diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-03-03 08:31:57 -0800 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-03-03 21:22:10 -0800 |
commit | 11496cac99601f41aa35aa86f8b2cb30ff073b45 (patch) | |
tree | 6f7ae59c683288ef7d833e6729cf7e6adc29f558 | |
parent | 3f5c3c61b5bc638a75791e8017a5845319e19850 (diff) | |
download | openssl-pkcs11-export-11496cac99601f41aa35aa86f8b2cb30ff073b45.tar.gz |
pkcs11.c: abstract key type encoding
At the moment we use a single bit to identify public/private key, so
move this to accessors instead of open coding it in preparation for
adding certificate types as well.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | pkcs11.c | 66 |
1 files changed, 57 insertions, 9 deletions
@@ -20,6 +20,50 @@ static CK_FUNCTION_LIST module_functions; +/* key type (public or private) is encoded in the lowest bit + * of the object. The upper bits are the shifted section number */ +enum obj_type { + KEY_PUBLIC = 0, + KEY_PRIVATE = 1 +}; + +static inline int obj_to_section(int obj) +{ + return obj >> 1; +} + +static inline int section_to_obj(int sec) +{ + return sec << 1; +} + +static inline enum obj_type obj_type(int obj) +{ + return obj & 1; +} + +static inline int obj_to_attr(int obj) +{ + switch (obj_type(obj)) { + case KEY_PUBLIC: + return BOOL_FOR_PUBLIC; + case KEY_PRIVATE: + return BOOL_FOR_PRIVATE; + } + return 0; /* notreached; gcc error */ +} + +static inline CK_OBJECT_CLASS obj_to_class(int obj) +{ + switch (obj_type(obj)) { + case KEY_PUBLIC: + return CKO_PUBLIC_KEY; + case KEY_PRIVATE: + return CKO_PRIVATE_KEY; + } + return 0; /* notreached; gcc error */ +} + CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR list) { @@ -271,13 +315,16 @@ static void attr_from_cache(int sec, CK_ATTRIBUTE_PTR attr, const char *key, static void getattribute(unsigned long obj, CK_ATTRIBUTE_PTR attr) { - int sec = obj >> 1; - int key_type = (obj & 1) ? BOOL_FOR_PRIVATE : BOOL_FOR_PUBLIC; + int sec = obj_to_section(obj); + int key_type = obj_to_attr(obj); switch (attr->type) { case CKA_CLASS: + attr_from_cache(sec, attr, "CKA_CLASS", key_type); + if (attr->ulValueLen != 0) + break; if (attr->pValue) - *((CK_OBJECT_CLASS *)attr->pValue) = (obj & 1) ? CKO_PRIVATE_KEY : CKO_PUBLIC_KEY; + *((CK_OBJECT_CLASS *)attr->pValue) = obj_to_class(obj); attr->ulValueLen = sizeof(CK_OBJECT_CLASS); break; case CKA_ID: @@ -310,6 +357,7 @@ getattribute(unsigned long obj, CK_ATTRIBUTE_PTR attr) Xa(CKA_PUBLIC_EXPONENT); Xa(CKA_EC_POINT); Xa(CKA_EC_PARAMS); + Xa(CKA_VALUE); Xl(CKA_MODULUS_BITS); Xl(CKA_KEY_TYPE); Xb(CKA_TOKEN); @@ -358,7 +406,7 @@ C_FindObjectsInit(CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template, int i; CK_ATTRIBUTE attr; char *buf[1024]; - const int obj = handle<<1; /* only look up public attributes */ + const int obj = section_to_obj(handle); /* only look up public attributes */ int cur_find = -1; CK_OBJECT_CLASS find_restriction = 0; @@ -400,8 +448,8 @@ CK_RV C_FindObjects(CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE_PTR objs, CK_ULONG max, CK_ULONG_PTR count) { - const int pub_obj = handle << 1; - const int priv_obj = pub_obj | 1; + const int pub_obj = section_to_obj(handle) | KEY_PUBLIC; + const int priv_obj = section_to_obj(handle) | KEY_PRIVATE; int cur_find; CK_OBJECT_CLASS find_restriction; @@ -443,7 +491,7 @@ C_GetAttributeValue(CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE obj, { int i; - if (obj >> 1 != handle && handle >= cache_get_sections()) + if (obj_to_section(obj) != handle && handle >= cache_get_sections()) return CKR_ARGUMENTS_BAD; for (i = 0; i < count; i++) { @@ -516,7 +564,7 @@ CK_RV C_SignInit(CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE key) { - if ((key & 1) != 1 || key >> 1 != handle) + if (obj_type(key) != KEY_PRIVATE || obj_to_section(key) != handle) return CKR_ARGUMENTS_BAD; opstate = crypto_sign_init(handle, mech); if (opstate) @@ -537,7 +585,7 @@ CK_RV C_DecryptInit(CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE key) { - if ((key & 1) != 1 || key >> 1 != handle) + if (obj_type(key) != KEY_PRIVATE || obj_to_section(key) != handle) return CKR_ARGUMENTS_BAD; opstate = crypto_decrypt_init(handle, mech); if (opstate) |