object.c

IBM的Linux上的PKCS#11实现

}


// object_is_public()
//
CK_BBOOL
object_is_public( OBJECT *obj )
{
   CK_BBOOL rc;

   rc = object_is_private( obj );

   if (rc)
      return FALSE;

   return TRUE;
}


// object_is_token_object()
//
CK_BBOOL
object_is_token_object( OBJECT *obj )
{
   CK_ATTRIBUTE  * attr = NULL;
   CK_BBOOL        is_token;
   CK_BBOOL        found;

   found = template_attribute_find( obj->template, CKA_TOKEN, &attr );
   if (found == FALSE)
      return FALSE;

   is_token = *(CK_BBOOL *)attr->pValue;
   return is_token;
}


// object_is_session_object()
//
CK_BBOOL
object_is_session_object( OBJECT *obj )
{
   CK_BBOOL rc;

   rc = object_is_token_object( obj );

   if (rc)
      return FALSE;
   else
      return TRUE;
}


// object_get_size()
//
CK_ULONG
object_get_size( OBJECT *obj )
{
   CK_ULONG  size;

   size = sizeof(OBJECT) + template_get_size(obj->template);

   return size;
}


//
//
CK_RV
object_get_attribute_values( OBJECT        * obj,
                             CK_ATTRIBUTE  * pTemplate,
                             CK_ULONG        ulCount )
{
   TEMPLATE          *obj_tmpl = NULL;
   CK_ATTRIBUTE      *attr     = NULL;
   CK_ULONG           i;
   CK_BBOOL           flag;
   CK_RV              rc;

   rc = CKR_OK;

   obj_tmpl = obj->template;

   for (i=0; i < ulCount; i++) {
      flag = template_check_exportability( obj_tmpl, pTemplate[i].type);
      if (flag == FALSE) {
         st_err_log(70, __FILE__, __LINE__); 
         rc = CKR_ATTRIBUTE_SENSITIVE;
         pTemplate[i].ulValueLen = (CK_ULONG)-1;
         continue;
      }

      flag = template_attribute_find( obj_tmpl, pTemplate[i].type, &attr );
      if (flag == FALSE) {
         st_err_log(8, __FILE__, __LINE__); 
         rc = CKR_ATTRIBUTE_TYPE_INVALID;
         pTemplate[i].ulValueLen = (CK_ULONG)-1;
         continue;
      }

      if (pTemplate[i].pValue == NULL) {
         pTemplate[i].ulValueLen = attr->ulValueLen;
      }
      else if (pTemplate[i].ulValueLen >= attr->ulValueLen) {
         memcpy( pTemplate[i].pValue, attr->pValue, attr->ulValueLen );
         pTemplate[i].ulValueLen = attr->ulValueLen;
      }
      else {
         st_err_log(111, __FILE__, __LINE__); 
         rc = CKR_BUFFER_TOO_SMALL;
         pTemplate[i].ulValueLen = (CK_ULONG)-1;
      }
   }

   return rc;
}


// object_set_attribute_values()
//
CK_RV
object_set_attribute_values( OBJECT        * obj,
                             CK_ATTRIBUTE  * pTemplate,
                             CK_ULONG        ulCount )
{
   TEMPLATE * new_tmpl;
   CK_BBOOL   found;
   CK_ULONG   class, subclass;
   CK_RV      rc;


   if (!obj || !pTemplate){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }

   found = template_get_class( obj->template, &class, &subclass );
   if (found == FALSE) {
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      rc = CKR_FUNCTION_FAILED;
      goto error;
   }

   new_tmpl = (TEMPLATE *)malloc(sizeof(TEMPLATE));
   if (!new_tmpl){
      st_err_log(0, __FILE__, __LINE__);
      return CKR_HOST_MEMORY;
   }
   memset( new_tmpl, 0x0, sizeof(TEMPLATE) );

   rc = template_add_attributes( new_tmpl, pTemplate, ulCount );
   if (rc != CKR_OK){
      st_err_log(164, __FILE__, __LINE__); 
      goto error;
   }

   // the user cannot change object classes so we assume the existing
   // object attributes are valid.  we still need to check the new attributes.
   // we cannot merge the new attributes in with the old ones and then check
   // for validity because some attributes are added internally and are not
   // allowed to be specified by the user (ie. CKA_LOCAL for key types) but
   // may still be part of the old template.
   //
   rc = template_validate_attributes( new_tmpl, class, subclass, MODE_MODIFY );
   if (rc != CKR_OK){
      st_err_log(165, __FILE__, __LINE__); 
      goto error;
   }

   // merge in the new attributes
   //
   rc = template_merge( obj->template, &new_tmpl );
   if (rc != CKR_OK){
      st_err_log(165, __FILE__, __LINE__); 
      return rc;
   }
   return CKR_OK;

error:
   // we only free the template if there was an error...otherwise the
   // object "owns" the template
   //
   if (new_tmpl)  template_free( new_tmpl );
   return rc;
}



//
//
CK_RV
object_restore( CK_BYTE *data, OBJECT **new_obj, CK_BBOOL replace )
{
   TEMPLATE  * tmpl = NULL;
   OBJECT    * obj  = NULL;
   CK_ULONG    offset = 0;
   CK_ULONG_32    count = 0;
   CK_RV       rc;

   if (!data || !new_obj){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   obj = (OBJECT *)malloc(sizeof(OBJECT));
   if (!obj) {
      st_err_log(0, __FILE__, __LINE__);
      rc = CKR_HOST_MEMORY;
      goto error;
   }

  
   memset( obj, 0x0, sizeof(OBJECT) );

   memcpy( &obj->class, data + offset, sizeof(CK_OBJECT_CLASS_32) );
   offset += sizeof(CK_OBJECT_CLASS_32);

   memcpy( &count, data + offset, sizeof(CK_ULONG_32) );
   offset += sizeof(CK_ULONG_32);


   memcpy( &obj->name, data + offset, 8 );
   offset += 8;

   rc = template_unflatten( &tmpl, data + offset, count );
   if (rc != CKR_OK){
      st_err_log(166, __FILE__, __LINE__);
      goto error;
   }
   obj->template = tmpl;

   if (replace == FALSE) {
      *new_obj = obj;
   }
   else {
      template_free( (*new_obj)->template );
      memcpy( *new_obj, obj, sizeof(OBJECT) );

      free( obj );  // don't want to do object_free() here!
   }

   return CKR_OK;

error:
   if (obj)  object_free( obj );
   if (tmpl) template_free( tmpl );

   return rc;
}


//
//
CK_RV
object_create_skel( CK_ATTRIBUTE  * pTemplate,
                    CK_ULONG        ulCount,
                    CK_ULONG        mode,
                    CK_ULONG        class,
                    CK_ULONG        subclass,
                    OBJECT       ** obj )
{
   TEMPLATE  * tmpl  = NULL;
   TEMPLATE  * tmpl2 = NULL;
   OBJECT   * o     = NULL;
   CK_RV      rc;


   if (!obj){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (!pTemplate && (ulCount != 0)){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   o     = (OBJECT *)malloc(sizeof(OBJECT));
   tmpl  = (TEMPLATE *)malloc(sizeof(TEMPLATE));
   tmpl2 = (TEMPLATE *)malloc(sizeof(TEMPLATE));

   if (!o || !tmpl || !tmpl2) {
      st_err_log(0, __FILE__, __LINE__);
      rc = CKR_HOST_MEMORY;
      goto done;
   }
   memset( o,     0x0, sizeof(OBJECT)   );
   memset( tmpl,  0x0, sizeof(TEMPLATE) );
   memset( tmpl2, 0x0, sizeof(TEMPLATE) );


   rc = template_add_default_attributes( tmpl, class, subclass, mode );
   if (rc != CKR_OK)
      goto done;

   rc = template_add_attributes( tmpl2, pTemplate, ulCount );
   if (rc != CKR_OK)
      goto done;


   // at this point, the new template has the list of attributes.  we need
   // to do some more checking now:
   //    1) invalid attribute values
   //    2) missing required attributes
   //    3) attributes inappropriate for the object class
   //    4) conflicting attributes/values
   //

   rc = template_validate_attributes( tmpl2, class, subclass, mode );
   if (rc != CKR_OK){
      st_err_log(165, __FILE__, __LINE__); 
      goto done;
   }

   rc = template_check_required_attributes( tmpl2, class, subclass, mode );
   if (rc != CKR_OK){
      st_err_log(166, __FILE__, __LINE__); 
      goto done;
   }

   rc = template_merge( tmpl, &tmpl2 );
   if (rc != CKR_OK){
      st_err_log(165, __FILE__, __LINE__); 
      goto done;
   }
   // at this point, we should have a valid object with correct attributes
   //
   o->template = tmpl;
   *obj = o;

   return CKR_OK;

done:
   if (o)      free( o );
   if (tmpl)   template_free( tmpl );
   if (tmpl2)  template_free( tmpl2 );

   return rc;
}