Hi,
Below are a few more minor patches:
1. x_slot_no_duplicate_enum.diff
- avoid re-examine of session object everytime a match is found
2. x_slot_mech.diff
- I think mechanism info shall include only flags that supported by
the token. In particular, the CKF_WRAP flag caused some previous
versions of Mozilla Suite failed on keygen as Mozilla try to
use the token to do a key wrapping that is unsupported.
3. x_session_free.diff
- simplified the code a bit.
4. x_object_write_key_attrib.diff
- token may interest in some properties introduced by the caller
of the pkcs11 module. The additional code gives chance to the token
to examine the key template attributes.
5. x_object_more_logAttr.diff
- added lookup of a few attributes used by Mozilla
6. crypt_datalen.diff
- I think error should be raised if datalen > keysize
Rgds.
Martin
--- cvs\muscleapps\PKCS11\src\p11_crypt.c 2005-01-23 00:11:35.000000000
+0800
+++ muscleapps\PKCS11\src\p11_crypt.c 2005-07-21 15:35:22.296875000 +0800
@@ -160,17 +160,17 @@
/* else if (INVALID_SESSION)
rv = CKR_SESSION_HANDLE_INVALID;
*/
else if (!key)
rv = CKR_OPERATION_NOT_INITIALIZED;
else if (!USER_MODE)
rv = CKR_USER_NOT_LOGGED_IN;
- else if ((CK_ULONG)(key->msc_key->keySize / 8) > ulDataLen)
+ else if ((CK_ULONG)(key->msc_key->keySize / 8) < ulDataLen)
rv = CKR_ENCRYPTED_DATA_LEN_RANGE;
else if (CKR_ERROR(rv = slot_BeginTransaction(session->session.slotID)))
/* Intentionally blank */;
else if (session->sign_mech.mechanism == CKM_RSA_PKCS)
{
/* Fixme: this is not fully implemented since it doesn't look at the
mechanism parameter */
cryptInit.keyNum = key->msc_key->keyNum;
--- cvs\muscleapps\PKCS11\src\p11x_object.c 2005-05-24 15:13:21.000000000
+0800
+++ muscleapps\PKCS11\src\p11x_object.c 2005-07-20 17:03:30.453125000 +0800
@@ -1052,16 +1083,28 @@
log_Log(LOG_LOW, "CKA_NEVER_EXTRACTABLE:%s", buf);
break;
case CKA_ALWAYS_SENSITIVE:
log_Log(LOG_LOW, "CKA_CKA_ALWAYS_SENSITIVE:%s", buf);
break;
case CKA_SENSITIVE:
log_Log(LOG_LOW, "CKA_SENSITIVE:%s", buf);
break;
+ case CKA_ENCRYPT:
+ log_Log(LOG_LOW, "CKA_ENCRYPT:%s", buf);
+ break;
+ case CKA_WRAP:
+ log_Log(LOG_LOW, "CKA_WRAP:%s", buf);
+ break;
+ case CKA_VERIFY:
+ log_Log(LOG_LOW, "CKA_VERIFY:%s", buf);
+ break;
+ case CKA_MODULUS_BITS:
+ log_Log(LOG_LOW, "CKA_MODULUS_BITS:%s", buf);
+ break;
default:
log_Log(LOG_LOW, "CKA_UNKNOWN (0x%lX):%s", attrib->type, buf);
break;
}
}
free(buf);
}
--- cvs\muscleapps\PKCS11\src\p11x_object.c 2005-05-24 15:13:21.000000000
+0800
+++ muscleapps\PKCS11\src\p11x_object.c 2005-07-20 16:57:14.406250000 +0800
@@ -881,16 +885,43 @@
(void)CKR_ERROR(object_GetAttrib(CKA_MODULUS, objectPub, &p11_attrib));
(void)CKR_ERROR(object_AddAttribute(objectPrv,
p11_attrib->attrib.type,
TRUE, /* Fixme: Always a token
attribute? */
(CK_BYTE
*)p11_attrib->attrib.pValue,
p11_attrib->attrib.ulValueLen, 0));
+ /* add all attributes in templates to the key objects */
+ for (i=0; i < ulPrivateKeyAttributeCount; i++)
+ {
+ if (pPrivateKeyTemplate->type != CKA_DECRYPT &&
pPrivateKeyTemplate->type != CKA_SIGN)
+ (void)CKR_ERROR(object_AddAttribute(objectPrv,
+
pPrivateKeyTemplate->type,
+
TRUE,
+
pPrivateKeyTemplate->pValue,
+
pPrivateKeyTemplate->ulValueLen,0));
+ pPrivateKeyTemplate++;
+ }
+
+ for (i=0; i < ulPublicKeyAttributeCount; i++)
+ {
+ (void)CKR_ERROR(object_AddAttribute(objectPub,
+
pPublicKeyTemplate->type,
+
TRUE,
+
pPublicKeyTemplate->pValue,
+
pPublicKeyTemplate->ulValueLen,0));
+ pPublicKeyTemplate++;
+ }
+
+ /* write to token */
+ rv = object_WriteAttributes(hSession, objectPrv);
+ if (rv == CKR_OK)
+ rv = object_WriteAttributes(hSession, objectPub);
+
}
return rv;
}
/******************************************************************************
** Function: object_LogObjects
**
--- cvs\muscleapps\PKCS11\src\p11x_session.c 2003-10-04 16:30:18.000000000
+0800
+++ muscleapps\PKCS11\src\p11x_session.c 2005-07-21 09:58:26.203125000
+0800
@@ -138,37 +138,26 @@
}
prev->hnext = prev->hnext->hnext;
}
/*
* Take the session out of the session list
*/
- if (session->prev) /* Fixme: check for head of list? st.sessions */
- {
+ if (session->prev) /* not head, may be tail */
session->prev->next = session->next;
- if (session == st.sessions) /* Fixme: Is this needed? */
- st.sessions = session->prev;
- }
+ else /* head */
+ st.sessions = session->next;
- if (session->next)
- {
+ if (session->next) /* not tail */
session->next->prev = session->prev;
- if (session == st.sessions)
- st.sessions = session->next;
- }
-
- if (!session->prev && !session->next)
- st.sessions = 0x00;
-
if (session->search_attrib)
free(session->search_attrib);
-
/* Clear memory, just to be safe */
memset(session, 0x00, sizeof(P11_Session));
free(session);
return rv;
}
--- cvs\muscleapps\PKCS11\src\p11x_slot.c 2005-01-23 00:05:39.000000000
+0800
+++ muscleapps\PKCS11\src\p11x_slot.c 2005-07-21 15:00:16.625000000 +0800
@@ -417,26 +417,26 @@
if (crypto_alg & MSC_SUPPORT_RSA)
{
log_Log(LOG_LOW, "Card supports RSA");
slot_AddMechanism(slot, CKM_SHA1_RSA_PKCS, &mech);
mech->info.ulMinKeySize = slot_MinRSAKeySize(temp_cap);
mech->info.ulMaxKeySize = slot_MaxRSAKeySize(temp_cap);
/* Fixme: these flags may be wrong */
- mech->info.flags = CKF_ENCRYPT |
- CKF_DECRYPT |
- CKF_SIGN |
- CKF_SIGN_RECOVER |
- CKF_VERIFY |
- CKF_VERIFY_RECOVER |
- CKF_GENERATE |
- CKF_GENERATE_KEY_PAIR |
- CKF_WRAP |
- CKF_UNWRAP;
+ mech->info.flags = //CKF_ENCRYPT |
+ //CKF_DECRYPT |
+ CKF_SIGN;
+ // CKF_SIGN_RECOVER |
+ // CKF_VERIFY |
+ // CKF_VERIFY_RECOVER |
+ // CKF_GENERATE |
+ //CKF_GENERATE_KEY_PAIR |
+ // CKF_WRAP |
+ //CKF_UNWRAP;
if (!MSC_ERROR(msc_GetCapabilities(&slot->conn,
MSC_TAG_CAPABLE_RSA,
(MSCUChar8 *)&temp_cap, &len)))
{
if (temp_cap & MSC_CAPABLE_RSA_KEYGEN)
{
log_Log(LOG_LOW, "Card supports RSA key gen");
slot_AddMechanism(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &mech);
@@ -458,23 +458,24 @@
slot_AddMechanism(slot, CKM_RSA_PKCS, &mech);
mech->info.ulMinKeySize = slot_MinRSAKeySize(temp_cap);
mech->info.ulMaxKeySize = slot_MaxRSAKeySize(temp_cap);
/* Fixme: these flags may be wrong */
mech->info.flags = CKF_ENCRYPT |
CKF_DECRYPT |
- CKF_SIGN |
- CKF_SIGN_RECOVER |
- CKF_VERIFY |
- CKF_VERIFY_RECOVER;
+ CKF_SIGN;
+ //CKF_SIGN_RECOVER |
+ //CKF_VERIFY |
+ //CKF_VERIFY_RECOVER;
if (temp_cap & MSC_CAPABLE_RSA_NOPAD)
- mech->info.flags = CKF_WRAP |
CKF_UNWRAP;
+ mech->info.flags = //CKF_WRAP |
+
CKF_UNWRAP;
}
}
}
if (crypto_alg & MSC_SUPPORT_DSA)
{
log_Log(LOG_LOW, "Card supports DSA");
slot_AddMechanism(slot, CKM_DSA, &mech);
--- cvs\muscleapps\PKCS11\src\p11x_slot.c 2005-01-23 00:05:39.000000000
+0800
+++ muscleapps\PKCS11\src\p11x_slot.c 2005-07-21 15:22:59.078125000 +0800
@@ -864,35 +865,32 @@
**
** Returns:
** CKR_SLOT_ID_INVALID if slotID is invalid
** CKR_OK
*******************************************************************************/
CK_RV slot_DisconnectSlot(CK_ULONG slotID, CK_ULONG action)
{
CK_RV rv = CKR_OK;
- P11_Session *session_l;
+ P11_Session *session_l, *session_tmp;
P11_Slot *slot;
if (INVALID_SLOT)
rv = CKR_SLOT_ID_INVALID;
else
{
slot = &st.slots[slotID - 1];
session_l = st.sessions;
while (session_l)
{
- if (session_l->session.slotID == slotID)
- {
- session_FreeSession(session_l);
- session_l = st.sessions;
- }
- else
- session_l = session_l->next;
+ session_tmp = session_l;
+ session_l = session_l->next;
+ if (session_tmp->session.slotID == slotID)
+ session_FreeSession(session_tmp);
}
object_FreeAllObjects(slotID, st.slots[slotID - 1].objects);
slot_FreeAllMechanisms(slot->mechanisms);
slot->mechanisms = 0;
memset(slot->pins, 0x00, sizeof(slot->pins));
slot->pin_state = 0;
slot_BlankTokenInfo(&slot->token_info);
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
