-message.h | 22 +++-- p11-kit/rpc-server.c | 95 +-------------------- p11-kit/test-iter.c | 75 +++++++++-------- p11-kit/test-mock.c | 46 +++++++++++ 8 files changed, 302 insertions(+), 228 deletions(-) diff --git a/common/mock.c b/common/mock.c index 146f2abd4..7318a9e05 100644 --- a/common/mock.c +++ b/common/mock.c @@ -303,6 +303,30 @@ module_reset_objects (CK_SLOT_ID slot_id) p11_dict_set (the_objects, handle_to_pointer (MOCK_PUBLIC_KEY_PREFIX), p11_attrs_dup (attrs)); } + + { + CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY; + char *label = "Public prefix key (for wrap template test)"; + char *value = "value"; + CK_MECHANISM_TYPE type = CKM_MOCK_PREFIX; + CK_BBOOL btrue = CK_TRUE; + CK_BBOOL bfalse = CK_FALSE; + CK_ATTRIBUTE wrap_template[] = { + { CKA_LOCAL, &bfalse, sizeof (bfalse) }, + }; + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_LABEL, label, strlen (label) }, + { CKA_ALLOWED_MECHANISMS, &type, sizeof (type) }, + { CKA_VERIFY, &btrue, sizeof (btrue) }, + { CKA_PRIVATE, &bfalse, sizeof (bfalse) }, + { CKA_ALWAYS_AUTHENTICATE, &btrue, sizeof (btrue) }, + { CKA_WRAP_TEMPLATE, &wrap_template, sizeof (wrap_template) }, + { CKA_VALUE, value, strlen (value) }, + { CKA_INVALID, NULL, 0 }, + }; + p11_dict_set (the_objects, handle_to_pointer (MOCK_PUBLIC_KEY_PREFIX_2), p11_attrs_dup (attrs)); + } } void @@ -1618,6 +1642,49 @@ mock_X_GetObjectSize__invalid_handle (CK_X_FUNCTION_LIST *self, return CKR_SESSION_HANDLE_INVALID; } +static CK_RV +get_recursive_attribute_value (CK_ATTRIBUTE_PTR dest, + CK_ATTRIBUTE_PTR src, + CK_ULONG count) +{ + CK_RV rv, ret = CKR_OK; + CK_ULONG i; + CK_ATTRIBUTE *result, *attr; + + for (i = 0; i < count; ++i) { + result = dest + i; + attr = src + i; + + if (result->pValue == NULL) { + result->ulValueLen = attr->ulValueLen; + continue; + } + + if (result->ulValueLen < attr->ulValueLen) { + result->ulValueLen = (CK_ULONG)-1; + ret = CKR_BUFFER_TOO_SMALL; + continue; + } + + if (IS_ATTRIBUTE_ARRAY (attr)) { + rv = get_recursive_attribute_value (result->pValue, + attr->pValue, attr->ulValueLen / sizeof (CK_ATTRIBUTE)); + if (rv != CKR_OK) { + result->ulValueLen = (CK_ULONG)-1; + ret = rv; + continue; + } + result->ulValueLen = attr->ulValueLen; + continue; + } + + memcpy (result->pValue, attr->pValue, attr->ulValueLen); + result->ulValueLen = attr->ulValueLen; + } + + return ret; +} + CK_RV mock_C_GetAttributeValue (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, @@ -1654,14 +1721,26 @@ mock_C_GetAttributeValue (CK_SESSION_HANDLE session, continue; } - if (result->ulValueLen >= attr->ulValueLen) { - memcpy (result->pValue, attr->pValue, attr->ulValueLen); + if (result->ulValueLen < attr->ulValueLen) { + result->ulValueLen = (CK_ULONG)-1; + ret = CKR_BUFFER_TOO_SMALL; + continue; + } + + if (IS_ATTRIBUTE_ARRAY (attr)) { + rv = get_recursive_attribute_value (result->pValue, + attr->pValue, attr->ulValueLen / sizeof (CK_ATTRIBUTE)); + if (rv != CKR_OK) { + result->ulValueLen = (CK_ULONG)-1; + ret = rv; + continue; + } result->ulValueLen = attr->ulValueLen; continue; } - result->ulValueLen = (CK_ULONG)-1; - ret = CKR_BUFFER_TOO_SMALL; + memcpy (result->pValue, attr->pValue, attr->ulValueLen); + result->ulValueLen = attr->ulValueLen; } return ret; diff --git a/common/mock.h b/common/mock.h index 11a9f9bbb..fdf4b2d84 100644 --- a/common/mock.h +++ b/common/mock.h @@ -47,6 +47,7 @@ enum { MOCK_PUBLIC_KEY_PREFIX = 6, MOCK_PROFILE_OBJECT = 7, MOCK_CERTIFICATE_OBJECT = 8, + MOCK_PUBLIC_KEY_PREFIX_2 = 9, /* * CKM_MOCK_CAPITALIZE (encrypt/decrypt) diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c index 19b628b1a..df5a35db6 100644 --- a/p11-kit/rpc-client.c +++ b/p11-kit/rpc-client.c @@ -240,16 +240,11 @@ proto_read_attribute_array (p11_rpc_message *msg, CK_ATTRIBUTE temp; memset (&temp, 0, sizeof (temp)); - if (!p11_rpc_buffer_get_attribute (msg->input, &offset, &temp)) { + if (!p11_rpc_message_get_attribute (msg, msg->input, &offset, &temp)) { msg->parsed = offset; return PARSE_ERROR; } - if (IS_ATTRIBUTE_ARRAY (&temp)) { - p11_debug("recursive attribute array is not supported"); - return PARSE_ERROR; - } - /* Try and stuff it in the output data */ if (arr) { CK_ATTRIBUTE *attr = &(arr[i]); @@ -273,7 +268,7 @@ proto_read_attribute_array (p11_rpc_message *msg, /* Wants attribute data, enough space */ } else { size_t offset2 = msg->parsed; - if (!p11_rpc_buffer_get_attribute (msg->input, &offset2, attr)) { + if (!p11_rpc_message_get_attribute (NULL, msg->input, &offset2, attr)) { msg->parsed = offset2; return PARSE_ERROR; } @@ -627,12 +622,6 @@ proto_read_sesssion_info (p11_rpc_message *msg, if (!p11_rpc_message_write_ulong_array (&_msg, arr, len)) \ { _ret = CKR_HOST_MEMORY; goto _cleanup; } -#define IN_ATTRIBUTE_BUFFER(arr, num) \ - if (num != 0 && arr == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ - if (!p11_rpc_message_write_attribute_buffer (&_msg, (arr), (num))) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - #define IN_ATTRIBUTE_ARRAY(arr, num) \ if (num != 0 && arr == NULL) \ { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ @@ -1262,7 +1251,7 @@ rpc_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, BEGIN_CALL_OR (C_GetAttributeValue, self, CKR_SESSION_HANDLE_INVALID); IN_ULONG (session); IN_ULONG (object); - IN_ATTRIBUTE_BUFFER (template, count); + IN_ATTRIBUTE_ARRAY (template, count); PROCESS_CALL; OUT_ATTRIBUTE_ARRAY (template, count); END_CALL; diff --git a/p11-kit/rpc-message.c b/p11-kit/rpc-message.c index 09d7f33da..807c24624 100644 --- a/p11-kit/rpc-message.c +++ b/p11-kit/rpc-message.c @@ -243,37 +243,6 @@ p11_rpc_message_verify_part (p11_rpc_message *msg, return ok; } -bool -p11_rpc_message_write_attribute_buffer (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num) -{ - CK_ATTRIBUTE_PTR attr; - CK_ULONG i; - - assert (num == 0 || arr != NULL); - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fA")); - - /* Write the number of items */ - p11_rpc_buffer_add_uint32 (msg->output, num); - - for (i = 0; i < num; ++i) { - attr = &(arr[i]); - - /* The attribute type */ - p11_rpc_buffer_add_uint32 (msg->output, attr->type); - - /* And the attribute buffer length */ - p11_rpc_buffer_add_uint32 (msg->output, attr->pValue ? attr->ulValueLen : 0); - } - - return !p11_buffer_failed (msg->output); -} - bool p11_rpc_message_write_attribute_array (p11_rpc_message *msg, CK_ATTRIBUTE_PTR arr, @@ -903,19 +872,95 @@ map_attribute_to_value_type (CK_ATTRIBUTE_TYPE type) } } +static bool +p11_rpc_message_get_byte_value (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + return p11_rpc_buffer_get_byte_value (buffer, offset, value, value_length); +} + +static bool +p11_rpc_message_get_ulong_value (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + return p11_rpc_buffer_get_ulong_value (buffer, offset, value, value_length); +} + +static bool +p11_rpc_message_get_attribute_array_value (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + uint32_t count, i; + CK_ATTRIBUTE *attr = value; + + if (!p11_rpc_buffer_get_uint32 (buffer, offset, &count)) + return false; + + if (value_length != NULL) + *value_length = count * sizeof (CK_ATTRIBUTE); + + if (value == NULL) + return true; + + for (i = 0; i < count; ++i) + if (!p11_rpc_message_get_attribute (msg, buffer, offset, attr + i)) + return false; + + return true; +} + +static bool +p11_rpc_message_get_mechanism_type_array_value (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + return p11_rpc_buffer_get_mechanism_type_array_value (buffer, offset, value, value_length); +} + +static bool +p11_rpc_message_get_date_value (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + return p11_rpc_buffer_get_date_value (buffer, offset, value, value_length); +} + +static bool +p11_rpc_message_get_byte_array_value (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + return p11_rpc_buffer_get_byte_array_value (buffer, offset, value, value_length); +} + typedef struct { p11_rpc_value_type type; p11_rpc_value_encoder encode; - p11_rpc_value_decoder decode; + p11_rpc_message_decoder decode; } p11_rpc_attribute_serializer; static p11_rpc_attribute_serializer p11_rpc_attribute_serializers[] = { - { P11_RPC_VALUE_BYTE, p11_rpc_buffer_add_byte_value, p11_rpc_buffer_get_byte_value }, - { P11_RPC_VALUE_ULONG, p11_rpc_buffer_add_ulong_value, p11_rpc_buffer_get_ulong_value }, - { P11_RPC_VALUE_ATTRIBUTE_ARRAY, p11_rpc_buffer_add_attribute_array_value, p11_rpc_buffer_get_attribute_array_value }, - { P11_RPC_VALUE_MECHANISM_TYPE_ARRAY, p11_rpc_buffer_add_mechanism_type_array_value, p11_rpc_buffer_get_mechanism_type_array_value }, - { P11_RPC_VALUE_DATE, p11_rpc_buffer_add_date_value, p11_rpc_buffer_get_date_value }, - { P11_RPC_VALUE_BYTE_ARRAY, p11_rpc_buffer_add_byte_array_value, p11_rpc_buffer_get_byte_array_value } + { P11_RPC_VALUE_BYTE, p11_rpc_buffer_add_byte_value, p11_rpc_message_get_byte_value }, + { P11_RPC_VALUE_ULONG, p11_rpc_buffer_add_ulong_value, p11_rpc_message_get_ulong_value }, + { P11_RPC_VALUE_ATTRIBUTE_ARRAY, p11_rpc_buffer_add_attribute_array_value, p11_rpc_message_get_attribute_array_value }, + { P11_RPC_VALUE_MECHANISM_TYPE_ARRAY, p11_rpc_buffer_add_mechanism_type_array_value, p11_rpc_message_get_mechanism_type_array_value }, + { P11_RPC_VALUE_DATE, p11_rpc_buffer_add_date_value, p11_rpc_message_get_date_value }, + { P11_RPC_VALUE_BYTE_ARRAY, p11_rpc_buffer_add_byte_array_value, p11_rpc_message_get_byte_array_value } }; P11_STATIC_ASSERT(sizeof(CK_BYTE) <= sizeof(uint8_t)); @@ -977,6 +1022,12 @@ p11_rpc_buffer_add_attribute_array_value (p11_buffer *buffer, return; } + /* When value is NULL, write an empty attribute array */ + if (attrs == NULL) { + p11_rpc_buffer_add_uint32 (buffer, 0); + return; + } + /* Write the number of items */ p11_rpc_buffer_add_uint32 (buffer, count); @@ -1144,29 +1195,7 @@ p11_rpc_buffer_get_attribute_array_value (p11_buffer *buffer, void *value, CK_ULONG *value_length) { - uint32_t count, i; - CK_ATTRIBUTE *attr, temp; - - if (!p11_rpc_buffer_get_uint32 (buffer, offset, &count)) - return false; - - if (!value) { - memset (&temp, 0, sizeof (CK_ATTRIBUTE)); - attr = &temp; - } else - attr = value; - - for (i = 0; i < count; i++) { - if (!p11_rpc_buffer_get_attribute (buffer, offset, attr)) - return false; - if (value) - attr++; - } - - if (value_length) - *value_length = count * sizeof (CK_ATTRIBUTE); - - return true; + return p11_rpc_message_get_attribute_array_value (NULL, buffer, offset, value, value_length); } bool @@ -1252,11 +1281,13 @@ p11_rpc_buffer_get_byte_array_value (p11_buffer *buffer, } bool -p11_rpc_buffer_get_attribute (p11_buffer *buffer, - size_t *offset, - CK_ATTRIBUTE *attr) +p11_rpc_message_get_attribute (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + CK_ATTRIBUTE *attr) { - uint32_t type, length, decode_length; + uint32_t type, length; + CK_ULONG decode_length; unsigned char validity; p11_rpc_attribute_serializer *serializer; p11_rpc_value_type value_type; @@ -1279,21 +1310,31 @@ p11_rpc_buffer_get_attribute (p11_buffer *buffer, if (!p11_rpc_buffer_get_uint32 (buffer, offset, &length)) return false; + if (length == 0) { + attr->type = type; + attr->pValue = NULL; + attr->ulValueLen = 0; + return true; + } + + /* Allocate memory for the attribute value */ + if (msg != NULL) { + attr->pValue = p11_rpc_message_alloc_extra (msg, length); + if (attr->pValue == NULL) + return false; + } + /* Decode the attribute value */ value_type = map_attribute_to_value_type (type); assert (value_type < ELEMS (p11_rpc_attribute_serializers)); serializer = &p11_rpc_attribute_serializers[value_type]; assert (serializer != NULL); - if (!serializer->decode (buffer, offset, attr->pValue, &attr->ulValueLen)) + if (!serializer->decode (msg, buffer, offset, attr->pValue, &decode_length)) + return false; + if (attr->pValue == NULL && decode_length > length) return false; - if (!attr->pValue) { - decode_length = attr->ulValueLen; - attr->ulValueLen = length; - if (decode_length > length) { - return false; - } - } attr->type = type; + attr->ulValueLen = length; return true; } diff --git a/p11-kit/rpc-message.h b/p11-kit/rpc-message.h index f171fc4fe..6272f6cc5 100644 --- a/p11-kit/rpc-message.h +++ b/p11-kit/rpc-message.h @@ -186,7 +186,7 @@ static const p11_rpc_call p11_rpc_calls[] = { { P11_RPC_CALL_C_CopyObject, "C_CopyObject", "uuaA", "u" }, { P11_RPC_CALL_C_DestroyObject, "C_DestroyObject", "uu", "" }, { P11_RPC_CALL_C_GetObjectSize, "C_GetObjectSize", "uu", "u" }, - { P11_RPC_CALL_C_GetAttributeValue, "C_GetAttributeValue", "uufA", "aAu" }, + { P11_RPC_CALL_C_GetAttributeValue, "C_GetAttributeValue", "uuaA", "aAu" }, { P11_RPC_CALL_C_SetAttributeValue, "C_SetAttributeValue", "uuaA", "" }, { P11_RPC_CALL_C_FindObjectsInit, "C_FindObjectsInit", "uaA", "" }, { P11_RPC_CALL_C_FindObjects, "C_FindObjects", "ufu", "au" }, @@ -276,9 +276,6 @@ typedef enum _p11_rpc_value_type { P11_RPC_VALUE_BYTE_ARRAY } p11_rpc_value_type; -typedef void (*p11_rpc_value_encoder) (p11_buffer *, const void *, CK_ULONG); -typedef bool (*p11_rpc_value_decoder) (p11_buffer *, size_t *, void *, CK_ULONG *); - typedef enum _p11_rpc_message_type { P11_RPC_REQUEST = 1, P11_RPC_RESPONSE @@ -295,6 +292,10 @@ typedef struct { void *extra; } p11_rpc_message; +typedef void (*p11_rpc_value_encoder) (p11_buffer *, const void *, CK_ULONG); +typedef bool (*p11_rpc_value_decoder) (p11_buffer *, size_t *, void *, CK_ULONG *); +typedef bool (*p11_rpc_message_decoder) (p11_rpc_message *msg, p11_buffer *, size_t *, void *, CK_ULONG *); + void p11_rpc_message_init (p11_rpc_message *msg, p11_buffer *input, p11_buffer *output); @@ -347,10 +348,6 @@ bool p11_rpc_message_write_ulong_array (p11_rpc_message *msg, CK_ULONG_PTR arr, CK_ULONG num); -bool p11_rpc_message_write_attribute_buffer (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num); - bool p11_rpc_message_write_attribute_array (p11_rpc_message *msg, CK_ATTRIBUTE_PTR arr, CK_ULONG num); @@ -371,6 +368,11 @@ bool p11_rpc_message_read_space_string (p11_rpc_message *msg, bool p11_rpc_message_read_version (p11_rpc_message *msg, CK_VERSION* version); +bool p11_rpc_message_get_attribute (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + CK_ATTRIBUTE *attr); + p11_buffer * p11_rpc_buffer_new (size_t reserve); p11_buffer * p11_rpc_buffer_new_full (size_t reserve, @@ -437,10 +439,6 @@ bool p11_rpc_buffer_get_uint64 (p11_buffer *buf, void p11_rpc_buffer_add_attribute (p11_buffer *buffer, const CK_ATTRIBUTE *attr); -bool p11_rpc_buffer_get_attribute (p11_buffer *buffer, - size_t *offset, - CK_ATTRIBUTE *attr); - void p11_rpc_buffer_add_byte_value (p11_buffer *buffer, const void *value, CK_ULONG value_length); diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c index b4cbcd09f..3851e0d1a 100644 --- a/p11-kit/rpc-server.c +++ b/p11-kit/rpc-server.c @@ -246,61 +246,6 @@ proto_write_ulong_array (p11_rpc_message *msg, return CKR_OK; } -static CK_RV -proto_read_attribute_buffer (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR *result, - CK_ULONG *n_result) -{ - CK_ATTRIBUTE_PTR attrs; - uint32_t n_attrs, i; - uint32_t value; - - assert (msg != NULL); - assert (result != NULL); - assert (n_result != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fA")); - - /* Read the number of attributes */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &n_attrs)) - return PARSE_ERROR; - - /* Allocate memory for the attribute structures */ - attrs = p11_rpc_message_alloc_extra_array (msg, n_attrs, sizeof (CK_ATTRIBUTE)); - if (attrs == NULL) - return CKR_DEVICE_MEMORY; - - /* Now go through and fill in each one */ - for (i = 0; i < n_attrs; ++i) { - - /* The attribute type */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value)) - return PARSE_ERROR; - - attrs[i].type = value; - - /* The number of bytes to allocate */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value)) - return PARSE_ERROR; - - if (value == 0) { - attrs[i].pValue = NULL; - attrs[i].ulValueLen = 0; - } else { - attrs[i].pValue = p11_rpc_message_alloc_extra (msg, value); - if (!attrs[i].pValue) - return CKR_DEVICE_MEMORY; - attrs[i].ulValueLen = value; - } - } - - *result = attrs; - *n_result = n_attrs; - return CKR_OK; -} - static CK_RV proto_read_attribute_array (p11_rpc_message *msg, CK_ATTRIBUTE_PTR *result, @@ -327,39 +272,9 @@ proto_read_attribute_array (p11_rpc_message *msg, return CKR_DEVICE_MEMORY; /* Now go through and fill in each one */ - for (i = 0; i < n_attrs; ++i) { - size_t offset = msg->parsed; - CK_ATTRIBUTE temp; - - /* Check the length needed to store the value */ - memset (&temp, 0, sizeof (temp)); - if (!p11_rpc_buffer_get_attribute (msg->input, &offset, &temp)) { - msg->parsed = offset; + for (i = 0; i < n_attrs; ++i) + if (!p11_rpc_message_get_attribute (msg, msg->input, &msg->parsed, &attrs[i])) return PARSE_ERROR; - } - - if (IS_ATTRIBUTE_ARRAY (&temp)) { - p11_debug("recursive attribute array is not supported"); - return PARSE_ERROR; - } - - attrs[i].type = temp.type; - - /* Whether this one is valid or not */ - if (temp.ulValueLen != ((CK_ULONG)-1)) { - size_t offset2 = msg->parsed; - attrs[i].pValue = p11_rpc_message_alloc_extra (msg, temp.ulValueLen); - if (!p11_rpc_buffer_get_attribute (msg->input, &offset2, &attrs[i])) { - msg->parsed = offset2; - return PARSE_ERROR; - } - } else { - attrs[i].pValue = NULL; - attrs[i].ulValueLen = -1; - } - - msg->parsed = offset; - } *result = attrs; *n_result = n_attrs; @@ -686,10 +601,6 @@ call_ready (p11_rpc_message *msg) _ret = proto_read_ulong_buffer (msg, &buffer, &buffer_len); \ if (_ret != CKR_OK) goto _cleanup; -#define IN_ATTRIBUTE_BUFFER(buffer, buffer_len) \ - _ret = proto_read_attribute_buffer (msg, &buffer, &buffer_len); \ - if (_ret != CKR_OK) goto _cleanup; - #define IN_ATTRIBUTE_ARRAY(attrs, n_attrs) \ _ret = proto_read_attribute_array (msg, &attrs, &n_attrs); \ if (_ret != CKR_OK) goto _cleanup; @@ -1175,7 +1086,7 @@ rpc_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, BEGIN_CALL (GetAttributeValue); IN_ULONG (session); IN_ULONG (object); - IN_ATTRIBUTE_BUFFER (template, count); + IN_ATTRIBUTE_ARRAY (template, count); PROCESS_CALL ((self, session, object, template, count)); OUT_ATTRIBUTE_ARRAY (template, count); END_CALL; diff --git a/p11-kit/test-iter.c b/p11-kit/test-iter.c index 98f7a1aae..3a3824b03 100644 --- a/p11-kit/test-iter.c +++ b/p11-kit/test-iter.c @@ -128,8 +128,8 @@ test_all (void) assert (rv == CKR_CANCEL); - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, at); + /* Three modules, each with 1 slot, and 4 public objects */ + assert_num_eq (12, at); assert (has_handle (objects, at, MOCK_DATA_OBJECT)); assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); @@ -309,8 +309,8 @@ test_with_session (void) assert (rv == CKR_CANCEL); - /* 1 modules, each with 1 slot, and 3 public objects */ - assert_num_eq (3, at); + /* 1 modules, each with 1 slot, and 4 public objects */ + assert_num_eq (4, at); assert (has_handle (objects, at, MOCK_DATA_OBJECT)); assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); @@ -361,8 +361,8 @@ test_with_slot (void) assert (rv == CKR_CANCEL); - /* 1 modules, each with 1 slot, and 3 public objects */ - assert_num_eq (3, at); + /* 1 modules, each with 1 slot, and 4 public objects */ + assert_num_eq (4, at); assert (has_handle (objects, at, MOCK_DATA_OBJECT)); assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); @@ -405,8 +405,8 @@ test_with_module (void) assert (rv == CKR_CANCEL); - /* 1 modules, each with 1 slot, and 3 public objects */ - assert_num_eq (3, at); + /* 1 modules, each with 1 slot, and 4 public objects */ + assert_num_eq (4, at); assert (has_handle (objects, at, MOCK_DATA_OBJECT)); assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); @@ -512,8 +512,8 @@ test_uri_with_type (void) assert (rv == CKR_CANCEL); - /* Three modules, each with 1 slot, and 2 public keys */ - assert_num_eq (6, at); + /* Three modules, each with 1 slot, and 3 public keys */ + assert_num_eq (9, at); assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); @@ -586,8 +586,8 @@ test_filter (void) assert (rv == CKR_CANCEL); - /* Three modules, each with 1 slot, and 2 public keys */ - assert_num_eq (6, at); + /* Three modules, each with 1 slot, and 3 public keys */ + assert_num_eq (9, at); assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); @@ -595,6 +595,7 @@ test_filter (void) assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); assert (!has_handle (objects, at, MOCK_PROFILE_OBJECT)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX_2)); p11_kit_iter_free (iter); @@ -663,8 +664,8 @@ test_module_match (void) assert (rv == CKR_CANCEL); - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, count); + /* Three modules, each with 1 slot, and 4 public objects */ + assert_num_eq (12, count); p11_kit_iter_free (iter); @@ -771,8 +772,8 @@ test_slot_match (void) assert (rv == CKR_CANCEL); - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, count); + /* Three modules, each with 1 slot, and 4 public objects */ + assert_num_eq (12, count); p11_kit_iter_free (iter); @@ -883,8 +884,8 @@ test_slot_match_by_id (void) assert (rv == CKR_CANCEL); - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, count); + /* Three modules, each with 1 slot, and 4 public objects */ + assert_num_eq (12, count); p11_kit_iter_free (iter); @@ -987,7 +988,7 @@ iter_token_match (const char *string, assert (rv == CKR_CANCEL); - /* Three modules, each with 1 slot, and 3 public objects */ + /* Three modules, each with 1 slot, and 4 public objects */ assert_num_eq (expected_count, count); p11_kit_iter_free (iter); @@ -998,8 +999,8 @@ iter_token_match (const char *string, static void test_token_match (void) { - /* Three modules, each with 1 slot, and 3 public objects */ - iter_token_match ("pkcs11:manufacturer=TEST%20MANUFACTURER", 0, 9); + /* Three modules, each with 1 slot, and 4 public objects */ + iter_token_match ("pkcs11:manufacturer=TEST%20MANUFACTURER", 0, 12); } static P11KitPin * @@ -1025,10 +1026,10 @@ test_token_match_with_login (void) p11_kit_pin_register_callback ("my-pin-source", login_callback, &called, NULL); - /* Three modules, each with 1 slot, 3 public and 2 private objects */ + /* Three modules, each with 1 slot, 4 public and 2 private objects */ iter_token_match ("pkcs11:manufacturer=TEST%20MANUFACTURER" "?pin-source=my-pin-source", - P11_KIT_ITER_WITH_LOGIN, 15); + P11_KIT_ITER_WITH_LOGIN, 18); assert_num_eq (3, called); @@ -1115,8 +1116,8 @@ iter_token_only (const char *string, static void test_token_only (void) { - /* Three modules, each with 1 slot, and 3 public objects */ - iter_token_only ("pkcs11:manufacturer=TEST%20MANUFACTURER", 0, 3); + /* Three modules, each with 1 slot, and 4 public objects */ + iter_token_only ("pkcs11:manufacturer=TEST%20MANUFACTURER", 0, 4); } static void @@ -1127,10 +1128,10 @@ test_token_only_with_login (void) p11_kit_pin_register_callback ("my-pin-source", login_callback, &called, NULL); - /* Three modules, each with 1 slot, and 3 public objects */ + /* Three modules, each with 1 slot, and 4 public objects */ iter_token_only ("pkcs11:manufacturer=TEST%20MANUFACTURER" "?pin-source=my-pin-source", - P11_KIT_ITER_WITH_LOGIN, 3); + P11_KIT_ITER_WITH_LOGIN, 4); assert_num_eq (3, called); @@ -1380,6 +1381,10 @@ test_get_attributes (void) assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1)); break; + case MOCK_PUBLIC_KEY_PREFIX_2: + assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); + assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key (for wrap template test)", -1)); + break; default: assert_fail ("Unknown object matched", NULL); break; @@ -1390,8 +1395,8 @@ test_get_attributes (void) assert (rv == CKR_CANCEL); - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, at); + /* Three modules, each with 1 slot, and 4 public objects */ + assert_num_eq (12, at); p11_kit_iter_free (iter); @@ -1442,6 +1447,10 @@ test_load_attributes (void) assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1)); break; + case MOCK_PUBLIC_KEY_PREFIX_2: + assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); + assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key (for wrap template test)", -1)); + break; default: assert_fail ("Unknown object matched", NULL); break; @@ -1454,8 +1463,8 @@ test_load_attributes (void) assert (rv == CKR_CANCEL); - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, at); + /* Three modules, each with 1 slot, and 4 public objects */ + assert_num_eq (12, at); p11_kit_iter_free (iter); @@ -1661,7 +1670,7 @@ test_destroy_object (void) /* Test all combinations of P11_KIT_ITER_WITH_{TOKENS,SLOTS,MODULES} * and P11_KIT_ITER_WITHOUT_OBJECTS, against three modules, each - * with 1 slot, and 3 public objects */ + * with 1 slot, and 4 public objects */ static void test_exhaustive_match (void) { @@ -1669,7 +1678,7 @@ test_exhaustive_match (void) P11KitIter *iter; CK_RV rv; int counts[] = { - 9, 12, 12, 15, 12, 15, 15, 18, 0, 3, 3, 6, 3, 6, 6, 9 + 12, 15, 15, 18, 15, 18, 18, 21, 0, 3, 3, 6, 3, 6, 6, 9 }; int count; int i; diff --git a/p11-kit/test-mock.c b/p11-kit/test-mock.c index 374385fef..db5ffcbfe 100644 --- a/p11-kit/test-mock.c +++ b/p11-kit/test-mock.c @@ -606,6 +606,51 @@ test_set_attribute_value (void) teardown_mock_module (module); } +static void +test_wrap_template (void) +{ + CK_RV rv; + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_BBOOL local = CK_TRUE; + CK_ATTRIBUTE temp[] = { + { CKA_LOCAL, &local, sizeof (local) }, + }; + CK_ATTRIBUTE attrs[] = { + { CKA_WRAP_TEMPLATE, &temp, sizeof (temp) }, + }; + CK_ULONG n_attrs = sizeof (attrs) / sizeof (attrs[0]); + + module = setup_mock_module (&session); + + rv = (module->C_SetAttributeValue) (session, MOCK_PUBLIC_KEY_PREFIX_2, attrs, n_attrs); + assert (rv == CKR_OK); + + attrs[0].pValue = NULL; + attrs[0].ulValueLen = 0; + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_PREFIX_2, attrs, n_attrs); + assert (rv == CKR_OK); + assert_num_eq (attrs[0].type, CKA_WRAP_TEMPLATE); + assert_ptr_eq (attrs[0].pValue, NULL); + assert_num_eq (attrs[0].ulValueLen, sizeof (temp)); + + local = CK_FALSE; + attrs[0].pValue = &temp; + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_PREFIX_2, attrs, n_attrs); + assert (rv == CKR_OK); + assert_num_eq (attrs[0].type, CKA_WRAP_TEMPLATE); + assert_ptr_eq (attrs[0].pValue, &temp); + assert_num_eq (attrs[0].ulValueLen, sizeof (temp)); + assert_num_eq (temp[0].type, CKA_LOCAL); + assert_ptr_eq (temp[0].pValue, &local); + assert_num_eq (temp[0].ulValueLen, sizeof (local)); + assert (local == CK_TRUE); + + teardown_mock_module (module); +} + static void test_create_object (void) { @@ -2581,6 +2626,7 @@ test_mock_add_tests (const char *prefix, const CK_VERSION *version) p11_test (test_login_logout, "%s/test_login_logout", prefix); p11_test (test_get_attribute_value, "%s/test_get_attribute_value", prefix); p11_test (test_set_attribute_value, "%s/test_set_attribute_value", prefix); + p11_test (test_wrap_template, "%s/test_wrap_template", prefix); p11_test (test_create_object, "%s/test_create_object", prefix); p11_test (test_create_object_private, "%s/test_create_object_private", prefix); p11_test (test_copy_object, "%s/test_copy_object", prefix);