From 8ff4bf06eae474051aa1704367325cc7e7c69422 Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich Date: Mon, 19 Feb 2024 15:18:53 +0100 Subject: [PATCH] rpc: add support for recursive attributes Signed-off-by: Zoltan Fridrich --- common/attrs.c | 4 +- common/mock.c | 72 +++++++++++++++- common/persist.c | 7 ++ p11-kit/iter.c | 58 ++++++++++++- p11-kit/rpc-client.c | 7 +- p11-kit/rpc-message.c | 193 ++++++++++++++++++++++++++++++------------ p11-kit/rpc-message.h | 12 ++- p11-kit/rpc-server.c | 75 +++++++--------- p11-kit/test-mock.c | 131 ++++++++++++++++++++++++++++ 9 files changed, 447 insertions(+), 112 deletions(-) diff --git a/common/attrs.c b/common/attrs.c index 21cf411b9..cbe09531a 100644 --- a/common/attrs.c +++ b/common/attrs.c @@ -141,12 +141,12 @@ attrs_build (CK_ATTRIBUTE *attrs, /* The attribute exists and we're not overriding */ } else if (!override) { if (take_values) - free (add->pValue); + p11_attr_clear (add); continue; /* The attribute exists but we're overriding */ } else { - free (attr->pValue); + p11_attr_clear (attr); } if (take_values) { diff --git a/common/mock.c b/common/mock.c index 146f2abd4..29f9d6b3d 100644 --- a/common/mock.c +++ b/common/mock.c @@ -286,10 +286,16 @@ module_reset_objects (CK_SLOT_ID slot_id) { CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY; char *label = "Public prefix key"; + char *wrapped_label = "Wrapped label"; char *value = "value"; CK_MECHANISM_TYPE type = CKM_MOCK_PREFIX; CK_BBOOL btrue = CK_TRUE; CK_BBOOL bfalse = CK_FALSE; + CK_ATTRIBUTE wrap_template[] = { + { CKA_LABEL, wrapped_label, strlen (wrapped_label) }, + { CKA_VERIFY, &btrue, sizeof (btrue) }, + { CKA_ENCRYPT, &btrue, sizeof (btrue) }, + }; CK_ATTRIBUTE attrs[] = { { CKA_CLASS, &klass, sizeof (klass) }, { CKA_LABEL, label, strlen (label) }, @@ -297,6 +303,7 @@ module_reset_objects (CK_SLOT_ID slot_id) { CKA_VERIFY, &btrue, sizeof (btrue) }, { CKA_PRIVATE, &bfalse, sizeof (bfalse) }, { CKA_ALWAYS_AUTHENTICATE, &btrue, sizeof (btrue) }, + { CKA_WRAP_TEMPLATE, wrap_template, sizeof (wrap_template) }, { CKA_VALUE, value, strlen (value) }, { CKA_INVALID, NULL, 0 }, }; @@ -1618,6 +1625,51 @@ mock_X_GetObjectSize__invalid_handle (CK_X_FUNCTION_LIST *self, return CKR_SESSION_HANDLE_INVALID; } +static CK_RV +get_recursive_attribute_value (CK_ATTRIBUTE_PTR dst, + CK_ATTRIBUTE_PTR src, + CK_ULONG count) +{ + CK_RV rv, ret = CKR_OK; + CK_ULONG i; + CK_ATTRIBUTE *result, *attr; + + for (i = 0; i < count; ++i) { + result = dst + i; + attr = src + i; + + result->type = attr->type; + + if (result->pValue == NULL) { + result->ulValueLen = attr->ulValueLen; + continue; + } + + if (result->ulValueLen < attr->ulValueLen) { + result->ulValueLen = (CK_ULONG)-1; + ret = CKR_BUFFER_TOO_SMALL; + continue; + } + + if (IS_ATTRIBUTE_ARRAY (attr)) { + rv = get_recursive_attribute_value (result->pValue, + attr->pValue, attr->ulValueLen / sizeof (CK_ATTRIBUTE)); + if (rv != CKR_OK) { + result->ulValueLen = (CK_ULONG)-1; + ret = rv; + continue; + } + result->ulValueLen = attr->ulValueLen; + continue; + } + + memcpy (result->pValue, attr->pValue, attr->ulValueLen); + result->ulValueLen = attr->ulValueLen; + } + + return ret; +} + CK_RV mock_C_GetAttributeValue (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, @@ -1654,14 +1706,26 @@ mock_C_GetAttributeValue (CK_SESSION_HANDLE session, continue; } - if (result->ulValueLen >= attr->ulValueLen) { - memcpy (result->pValue, attr->pValue, attr->ulValueLen); + if (result->ulValueLen < attr->ulValueLen) { + result->ulValueLen = (CK_ULONG)-1; + ret = CKR_BUFFER_TOO_SMALL; + continue; + } + + if (IS_ATTRIBUTE_ARRAY (attr)) { + rv = get_recursive_attribute_value (result->pValue, + attr->pValue, attr->ulValueLen / sizeof (CK_ATTRIBUTE)); + if (rv != CKR_OK) { + result->ulValueLen = (CK_ULONG)-1; + ret = rv; + continue; + } result->ulValueLen = attr->ulValueLen; continue; } - result->ulValueLen = (CK_ULONG)-1; - ret = CKR_BUFFER_TOO_SMALL; + memcpy (result->pValue, attr->pValue, attr->ulValueLen); + result->ulValueLen = attr->ulValueLen; } return ret; diff --git a/common/persist.c b/common/persist.c index 5107a02fa..a1202e0a5 100644 --- a/common/persist.c +++ b/common/persist.c @@ -562,6 +562,13 @@ field_to_attribute (p11_persist *persist, return false; } + /* Ignore recursive attributes */ + if (IS_ATTRIBUTE_ARRAY (&attr)) { + free (attr.pValue); + attr.pValue = NULL; + attr.ulValueLen = 0; + } + *attrs = p11_attrs_take (*attrs, attr.type, attr.pValue, attr.ulValueLen); return true; diff --git a/p11-kit/iter.c b/p11-kit/iter.c index 48a0e80c3..d423b06e1 100644 --- a/p11-kit/iter.c +++ b/p11-kit/iter.c @@ -1012,6 +1012,52 @@ p11_kit_iter_get_attributes (P11KitIter *iter, templ, count); } +static CK_RV +prepare_recursive_attribute (P11KitIter *iter, + CK_ATTRIBUTE *attr, + CK_ATTRIBUTE *templ, + CK_ULONG templ_len) +{ + CK_RV rv; + CK_ULONG i; + + return_val_if_fail (iter != NULL, CKR_GENERAL_ERROR); + return_val_if_fail (attr != NULL, CKR_GENERAL_ERROR); + return_val_if_fail (templ != NULL, CKR_GENERAL_ERROR); + return_val_if_fail (templ_len != 0, CKR_GENERAL_ERROR); + return_val_if_fail (IS_ATTRIBUTE_ARRAY (attr), CKR_GENERAL_ERROR); + + memset (templ, 0, templ_len); + rv = (iter->module->C_GetAttributeValue) (iter->session, iter->object, attr, 1); + + switch (rv) { + case CKR_OK: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_SENSITIVE: + break; + default: + return_val_if_fail (rv != CKR_BUFFER_TOO_SMALL, rv); + return rv; + } + + for (i = 0; i < templ_len / sizeof (CK_ATTRIBUTE); ++i) { + return_val_if_fail (templ[i].type != CKA_INVALID, CKR_GENERAL_ERROR); + return_val_if_fail (templ[i].ulValueLen != 0, CKR_GENERAL_ERROR); + return_val_if_fail (templ[i].ulValueLen != (CK_ULONG)-1, CKR_GENERAL_ERROR); + + templ[i].pValue = malloc (templ[i].ulValueLen); + return_val_if_fail (templ[i].pValue != NULL, CKR_HOST_MEMORY); + + if (IS_ATTRIBUTE_ARRAY (attr)) { + rv = prepare_recursive_attribute (iter, attr, templ[i].pValue, + templ[i].ulValueLen); + return_val_if_fail (rv == CKR_OK, rv); + } + } + + return CKR_OK; +} + /** * p11_kit_iter_load_attributes: * @iter: the iterator @@ -1081,7 +1127,7 @@ p11_kit_iter_load_attributes (P11KitIter *iter, for (i = 0; i < count; i++) { if (templ[i].ulValueLen == (CK_ULONG)-1 || templ[i].ulValueLen == 0) { - free (original[i].pValue); + p11_attr_clear (original + i); } else if (original[i].pValue != NULL && templ[i].ulValueLen == original[i].ulValueLen) { @@ -1090,6 +1136,16 @@ p11_kit_iter_load_attributes (P11KitIter *iter, } else { templ[i].pValue = realloc (original[i].pValue, templ[i].ulValueLen); return_val_if_fail (templ[i].pValue != NULL, CKR_HOST_MEMORY); + + if (IS_ATTRIBUTE_ARRAY (templ + i)) { + rv = prepare_recursive_attribute (iter, templ + i, + templ[i].pValue, + templ[i].ulValueLen); + if (rv != CKR_OK) { + free (original); + return rv; + } + } } } diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c index 82aaf2bd7..b335d915d 100644 --- a/p11-kit/rpc-client.c +++ b/p11-kit/rpc-client.c @@ -240,16 +240,11 @@ proto_read_attribute_array (p11_rpc_message *msg, CK_ATTRIBUTE temp; memset (&temp, 0, sizeof (temp)); - if (!p11_rpc_buffer_get_attribute (msg->input, &offset, &temp)) { + if (!p11_rpc_message_get_attribute (msg, msg->input, &offset, &temp)) { msg->parsed = offset; return PARSE_ERROR; } - if (IS_ATTRIBUTE_ARRAY (&temp)) { - p11_debug("recursive attribute array is not supported"); - return PARSE_ERROR; - } - /* Try and stuff it in the output data */ if (arr) { CK_ATTRIBUTE *attr = &(arr[i]); diff --git a/p11-kit/rpc-message.c b/p11-kit/rpc-message.c index 09d7f33da..769c7d82e 100644 --- a/p11-kit/rpc-message.c +++ b/p11-kit/rpc-message.c @@ -36,6 +36,7 @@ #include "config.h" #define P11_DEBUG_FLAG P11_DEBUG_RPC +#include "attrs.h" #include "debug.h" #include "library.h" #include "message.h" @@ -243,34 +244,47 @@ p11_rpc_message_verify_part (p11_rpc_message *msg, return ok; } -bool -p11_rpc_message_write_attribute_buffer (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num) +static void +p11_rpc_message_write_attribute_buffer_array (p11_rpc_message *msg, + CK_ATTRIBUTE_PTR arr, + CK_ULONG num) { CK_ATTRIBUTE_PTR attr; CK_ULONG i; assert (num == 0 || arr != NULL); - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fA")); /* Write the number of items */ p11_rpc_buffer_add_uint32 (msg->output, num); for (i = 0; i < num; ++i) { - attr = &(arr[i]); + attr = arr + i; /* The attribute type */ p11_rpc_buffer_add_uint32 (msg->output, attr->type); /* And the attribute buffer length */ p11_rpc_buffer_add_uint32 (msg->output, attr->pValue ? attr->ulValueLen : 0); + + if (IS_ATTRIBUTE_ARRAY (attr)) + p11_rpc_message_write_attribute_buffer_array ( + msg, attr->pValue, + attr->ulValueLen / sizeof (CK_ATTRIBUTE)); } +} + +bool +p11_rpc_message_write_attribute_buffer (p11_rpc_message *msg, + CK_ATTRIBUTE_PTR arr, + CK_ULONG num) +{ + assert (msg != NULL); + assert (msg->output != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "fA")); + p11_rpc_message_write_attribute_buffer_array (msg, arr, num); return !p11_buffer_failed (msg->output); } @@ -903,19 +917,95 @@ map_attribute_to_value_type (CK_ATTRIBUTE_TYPE type) } } +static bool +p11_rpc_message_get_byte_value (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + return p11_rpc_buffer_get_byte_value (buffer, offset, value, value_length); +} + +static bool +p11_rpc_message_get_ulong_value (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + return p11_rpc_buffer_get_ulong_value (buffer, offset, value, value_length); +} + +static bool +p11_rpc_message_get_attribute_array_value (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + uint32_t count, i; + CK_ATTRIBUTE *attr = value; + + if (!p11_rpc_buffer_get_uint32 (buffer, offset, &count)) + return false; + + if (value_length != NULL) + *value_length = count * sizeof (CK_ATTRIBUTE); + + if (value == NULL) + return true; + + for (i = 0; i < count; ++i) + if (!p11_rpc_message_get_attribute (msg, buffer, offset, attr + i)) + return false; + + return true; +} + +static bool +p11_rpc_message_get_mechanism_type_array_value (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + return p11_rpc_buffer_get_mechanism_type_array_value (buffer, offset, value, value_length); +} + +static bool +p11_rpc_message_get_date_value (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + return p11_rpc_buffer_get_date_value (buffer, offset, value, value_length); +} + +static bool +p11_rpc_message_get_byte_array_value (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + return p11_rpc_buffer_get_byte_array_value (buffer, offset, value, value_length); +} + typedef struct { p11_rpc_value_type type; p11_rpc_value_encoder encode; - p11_rpc_value_decoder decode; + p11_rpc_message_decoder decode; } p11_rpc_attribute_serializer; static p11_rpc_attribute_serializer p11_rpc_attribute_serializers[] = { - { P11_RPC_VALUE_BYTE, p11_rpc_buffer_add_byte_value, p11_rpc_buffer_get_byte_value }, - { P11_RPC_VALUE_ULONG, p11_rpc_buffer_add_ulong_value, p11_rpc_buffer_get_ulong_value }, - { P11_RPC_VALUE_ATTRIBUTE_ARRAY, p11_rpc_buffer_add_attribute_array_value, p11_rpc_buffer_get_attribute_array_value }, - { P11_RPC_VALUE_MECHANISM_TYPE_ARRAY, p11_rpc_buffer_add_mechanism_type_array_value, p11_rpc_buffer_get_mechanism_type_array_value }, - { P11_RPC_VALUE_DATE, p11_rpc_buffer_add_date_value, p11_rpc_buffer_get_date_value }, - { P11_RPC_VALUE_BYTE_ARRAY, p11_rpc_buffer_add_byte_array_value, p11_rpc_buffer_get_byte_array_value } + { P11_RPC_VALUE_BYTE, p11_rpc_buffer_add_byte_value, p11_rpc_message_get_byte_value }, + { P11_RPC_VALUE_ULONG, p11_rpc_buffer_add_ulong_value, p11_rpc_message_get_ulong_value }, + { P11_RPC_VALUE_ATTRIBUTE_ARRAY, p11_rpc_buffer_add_attribute_array_value, p11_rpc_message_get_attribute_array_value }, + { P11_RPC_VALUE_MECHANISM_TYPE_ARRAY, p11_rpc_buffer_add_mechanism_type_array_value, p11_rpc_message_get_mechanism_type_array_value }, + { P11_RPC_VALUE_DATE, p11_rpc_buffer_add_date_value, p11_rpc_message_get_date_value }, + { P11_RPC_VALUE_BYTE_ARRAY, p11_rpc_buffer_add_byte_array_value, p11_rpc_message_get_byte_array_value } }; P11_STATIC_ASSERT(sizeof(CK_BYTE) <= sizeof(uint8_t)); @@ -977,6 +1067,12 @@ p11_rpc_buffer_add_attribute_array_value (p11_buffer *buffer, return; } + /* When value is NULL, write an empty attribute array */ + if (attrs == NULL) { + p11_rpc_buffer_add_uint32 (buffer, 0); + return; + } + /* Write the number of items */ p11_rpc_buffer_add_uint32 (buffer, count); @@ -1144,29 +1240,7 @@ p11_rpc_buffer_get_attribute_array_value (p11_buffer *buffer, void *value, CK_ULONG *value_length) { - uint32_t count, i; - CK_ATTRIBUTE *attr, temp; - - if (!p11_rpc_buffer_get_uint32 (buffer, offset, &count)) - return false; - - if (!value) { - memset (&temp, 0, sizeof (CK_ATTRIBUTE)); - attr = &temp; - } else - attr = value; - - for (i = 0; i < count; i++) { - if (!p11_rpc_buffer_get_attribute (buffer, offset, attr)) - return false; - if (value) - attr++; - } - - if (value_length) - *value_length = count * sizeof (CK_ATTRIBUTE); - - return true; + return p11_rpc_message_get_attribute_array_value (NULL, buffer, offset, value, value_length); } bool @@ -1252,11 +1326,13 @@ p11_rpc_buffer_get_byte_array_value (p11_buffer *buffer, } bool -p11_rpc_buffer_get_attribute (p11_buffer *buffer, - size_t *offset, - CK_ATTRIBUTE *attr) +p11_rpc_message_get_attribute (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + CK_ATTRIBUTE *attr) { - uint32_t type, length, decode_length; + uint32_t type, length; + CK_ULONG decode_length; unsigned char validity; p11_rpc_attribute_serializer *serializer; p11_rpc_value_type value_type; @@ -1279,24 +1355,37 @@ p11_rpc_buffer_get_attribute (p11_buffer *buffer, if (!p11_rpc_buffer_get_uint32 (buffer, offset, &length)) return false; + if (length == 0) { + attr->pValue = NULL; + } else if (msg != NULL) { + /* Allocate memory for the attribute value */ + attr->pValue = p11_rpc_message_alloc_extra (msg, length); + if (attr->pValue == NULL) + return false; + } + /* Decode the attribute value */ value_type = map_attribute_to_value_type (type); assert (value_type < ELEMS (p11_rpc_attribute_serializers)); serializer = &p11_rpc_attribute_serializers[value_type]; assert (serializer != NULL); - if (!serializer->decode (buffer, offset, attr->pValue, &attr->ulValueLen)) + if (!serializer->decode (msg, buffer, offset, attr->pValue, &decode_length)) + return false; + if (attr->pValue == NULL && length != 0 && decode_length > length) return false; - if (!attr->pValue) { - decode_length = attr->ulValueLen; - attr->ulValueLen = length; - if (decode_length > length) { - return false; - } - } attr->type = type; + attr->ulValueLen = length; return true; } +bool +p11_rpc_buffer_get_attribute (p11_buffer *buffer, + size_t *offset, + CK_ATTRIBUTE *attr) +{ + return p11_rpc_message_get_attribute (NULL, buffer, offset, attr); +} + /* Used to override the supported mechanisms in tests */ CK_MECHANISM_TYPE *p11_rpc_mechanisms_override_supported = NULL; diff --git a/p11-kit/rpc-message.h b/p11-kit/rpc-message.h index f171fc4fe..e59562def 100644 --- a/p11-kit/rpc-message.h +++ b/p11-kit/rpc-message.h @@ -276,9 +276,6 @@ typedef enum _p11_rpc_value_type { P11_RPC_VALUE_BYTE_ARRAY } p11_rpc_value_type; -typedef void (*p11_rpc_value_encoder) (p11_buffer *, const void *, CK_ULONG); -typedef bool (*p11_rpc_value_decoder) (p11_buffer *, size_t *, void *, CK_ULONG *); - typedef enum _p11_rpc_message_type { P11_RPC_REQUEST = 1, P11_RPC_RESPONSE @@ -295,6 +292,10 @@ typedef struct { void *extra; } p11_rpc_message; +typedef void (*p11_rpc_value_encoder) (p11_buffer *, const void *, CK_ULONG); +typedef bool (*p11_rpc_value_decoder) (p11_buffer *, size_t *, void *, CK_ULONG *); +typedef bool (*p11_rpc_message_decoder) (p11_rpc_message *msg, p11_buffer *, size_t *, void *, CK_ULONG *); + void p11_rpc_message_init (p11_rpc_message *msg, p11_buffer *input, p11_buffer *output); @@ -371,6 +372,11 @@ bool p11_rpc_message_read_space_string (p11_rpc_message *msg, bool p11_rpc_message_read_version (p11_rpc_message *msg, CK_VERSION* version); +bool p11_rpc_message_get_attribute (p11_rpc_message *msg, + p11_buffer *buffer, + size_t *offset, + CK_ATTRIBUTE *attr); + p11_buffer * p11_rpc_buffer_new (size_t reserve); p11_buffer * p11_rpc_buffer_new_full (size_t reserve, diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c index b4cbcd09f..3aaf0b6fe 100644 --- a/p11-kit/rpc-server.c +++ b/p11-kit/rpc-server.c @@ -247,22 +247,16 @@ proto_write_ulong_array (p11_rpc_message *msg, } static CK_RV -proto_read_attribute_buffer (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR *result, - CK_ULONG *n_result) +proto_read_attribute_buffer_array (p11_rpc_message *msg, + CK_ATTRIBUTE_PTR *result, + CK_ULONG *n_result) { - CK_ATTRIBUTE_PTR attrs; + CK_RV rv; + CK_ATTRIBUTE_PTR attrs, array; + CK_ULONG n_array; uint32_t n_attrs, i; uint32_t value; - assert (msg != NULL); - assert (result != NULL); - assert (n_result != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fA")); - /* Read the number of attributes */ if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &n_attrs)) return PARSE_ERROR; @@ -288,6 +282,13 @@ proto_read_attribute_buffer (p11_rpc_message *msg, if (value == 0) { attrs[i].pValue = NULL; attrs[i].ulValueLen = 0; + } else if (IS_ATTRIBUTE_ARRAY (attrs + i)) { + rv = proto_read_attribute_buffer_array (msg, &array, &n_array); + if (rv != CKR_OK) + return rv; + assert (n_array * sizeof (CK_ATTRIBUTE) <= value); + attrs[i].pValue = array; + attrs[i].ulValueLen = n_array * sizeof (CK_ATTRIBUTE); } else { attrs[i].pValue = p11_rpc_message_alloc_extra (msg, value); if (!attrs[i].pValue) @@ -301,6 +302,22 @@ proto_read_attribute_buffer (p11_rpc_message *msg, return CKR_OK; } +static CK_RV +proto_read_attribute_buffer (p11_rpc_message *msg, + CK_ATTRIBUTE_PTR *result, + CK_ULONG *n_result) +{ + assert (msg != NULL); + assert (result != NULL); + assert (n_result != NULL); + assert (msg->input != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "fA")); + + return proto_read_attribute_buffer_array (msg, result, n_result); +} + static CK_RV proto_read_attribute_array (p11_rpc_message *msg, CK_ATTRIBUTE_PTR *result, @@ -327,39 +344,9 @@ proto_read_attribute_array (p11_rpc_message *msg, return CKR_DEVICE_MEMORY; /* Now go through and fill in each one */ - for (i = 0; i < n_attrs; ++i) { - size_t offset = msg->parsed; - CK_ATTRIBUTE temp; - - /* Check the length needed to store the value */ - memset (&temp, 0, sizeof (temp)); - if (!p11_rpc_buffer_get_attribute (msg->input, &offset, &temp)) { - msg->parsed = offset; + for (i = 0; i < n_attrs; ++i) + if (!p11_rpc_message_get_attribute (msg, msg->input, &msg->parsed, &attrs[i])) return PARSE_ERROR; - } - - if (IS_ATTRIBUTE_ARRAY (&temp)) { - p11_debug("recursive attribute array is not supported"); - return PARSE_ERROR; - } - - attrs[i].type = temp.type; - - /* Whether this one is valid or not */ - if (temp.ulValueLen != ((CK_ULONG)-1)) { - size_t offset2 = msg->parsed; - attrs[i].pValue = p11_rpc_message_alloc_extra (msg, temp.ulValueLen); - if (!p11_rpc_buffer_get_attribute (msg->input, &offset2, &attrs[i])) { - msg->parsed = offset2; - return PARSE_ERROR; - } - } else { - attrs[i].pValue = NULL; - attrs[i].ulValueLen = -1; - } - - msg->parsed = offset; - } *result = attrs; *n_result = n_attrs; diff --git a/p11-kit/test-mock.c b/p11-kit/test-mock.c index 374385fef..39a74c776 100644 --- a/p11-kit/test-mock.c +++ b/p11-kit/test-mock.c @@ -606,6 +606,135 @@ test_set_attribute_value (void) teardown_mock_module (module); } +static void +test_get_wrap_template (void) +{ + CK_RV rv; + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + char label[sizeof ("Wrapped label") - 1] = { 0 }; + CK_BBOOL verify = CK_FALSE; + CK_BBOOL encrypt = CK_FALSE; + CK_ATTRIBUTE temp[] = { + { 0 }, + { 0 }, + { 0 }, + }; + CK_ATTRIBUTE attrs[] = { + { CKA_WRAP_TEMPLATE, temp, sizeof (temp) }, + }; + CK_ULONG n_attrs = sizeof (attrs) / sizeof (attrs[0]); + + module = setup_mock_module (&session); + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_PREFIX, attrs, n_attrs); + assert (rv == CKR_OK); + assert_num_eq (attrs[0].type, CKA_WRAP_TEMPLATE); + assert_ptr_eq (attrs[0].pValue, temp); + assert_num_eq (attrs[0].ulValueLen, sizeof (temp)); + assert_num_eq (temp[0].type, CKA_LABEL); + assert_ptr_eq (temp[0].pValue, NULL); + assert_num_eq (temp[0].ulValueLen, sizeof (label)); + assert_num_eq (temp[1].type, CKA_VERIFY); + assert_ptr_eq (temp[1].pValue, NULL); + assert_num_eq (temp[1].ulValueLen, sizeof (verify)); + assert_num_eq (temp[2].type, CKA_ENCRYPT); + assert_ptr_eq (temp[2].pValue, NULL); + assert_num_eq (temp[2].ulValueLen, sizeof (encrypt)); + + temp[0].pValue = label; + temp[1].pValue = &verify; + temp[2].pValue = &encrypt; + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_PREFIX, attrs, n_attrs); + assert (rv == CKR_OK); + assert_num_eq (attrs[0].type, CKA_WRAP_TEMPLATE); + assert_ptr_eq (attrs[0].pValue, temp); + assert_num_eq (attrs[0].ulValueLen, sizeof (temp)); + assert_num_eq (temp[0].type, CKA_LABEL); + assert_ptr_eq (temp[0].pValue, label); + assert_num_eq (temp[0].ulValueLen, sizeof (label)); + assert_num_eq (temp[1].type, CKA_VERIFY); + assert_ptr_eq (temp[1].pValue, &verify); + assert_num_eq (temp[1].ulValueLen, sizeof (verify)); + assert_num_eq (temp[2].type, CKA_ENCRYPT); + assert_ptr_eq (temp[2].pValue, &encrypt); + assert_num_eq (temp[2].ulValueLen, sizeof (encrypt)); + assert (strncmp (label, "Wrapped label", sizeof (label)) == 0); + assert (verify == CK_TRUE); + assert (encrypt == CK_TRUE); + + teardown_mock_module (module); +} + +static void +test_set_wrap_template (void) +{ + CK_RV rv; + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + char label[] = { 'T', 'E', 'S', 'T' }; + CK_BBOOL local = CK_TRUE; + CK_ATTRIBUTE temp[] = { + { CKA_LABEL, label, sizeof (label) }, + { CKA_LOCAL, &local, sizeof (local) }, + }; + CK_ATTRIBUTE attrs[] = { + { CKA_WRAP_TEMPLATE, temp, sizeof (temp) }, + }; + CK_ULONG n_attrs = sizeof (attrs) / sizeof (attrs[0]); + + module = setup_mock_module (&session); + + rv = (module->C_SetAttributeValue) (session, MOCK_PUBLIC_KEY_PREFIX, attrs, n_attrs); + assert (rv == CKR_OK); + + attrs[0].pValue = NULL; + attrs[0].ulValueLen = 0; + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_PREFIX, attrs, n_attrs); + assert (rv == CKR_OK); + assert_num_eq (attrs[0].type, CKA_WRAP_TEMPLATE); + assert_ptr_eq (attrs[0].pValue, NULL); + assert_num_eq (attrs[0].ulValueLen, sizeof (temp)); + + memset (temp, 0, sizeof (temp)); + attrs[0].pValue = temp; + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_PREFIX, attrs, n_attrs); + assert (rv == CKR_OK); + assert_num_eq (attrs[0].type, CKA_WRAP_TEMPLATE); + assert_ptr_eq (attrs[0].pValue, temp); + assert_num_eq (attrs[0].ulValueLen, sizeof (temp)); + assert_num_eq (temp[0].type, CKA_LABEL); + assert_ptr_eq (temp[0].pValue, NULL); + assert_num_eq (temp[0].ulValueLen, sizeof (label)); + assert_num_eq (temp[1].type, CKA_LOCAL); + assert_ptr_eq (temp[1].pValue, NULL); + assert_num_eq (temp[1].ulValueLen, sizeof (local)); + + memset (label, 0, sizeof (label)); + local = CK_FALSE; + temp[0].pValue = label; + temp[1].pValue = &local; + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_PREFIX, attrs, n_attrs); + assert (rv == CKR_OK); + assert_num_eq (attrs[0].type, CKA_WRAP_TEMPLATE); + assert_ptr_eq (attrs[0].pValue, temp); + assert_num_eq (attrs[0].ulValueLen, sizeof (temp)); + assert_num_eq (temp[0].type, CKA_LABEL); + assert_ptr_eq (temp[0].pValue, label); + assert_num_eq (temp[0].ulValueLen, sizeof (label)); + assert_num_eq (temp[1].type, CKA_LOCAL); + assert_ptr_eq (temp[1].pValue, &local); + assert_num_eq (temp[1].ulValueLen, sizeof (local)); + assert (strncmp (label, "TEST", sizeof (label)) == 0); + assert (local == CK_TRUE); + + teardown_mock_module (module); +} + static void test_create_object (void) { @@ -2581,6 +2710,8 @@ test_mock_add_tests (const char *prefix, const CK_VERSION *version) p11_test (test_login_logout, "%s/test_login_logout", prefix); p11_test (test_get_attribute_value, "%s/test_get_attribute_value", prefix); p11_test (test_set_attribute_value, "%s/test_set_attribute_value", prefix); + p11_test (test_get_wrap_template, "%s/test_get_wrap_template", prefix); + p11_test (test_set_wrap_template, "%s/test_set_wrap_template", prefix); p11_test (test_create_object, "%s/test_create_object", prefix); p11_test (test_create_object_private, "%s/test_create_object_private", prefix); p11_test (test_copy_object, "%s/test_copy_object", prefix);