diff options
| author | Stefan Walter <stefw@src.gnome.org> | 2008-12-12 02:44:24 +0000 |
|---|---|---|
| committer | Stefan Walter <stefw@src.gnome.org> | 2008-12-12 02:44:24 +0000 |
| commit | bdeb75dc667bb8dade68370d7cc527f51e1970b7 (patch) | |
| tree | f7c36608e0bed950647b5bfd261641ec73d756cd /daemon | |
| parent | 8fdae2b8c153306aa0bfcf04dc9a99e370572cef (diff) | |
Fix most of the inconsistencies and bugs highlighted by the p11-tests
* daemon/pk/gkr-pk-cert.c:
* daemon/pk/gkr-pk-privkey.c:
* daemon/pk/gkr-pk-pubkey.c:
* daemon/pk/gkr-pk-pubkey.h:
* daemon/pk/gkr-pk-util.c:
* daemon/pkcs11/gkr-pkcs11-daemon-session.c:
* daemon/pkix/gkr-pkix-asn1.c:
* pkcs11/gkr-pkcs11-module.c: Fix most of the inconsistencies and bugs
highlighted by the p11-tests tool.
svn path=/trunk/; revision=1384
Diffstat (limited to 'daemon')
| -rw-r--r-- | daemon/pk/gkr-pk-cert.c | 15 | ||||
| -rw-r--r-- | daemon/pk/gkr-pk-privkey.c | 14 | ||||
| -rw-r--r-- | daemon/pk/gkr-pk-pubkey.c | 38 | ||||
| -rw-r--r-- | daemon/pk/gkr-pk-pubkey.h | 6 | ||||
| -rw-r--r-- | daemon/pk/gkr-pk-util.c | 2 | ||||
| -rw-r--r-- | daemon/pkcs11/gkr-pkcs11-daemon-session.c | 10 | ||||
| -rw-r--r-- | daemon/pkix/gkr-pkix-asn1.c | 2 |
7 files changed, 65 insertions, 22 deletions
diff --git a/daemon/pk/gkr-pk-cert.c b/daemon/pk/gkr-pk-cert.c index ac7c9db8..cb2e8cfa 100644 --- a/daemon/pk/gkr-pk-cert.c +++ b/daemon/pk/gkr-pk-cert.c @@ -545,11 +545,11 @@ gkr_pk_cert_get_attribute (GkrPkObject* obj, CK_ATTRIBUTE_PTR attr) case CKA_SERIAL_NUMBER: if ((ret = load_certificate (cert)) != CKR_OK) return ret; - data = gkr_pkix_asn1_read_value (cert->data->asn1, "tbsCertificate.serialNumber", &n_data, NULL); - if (!data) + cdata = gkr_pkix_asn1_read_element (cert->data->asn1, cert->data->raw, cert->data->n_raw, + "tbsCertificate.serialNumber", &n_data); + if (!cdata) return CKR_FUNCTION_FAILED; - gkr_pk_attribute_set_data (attr, data, n_data); - g_free (data); + gkr_pk_attribute_set_data (attr, cdata, n_data); return CKR_OK; case CKA_VALUE: @@ -588,8 +588,13 @@ gkr_pk_cert_get_attribute (GkrPkObject* obj, CK_ATTRIBUTE_PTR attr) case CKA_URL: case CKA_HASH_OF_SUBJECT_PUBLIC_KEY: case CKA_HASH_OF_ISSUER_PUBLIC_KEY: - return CKR_ATTRIBUTE_TYPE_INVALID; + gkr_pk_attribute_set_data (attr, "", 0); + return CKR_OK; + case CKA_JAVA_MIDP_SECURITY_DOMAIN: + gkr_pk_attribute_set_ulong(attr, 0); + return CKR_OK; + case CKA_GNOME_PURPOSE_OIDS: return read_certificate_purposes (cert, attr); diff --git a/daemon/pk/gkr-pk-privkey.c b/daemon/pk/gkr-pk-privkey.c index 6592253b..e616a2a2 100644 --- a/daemon/pk/gkr-pk-privkey.c +++ b/daemon/pk/gkr-pk-privkey.c @@ -316,8 +316,10 @@ attribute_from_certificate (GkrPkPrivkey *key, CK_ATTRIBUTE_PTR attr) obj = GKR_PK_OBJECT (key); crt = gkr_pk_manager_find_by_id (obj->manager, GKR_TYPE_PK_CERT, keyid); - if (crt == NULL) - return CKR_ATTRIBUTE_TYPE_INVALID; + if (crt == NULL) { + gkr_pk_attribute_set_data(attr, "", 0); + return CKR_OK; + } return gkr_pk_object_get_attribute (crt, attr); } @@ -485,17 +487,17 @@ gkr_pk_privkey_get_attribute (GkrPkObject* obj, CK_ATTRIBUTE_PTR attr) case CKA_VALUE: return CKR_ATTRIBUTE_SENSITIVE; - /* TODO: We need to implement this: ARRAY[1] (CKM_RSA_PKCS) */ case CKA_ALLOWED_MECHANISMS: - return CKR_ATTRIBUTE_TYPE_INVALID; + return gkr_pk_pubkey_allowed_mechanisms (key->priv->algorithm, attr); case CKA_UNWRAP_TEMPLATE: return CKR_ATTRIBUTE_TYPE_INVALID; - /* We don't support these */ + /* These will be empty */ case CKA_START_DATE: case CKA_END_DATE: - return CKR_ATTRIBUTE_TYPE_INVALID; + gkr_pk_attribute_set_data(attr, "", 0); + return CKR_OK; default: break; diff --git a/daemon/pk/gkr-pk-pubkey.c b/daemon/pk/gkr-pk-pubkey.c index f3dc2d56..9c0702e3 100644 --- a/daemon/pk/gkr-pk-pubkey.c +++ b/daemon/pk/gkr-pk-pubkey.c @@ -374,7 +374,8 @@ gkr_pk_pubkey_get_attribute (GkrPkObject* obj, CK_ATTRIBUTE_PTR attr) /* TODO: Once we can generate keys, this should change */ case CKA_KEY_GEN_MECHANISM: - return CK_UNAVAILABLE_INFORMATION; + gkr_pk_attribute_set_ulong (attr, CK_UNAVAILABLE_INFORMATION); + return CKR_OK; case CKA_ID: /* Always a SHA-1 hash output buffer */ @@ -410,17 +411,17 @@ gkr_pk_pubkey_get_attribute (GkrPkObject* obj, CK_ATTRIBUTE_PTR attr) case CKA_VALUE: return extract_key_value (key, attr); - /* TODO: We need to implement this: ARRAY[1] (CKM_RSA_PKCS) */ case CKA_ALLOWED_MECHANISMS: - return CKR_ATTRIBUTE_TYPE_INVALID; + return gkr_pk_pubkey_allowed_mechanisms (key->pub->algorithm, attr); case CKA_UNWRAP_TEMPLATE: return CKR_ATTRIBUTE_TYPE_INVALID; - /* We don't support these */ + /* These will be empty */ case CKA_START_DATE: case CKA_END_DATE: - return CKR_ATTRIBUTE_TYPE_INVALID; + gkr_pk_attribute_set_data(attr, "", 0); + return CKR_OK; default: break; @@ -596,3 +597,30 @@ gkr_pk_pubkey_get_algorithm (GkrPkPubkey *key) return 0; return key->pub->algorithm; } + +CK_RV +gkr_pk_pubkey_allowed_mechanisms (int algorithm, CK_ATTRIBUTE_PTR attr) +{ + CK_MECHANISM_TYPE mechanisms[3]; + CK_ULONG n_mechanisms; + + g_return_val_if_fail (attr, CKR_GENERAL_ERROR); + + switch (algorithm) { + case GCRY_PK_RSA: + mechanisms[0] = CKM_RSA_PKCS; + mechanisms[1] = CKM_RSA_X_509; + n_mechanisms = 2; + break; + case GCRY_PK_DSA: + mechanisms[0] = CKM_DSA; + n_mechanisms = 1; + break; + default: + n_mechanisms = 0; + break; + } + + gkr_pk_attribute_set_data (attr, mechanisms, sizeof(CK_MECHANISM_TYPE) * n_mechanisms); + return CKR_OK; +} diff --git a/daemon/pk/gkr-pk-pubkey.h b/daemon/pk/gkr-pk-pubkey.h index 5484b264..99b89f6e 100644 --- a/daemon/pk/gkr-pk-pubkey.h +++ b/daemon/pk/gkr-pk-pubkey.h @@ -63,12 +63,16 @@ GkrPkPubkey* gkr_pk_pubkey_instance (GkrPkManager* manager, CK_RV gkr_pk_pubkey_create (GkrPkManager* manager, GArray* array, GkrPkObject **object); -gkrconstid gkr_pk_pubkey_get_keyid (GkrPkPubkey *key); +gkrconstid gkr_pk_pubkey_get_keyid (GkrPkPubkey *key); gcry_sexp_t gkr_pk_pubkey_get_key (GkrPkPubkey *key); int gkr_pk_pubkey_get_algorithm (GkrPkPubkey *key); +/* TODO: This really should go somewhere else */ +CK_RV gkr_pk_pubkey_allowed_mechanisms (int algorithm, + CK_ATTRIBUTE_PTR attr); + G_END_DECLS #endif /* __GKR_PK_PUBKEY_H__ */ diff --git a/daemon/pk/gkr-pk-util.c b/daemon/pk/gkr-pk-util.c index 356f1c7f..b552a47a 100644 --- a/daemon/pk/gkr-pk-util.c +++ b/daemon/pk/gkr-pk-util.c @@ -251,7 +251,7 @@ gkr_pk_attribute_set_string (CK_ATTRIBUTE_PTR attr, const gchar *str) g_assert (attr); g_assert (str); - gkr_pk_attribute_set_data (attr, str, strlen (str) + 1); + gkr_pk_attribute_set_data (attr, str, strlen (str)); } void diff --git a/daemon/pkcs11/gkr-pkcs11-daemon-session.c b/daemon/pkcs11/gkr-pkcs11-daemon-session.c index df15b5a3..c889b7b7 100644 --- a/daemon/pkcs11/gkr-pkcs11-daemon-session.c +++ b/daemon/pkcs11/gkr-pkcs11-daemon-session.c @@ -324,6 +324,7 @@ session_C_GetSessionInfo (SessionInfo *sinfo, GkrPkcs11Message *req, flags = 0; if (!sinfo->readonly) flags |= CKF_RW_SESSION; + write_session_info (resp, 0, state, flags, sinfo->deverror); return CKR_OK; @@ -377,14 +378,17 @@ session_C_Login (SessionInfo *sinfo, GkrPkcs11Message *req, if (!read_byte_array (req, &pin, &pin_len)) return PROTOCOL_ERROR; - if (user_type != CKU_USER) { + if (user_type == CKU_SO) { /* Readonly session, SO can't log in */ if (sinfo->readonly) return CKR_SESSION_READ_ONLY_EXISTS; /* Actually SO can't log in at all ... */ - /* PKCS#11 QUESTION: What should we really be returning here? */ + return CKR_USER_TYPE_INVALID; + + } else { + return CKR_USER_TYPE_INVALID; } @@ -1449,7 +1453,7 @@ session_process (SessionInfo *sinfo, GkrPkcs11Message *req, * When there's an error any operation automatically done. * We make an exception for functions which we don't implement. */ - if (ret != CKR_FUNCTION_NOT_SUPPORTED) + if (ret != CKR_FUNCTION_NOT_SUPPORTED && ret != CKR_OPERATION_ACTIVE) finish_operation (sinfo); gkr_pkcs11_message_prep (resp, PKCS11_CALL_ERROR, GKR_PKCS11_RESPONSE); diff --git a/daemon/pkix/gkr-pkix-asn1.c b/daemon/pkix/gkr-pkix-asn1.c index 3a839df4..e5874bc2 100644 --- a/daemon/pkix/gkr-pkix-asn1.c +++ b/daemon/pkix/gkr-pkix-asn1.c @@ -462,7 +462,7 @@ two_to_four_digit_year (int year) struct tm tm; int century, current; - g_return_val_if_fail (year > 0 && year <= 99, -1); + g_return_val_if_fail (year >= 0 && year <= 99, -1); /* Get the current year */ now = time (NULL); |