pkcs11.c: abstract key type encoding

At the moment we use a single bit to identify public/private key, so
move this to accessors instead of open coding it in preparation for
adding certificate types as well.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

1 files changed, 57 insertions, 9 deletions

diff --git a/pkcs11.c b/pkcs11.c
index a749402..8c56019 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -20,6 +20,50 @@
 
 static CK_FUNCTION_LIST module_functions;
 
+/* key type (public or private) is encoded in the lowest bit
+ * of the object.  The upper bits are the shifted section number */
+enum obj_type {
+	KEY_PUBLIC = 0,
+	KEY_PRIVATE = 1
+};
+
+static inline int obj_to_section(int obj)
+{
+	return obj >> 1;
+}
+
+static inline int section_to_obj(int sec)
+{
+	return sec << 1;
+}
+
+static inline enum obj_type obj_type(int obj)
+{
+	return obj & 1;
+}
+
+static inline int obj_to_attr(int obj)
+{
+	switch (obj_type(obj)) {
+	case KEY_PUBLIC:
+		return BOOL_FOR_PUBLIC;
+	case KEY_PRIVATE:
+		return BOOL_FOR_PRIVATE;
+	}
+	return 0;		/* notreached; gcc error */
+}
+
+static inline CK_OBJECT_CLASS obj_to_class(int obj)
+{
+	switch (obj_type(obj)) {
+	case KEY_PUBLIC:
+		return CKO_PUBLIC_KEY;
+	case KEY_PRIVATE:
+		return CKO_PRIVATE_KEY;
+	}
+	return 0;		/* notreached; gcc error */
+}
+
 CK_RV
 C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR list)
 {
@@ -271,13 +315,16 @@ static void attr_from_cache(int sec, CK_ATTRIBUTE_PTR attr, const char *key,
 static void
 getattribute(unsigned long obj, CK_ATTRIBUTE_PTR attr)
 {
-	int sec = obj >> 1;
-	int key_type = (obj & 1) ? BOOL_FOR_PRIVATE : BOOL_FOR_PUBLIC;
+	int sec = obj_to_section(obj);
+	int key_type = obj_to_attr(obj);
 
 	switch (attr->type) {
 	case CKA_CLASS:
+		attr_from_cache(sec, attr, "CKA_CLASS", key_type);
+		if (attr->ulValueLen != 0)
+			break;
 		if (attr->pValue)
-			*((CK_OBJECT_CLASS *)attr->pValue) = (obj & 1) ? CKO_PRIVATE_KEY : CKO_PUBLIC_KEY;
+			*((CK_OBJECT_CLASS *)attr->pValue) = obj_to_class(obj);
 		attr->ulValueLen = sizeof(CK_OBJECT_CLASS);
 		break;
 	case CKA_ID:
@@ -310,6 +357,7 @@ getattribute(unsigned long obj, CK_ATTRIBUTE_PTR attr)
 		Xa(CKA_PUBLIC_EXPONENT);
 		Xa(CKA_EC_POINT);
 		Xa(CKA_EC_PARAMS);
+		Xa(CKA_VALUE);
 		Xl(CKA_MODULUS_BITS);
 		Xl(CKA_KEY_TYPE);
 		Xb(CKA_TOKEN);
@@ -358,7 +406,7 @@ C_FindObjectsInit(CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template,
 	int i;
 	CK_ATTRIBUTE attr;
 	char *buf[1024];
-	const int obj = handle<<1; /* only look up public attributes */
+	const int obj = section_to_obj(handle); /* only look up public attributes */
 	int cur_find = -1;
 	CK_OBJECT_CLASS find_restriction = 0;
 
@@ -400,8 +448,8 @@ CK_RV
 C_FindObjects(CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE_PTR objs,
 	      CK_ULONG max, CK_ULONG_PTR count)
 {
-	const int pub_obj = handle << 1;
-	const int priv_obj = pub_obj | 1;
+	const int pub_obj = section_to_obj(handle) | KEY_PUBLIC;
+	const int priv_obj = section_to_obj(handle) | KEY_PRIVATE;
 	int cur_find;
 	CK_OBJECT_CLASS find_restriction;
 
@@ -443,7 +491,7 @@ C_GetAttributeValue(CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE obj,
 {
 	int i;
 
-	if (obj >> 1 != handle && handle >= cache_get_sections())
+	if (obj_to_section(obj) != handle && handle >= cache_get_sections())
 		return CKR_ARGUMENTS_BAD;
 
 	for (i = 0; i < count; i++) {
@@ -516,7 +564,7 @@ CK_RV
 C_SignInit(CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mech,
 	   CK_OBJECT_HANDLE key)
 {
-	if ((key & 1) != 1 || key >> 1 != handle)
+	if (obj_type(key) != KEY_PRIVATE || obj_to_section(key) != handle)
 		return CKR_ARGUMENTS_BAD;
 	opstate = crypto_sign_init(handle, mech);
 	if (opstate)
@@ -537,7 +585,7 @@ CK_RV
 C_DecryptInit(CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mech,
 	      CK_OBJECT_HANDLE key)
 {
-	if ((key & 1) != 1 || key >> 1 != handle)
+	if (obj_type(key) != KEY_PRIVATE || obj_to_section(key) != handle)
 		return CKR_ARGUMENTS_BAD;
 	opstate = crypto_decrypt_init(handle, mech);
 	if (opstate)