|
 |
68d1ae6 |
From 4935de246254df236caf8487d15028d05ad88d94 Mon Sep 17 00:00:00 2001
|
|
|
68d1ae6 |
From: Per Nilsson <per.nilsson@yubico.com>
|
|
|
68d1ae6 |
Date: Fri, 27 Jan 2023 10:09:11 +0100
|
|
|
68d1ae6 |
Subject: [PATCH] Fix type of id (#312)
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
---
|
|
|
68d1ae6 |
pkcs11/util_pkcs11.c | 17 ++++-------------
|
|
|
68d1ae6 |
pkcs11/util_pkcs11.h | 4 ++--
|
|
|
68d1ae6 |
pkcs11/yubihsm_pkcs11.c | 24 ++++++++----------------
|
|
|
68d1ae6 |
3 files changed, 14 insertions(+), 31 deletions(-)
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
diff --git a/pkcs11/util_pkcs11.c b/pkcs11/util_pkcs11.c
|
|
|
68d1ae6 |
index 5834a5bd..db5f83ca 100644
|
|
|
68d1ae6 |
--- a/pkcs11/util_pkcs11.c
|
|
|
68d1ae6 |
+++ b/pkcs11/util_pkcs11.c
|
|
|
68d1ae6 |
@@ -4294,7 +4294,7 @@ CK_RV parse_hmac_template(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
|
|
68d1ae6 |
}
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
CK_RV parse_meta_id_template(pkcs11_meta_object *pkcs11meta, bool pubkey,
|
|
|
68d1ae6 |
- int *id, uint8_t *value, size_t value_len) {
|
|
|
68d1ae6 |
+ uint16_t *id, uint8_t *value, size_t value_len) {
|
|
|
68d1ae6 |
if (value_len != 2) {
|
|
|
68d1ae6 |
if (pubkey) {
|
|
|
68d1ae6 |
pkcs11meta->cka_id_pubkey.len = value_len;
|
|
|
68d1ae6 |
@@ -4307,10 +4307,6 @@ CK_RV parse_meta_id_template(pkcs11_meta_object *pkcs11meta, bool pubkey,
|
|
|
68d1ae6 |
} else {
|
|
|
68d1ae6 |
if (!pubkey) {
|
|
|
68d1ae6 |
*id = parse_id_value(value, value_len);
|
|
|
68d1ae6 |
- if (*id == -1) {
|
|
|
68d1ae6 |
- DBG_ERR("CKA_ID invalid in template");
|
|
|
68d1ae6 |
- return CKR_ATTRIBUTE_VALUE_INVALID;
|
|
|
68d1ae6 |
- }
|
|
|
68d1ae6 |
}
|
|
|
68d1ae6 |
}
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
@@ -4343,7 +4339,6 @@ CK_RV parse_rsa_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate,
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
uint8_t *e = NULL;
|
|
|
68d1ae6 |
CK_RV rv;
|
|
|
68d1ae6 |
- int id = 0;
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
memset(template->label, 0, sizeof(template->label));
|
|
|
68d1ae6 |
for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++) {
|
|
|
68d1ae6 |
@@ -4482,14 +4477,13 @@ CK_RV parse_rsa_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate,
|
|
|
68d1ae6 |
break;
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
case CKA_ID: {
|
|
|
68d1ae6 |
- rv = parse_meta_id_template(pkcs11meta, false, &id,
|
|
|
68d1ae6 |
+ rv = parse_meta_id_template(pkcs11meta, false, &template->id,
|
|
|
68d1ae6 |
pPrivateKeyTemplate[i].pValue,
|
|
|
68d1ae6 |
pPrivateKeyTemplate[i].ulValueLen);
|
|
|
68d1ae6 |
if (rv != CKR_OK) {
|
|
|
68d1ae6 |
DBG_ERR("Failed to parse CKA_ID in PrivateKeyTemplate");
|
|
|
68d1ae6 |
return rv;
|
|
|
68d1ae6 |
}
|
|
|
68d1ae6 |
- template->id = id;
|
|
|
68d1ae6 |
} break;
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
case CKA_DECRYPT:
|
|
|
68d1ae6 |
@@ -4572,7 +4566,7 @@ CK_RV parse_rsa_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate,
|
|
|
68d1ae6 |
return CKR_OK;
|
|
|
68d1ae6 |
}
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
-int parse_id_value(void *value, CK_ULONG len) {
|
|
|
68d1ae6 |
+uint16_t parse_id_value(void *value, CK_ULONG len) {
|
|
|
68d1ae6 |
switch (len) {
|
|
|
68d1ae6 |
case 0:
|
|
|
68d1ae6 |
return 0;
|
|
|
68d1ae6 |
@@ -4596,7 +4590,6 @@ CK_RV parse_ec_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate,
|
|
|
68d1ae6 |
uint8_t *ecparams = NULL;
|
|
|
68d1ae6 |
uint16_t ecparams_len = 0;
|
|
|
68d1ae6 |
CK_RV rv;
|
|
|
68d1ae6 |
- int id;
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
memset(template->label, 0, sizeof(template->label));
|
|
|
68d1ae6 |
for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++) {
|
|
|
68d1ae6 |
@@ -4701,15 +4694,13 @@ CK_RV parse_ec_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate,
|
|
|
68d1ae6 |
break;
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
case CKA_ID: {
|
|
|
68d1ae6 |
- rv = parse_meta_id_template(pkcs11meta, false, &id,
|
|
|
68d1ae6 |
+ rv = parse_meta_id_template(pkcs11meta, false, &template->id,
|
|
|
68d1ae6 |
pPrivateKeyTemplate[i].pValue,
|
|
|
68d1ae6 |
pPrivateKeyTemplate[i].ulValueLen);
|
|
|
68d1ae6 |
if (rv != CKR_OK) {
|
|
|
68d1ae6 |
DBG_ERR("Failed to parse CKA_ID in PrivateKeyTemplate");
|
|
|
68d1ae6 |
return rv;
|
|
|
68d1ae6 |
}
|
|
|
68d1ae6 |
- template->id = id;
|
|
|
68d1ae6 |
-
|
|
|
68d1ae6 |
} break;
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
case CKA_SIGN:
|
|
|
68d1ae6 |
diff --git a/pkcs11/util_pkcs11.h b/pkcs11/util_pkcs11.h
|
|
|
68d1ae6 |
index d8026e57..5a91ee34 100644
|
|
|
68d1ae6 |
--- a/pkcs11/util_pkcs11.h
|
|
|
68d1ae6 |
+++ b/pkcs11/util_pkcs11.h
|
|
|
68d1ae6 |
@@ -151,7 +151,7 @@ CK_RV parse_ec_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate,
|
|
|
68d1ae6 |
yubihsm_pkcs11_object_template *template,
|
|
|
68d1ae6 |
pkcs11_meta_object *pkcs11meta);
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
-int parse_id_value(void *value, CK_ULONG len);
|
|
|
68d1ae6 |
+uint16_t parse_id_value(void *value, CK_ULONG len);
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
CK_RV populate_template(int type, void *object, CK_ATTRIBUTE_PTR pTemplate,
|
|
|
68d1ae6 |
CK_ULONG ulCount, yubihsm_pkcs11_session *session);
|
|
|
68d1ae6 |
@@ -176,7 +176,7 @@ bool match_meta_attributes(yubihsm_pkcs11_session *session,
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
bool is_meta_object(yh_object_descriptor *object);
|
|
|
68d1ae6 |
CK_RV parse_meta_id_template(pkcs11_meta_object *pkcs11meta, bool public,
|
|
|
68d1ae6 |
- int *id, uint8_t *value, size_t value_len);
|
|
|
68d1ae6 |
+ uint16_t *id, uint8_t *value, size_t value_len);
|
|
|
68d1ae6 |
void parse_meta_label_template(yubihsm_pkcs11_object_template *template,
|
|
|
68d1ae6 |
pkcs11_meta_object *pkcs11meta, bool public,
|
|
|
68d1ae6 |
uint8_t *value, size_t value_len);
|
|
|
68d1ae6 |
diff --git a/pkcs11/yubihsm_pkcs11.c b/pkcs11/yubihsm_pkcs11.c
|
|
|
68d1ae6 |
index 48b3bf46..6f715e01 100644
|
|
|
68d1ae6 |
--- a/pkcs11/yubihsm_pkcs11.c
|
|
|
68d1ae6 |
+++ b/pkcs11/yubihsm_pkcs11.c
|
|
|
68d1ae6 |
@@ -1383,10 +1383,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_CreateObject)
|
|
|
68d1ae6 |
id.d = 0;
|
|
|
68d1ae6 |
} else {
|
|
|
68d1ae6 |
id.d = parse_id_value(pTemplate[i].pValue, pTemplate[i].ulValueLen);
|
|
|
68d1ae6 |
- if (id.d == (CK_ULONG) -1) {
|
|
|
68d1ae6 |
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
|
|
|
68d1ae6 |
- goto c_co_out;
|
|
|
68d1ae6 |
- }
|
|
|
68d1ae6 |
}
|
|
|
68d1ae6 |
id.set = true;
|
|
|
68d1ae6 |
} else {
|
|
|
68d1ae6 |
@@ -2200,7 +2196,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_SetAttributeValue)
|
|
|
68d1ae6 |
}
|
|
|
68d1ae6 |
}
|
|
|
68d1ae6 |
} else {
|
|
|
68d1ae6 |
- int new_id =
|
|
|
68d1ae6 |
+ uint16_t new_id =
|
|
|
68d1ae6 |
parse_id_value(pTemplate[i].pValue, pTemplate[i].ulValueLen);
|
|
|
68d1ae6 |
if (pTemplate[i].ulValueLen != 2 || new_id != object->object.id) {
|
|
|
68d1ae6 |
if (object->object.type == YH_PUBLIC_KEY) {
|
|
|
68d1ae6 |
@@ -2360,7 +2356,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
yh_rc rc = YHR_SUCCESS;
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
- int id = 0;
|
|
|
68d1ae6 |
uint8_t type = 0;
|
|
|
68d1ae6 |
uint16_t domains = 0;
|
|
|
68d1ae6 |
yh_capabilities capabilities = {{0}};
|
|
|
68d1ae6 |
@@ -2527,7 +2522,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)
|
|
|
68d1ae6 |
yh_object_descriptor
|
|
|
68d1ae6 |
tmp_objects[YH_MAX_ITEMS_COUNT + MAX_ECDH_SESSION_KEYS] = {0};
|
|
|
68d1ae6 |
size_t tmp_n_objects = YH_MAX_ITEMS_COUNT + MAX_ECDH_SESSION_KEYS;
|
|
|
68d1ae6 |
- rc = yh_util_list_objects(session->slot->device_session, id, 0, domains,
|
|
|
68d1ae6 |
+ rc = yh_util_list_objects(session->slot->device_session, 0, 0, domains,
|
|
|
68d1ae6 |
&capabilities, algorithm, label, tmp_objects,
|
|
|
68d1ae6 |
&tmp_n_objects);
|
|
|
68d1ae6 |
if (rc != YHR_SUCCESS) {
|
|
|
68d1ae6 |
@@ -2563,7 +2558,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)
|
|
|
68d1ae6 |
} else {
|
|
|
68d1ae6 |
yh_object_descriptor tmp_objects[YH_MAX_ITEMS_COUNT] = {0};
|
|
|
68d1ae6 |
size_t tmp_n_objects = sizeof(tmp_objects);
|
|
|
68d1ae6 |
- rc = yh_util_list_objects(session->slot->device_session, id,
|
|
|
68d1ae6 |
+ rc = yh_util_list_objects(session->slot->device_session, 0,
|
|
|
68d1ae6 |
YH_OPAQUE, domains, &capabilities,
|
|
|
68d1ae6 |
YH_ALGO_OPAQUE_X509_CERTIFICATE, label,
|
|
|
68d1ae6 |
tmp_objects, &tmp_n_objects);
|
|
|
68d1ae6 |
@@ -2599,7 +2594,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)
|
|
|
68d1ae6 |
yh_object_descriptor
|
|
|
68d1ae6 |
tmp_objects[YH_MAX_ITEMS_COUNT + MAX_ECDH_SESSION_KEYS] = {0};
|
|
|
68d1ae6 |
size_t tmp_n_objects = YH_MAX_ITEMS_COUNT + MAX_ECDH_SESSION_KEYS;
|
|
|
68d1ae6 |
- rc = yh_util_list_objects(session->slot->device_session, id, type,
|
|
|
68d1ae6 |
+ rc = yh_util_list_objects(session->slot->device_session, 0, type,
|
|
|
68d1ae6 |
domains, &capabilities, algorithm, label,
|
|
|
68d1ae6 |
tmp_objects, &tmp_n_objects);
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
@@ -2636,12 +2631,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)
|
|
|
68d1ae6 |
}
|
|
|
68d1ae6 |
}
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
- id = parse_id_value(template_id, template_id_len);
|
|
|
68d1ae6 |
- if (id == -1) {
|
|
|
68d1ae6 |
- DBG_ERR("Failed to parse ID from template");
|
|
|
68d1ae6 |
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
|
|
|
68d1ae6 |
- goto c_foi_out;
|
|
|
68d1ae6 |
- }
|
|
|
68d1ae6 |
+ uint16_t id = parse_id_value(template_id, template_id_len);
|
|
|
68d1ae6 |
DBG_INFO("id parsed as %x", id);
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
if (ulCount == 0 ||
|
|
|
68d1ae6 |
@@ -4948,12 +4938,14 @@ CK_DEFINE_FUNCTION(CK_RV, C_GenerateKey)
|
|
|
68d1ae6 |
|
|
|
68d1ae6 |
case CKA_ID:
|
|
|
68d1ae6 |
if (id.set == false) {
|
|
|
68d1ae6 |
- rv = parse_meta_id_template(&meta_object, FALSE, (int *) &id.d,
|
|
|
68d1ae6 |
+ uint16_t d;
|
|
|
68d1ae6 |
+ rv = parse_meta_id_template(&meta_object, FALSE, &d,
|
|
|
68d1ae6 |
pTemplate[i].pValue,
|
|
|
68d1ae6 |
pTemplate[i].ulValueLen);
|
|
|
68d1ae6 |
if (rv != CKR_OK) {
|
|
|
68d1ae6 |
goto c_gk_out;
|
|
|
68d1ae6 |
}
|
|
|
68d1ae6 |
+ id.d = d;
|
|
|
68d1ae6 |
id.set = true;
|
|
|
68d1ae6 |
} else {
|
|
|
68d1ae6 |
rv = CKR_TEMPLATE_INCONSISTENT;
|
|
|
68d1ae6 |
|
|
|
7702129 |
diff --git a/pkcs11/util_pkcs11.c b/pkcs11/util_pkcs11.c
|
|
|
7702129 |
index db5f83c..caa467f 100644
|
|
|
7702129 |
--- a/pkcs11/util_pkcs11.c
|
|
|
7702129 |
+++ b/pkcs11/util_pkcs11.c
|
|
|
7702129 |
@@ -2720,7 +2720,7 @@ static CK_RV perform_aes_update(yh_session *session,
|
|
|
7702129 |
return rv;
|
|
|
7702129 |
}
|
|
|
7702129 |
|
|
|
7702129 |
- DBG_INFO("Returning %lu bytes (buffered %lu bytes)", size, next);
|
|
|
7702129 |
+ DBG_INFO("Returning %zu bytes (buffered %zu bytes)", size, next);
|
|
|
7702129 |
*out_len = size;
|
|
|
7702129 |
|
|
|
7702129 |
return CKR_OK;
|