I have ported a few methods over to the Module object as C_* functions. @Vincent, Can you have a look and let me know your opinion before I do the rest in the same way.
*Guillaume Amringerhttps://keybase.io/gamr <https://keybase.io/gamr>https://www.linkedin.com/in/guillaumeamringer <https://www.linkedin.com/in/guillaumeamringer>https://github.com/gamringer <https://github.com/gamringer>* On Sun, Aug 16, 2020 at 2:42 PM Vincent Jardin <vjar...@free.fr> wrote: > +1 yes of course then it is a very good solution: > - it provides the legacy OASIS definitions with all the C_* > - anyone that is fine with your shortcut can leverage them. > > I am ready for a code review of your C_* as soon as you'll get them. > > Best regards, > Vincent > > Le 16 août 2020 18:42:04 Guillaume Amringer <g.amrin...@gmail.com> a > écrit : > >> So what do you think of this suggestion: >> >> I keep the OO API as-is, but I add the C_* functions as methods of the >> Pkcs11\Module object. >> >> Example 1: >> $module->C_GetSlotList() would be an alias of $module->getSlotList() >> >> Example 2: >> $session = $module->C_OpenSession($slotList[0], Pkcs11\CKF_RW_SESSION); >> $module->C_Login($session, Pkcs11\CKU_USER, '123456' ); >> would be the same as >> $session = $module->openSession($slotList[0], Pkcs11\CKF_RW_SESSION); >> $session->login(Pkcs11\CKU_USER,'123456'); >> >> >> >> >> >> >> *Guillaume Amringerhttps://keybase.io/gamr >> <https://keybase.io/gamr>https://www.linkedin.com/in/guillaumeamringer >> <https://www.linkedin.com/in/guillaumeamringer>https://github.com/gamringer >> <https://github.com/gamringer>* >> >> >> On Sun, Aug 16, 2020 at 3:27 AM Vincent Jardin <vjar...@free.fr> wrote: >> >>> Hi Guillaume, >>> >>> I agree with you that PECL is the best way to move forward. Nevertheless >>> looking at the API I get more and more concern about the differences with >>> the functional OASIS/pkcs11 definitions that is a standard for years and >>> yours knowing it shall become a PECL and mainstream reference. >>> >>> Having an object oriented model is a good idea, but you should highlight >>> that it is not the standard pkcs11 API that we can refer to when one needs >>> to understand the behaviors: more comments about your visions as part of >>> the README would help. >>> >>> That's why for a PECL project I would like your PHP extension to be >>> named with a prefix or suffix that reminds that it is not the legacy pkcs11 >>> mapped to PHP. For instance the names could be: >>> php-op11 (o = object), >>> php-cp11 (c = class), >>> etc./TBD >>> >>> Best regards, >>> Vincent >>> >>> Le 16 août 2020 05:32:45 Guillaume Amringer <g.amrin...@gmail.com> a >>> écrit : >>> >>>> Hi, >>>> >>>> I worked on my pkcs11 extension some more, and I believe it is ready >>>> for at least a 0.1 release. I have addressed the memory management issues >>>> and implemented the remaining important features. >>>> >>>> According to the PECL registration form, I need to obtain determination >>>> that "it's time for me to have a PECL account". >>>> >>>> Does that sound like the next step ? Also, feel free to provide more >>>> commentary on my work if you think it is pertinent. >>>> >>>> >>>> >>>> >>>> >>>> *Guillaume Amringerhttps://keybase.io/gamr >>>> <https://keybase.io/gamr>https://www.linkedin.com/in/guillaumeamringer >>>> <https://www.linkedin.com/in/guillaumeamringer>https://github.com/gamringer >>>> <https://github.com/gamringer>* >>>> >>>> >>>> On Tue, Jul 21, 2020 at 10:38 PM Guillaume Amringer < >>>> g.amrin...@gmail.com> wrote: >>>> >>>>> Hi all, >>>>> >>>>> Thanks for the feedback. I was mostly concerned with the happy path at >>>>> first, fixing memory management was on my list, but given it's the >>>>> recurring comment, I am starting on that now. This is my first real C >>>>> project, so your criticism is welcome. >>>>> >>>>> Regarding the API, I can't simply expose the same API as the >>>>> definition, since at least, there won't be the need to pass the various >>>>> argument lengths in PHP land. Since I was going to change the API anyway, >>>>> I >>>>> thought it best to use the recommended code convention for class and >>>>> method >>>>> names. It is also in line with other languages PKCS11 implementations. One >>>>> compromise I think is appropriate would be to provide the vanilla API as >>>>> functions (as they are) taking a Pkcs11\Session object as the session >>>>> handler. and leave it up to the user to choose how to use it. @vjardin, >>>>> what do you think ? >>>>> >>>>> Regarding C_GetAttributeValue() return code, this is more of a design >>>>> choice, since I absolutely despise passing a variable reference to be >>>>> filled by the method, returning a partial result, along with an >>>>> explanation >>>>> would require some hoop jumping. Not impossible, but worth thinking it >>>>> over. What I see is returning a new AttributeSet object, with >>>>> isComplete(): >>>>> bool (true if CKR_OK, false otherwise), and getError() returning the code. >>>>> Not married to it though, I am open to suggestions. >>>>> >>>>> https://python-pkcs11.readthedocs.io/en/latest/applied.html >>>>> https://godoc.org/github.com/miekg/pkcs11 >>>>> >>>>> Thank you for taking the time to comment. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *Guillaume Amringerhttps://keybase.io/gamr >>>>> <https://keybase.io/gamr>https://www.linkedin.com/in/guillaumeamringer >>>>> <https://www.linkedin.com/in/guillaumeamringer>https://github.com/gamringer >>>>> <https://github.com/gamringer>* >>>>> >>>>> >>>>> On Mon, Jul 20, 2020 at 3:46 PM <vjar...@free.fr> wrote: >>>>> >>>>>> Hi Guillaume, >>>>>> >>>>>> same comments than Johannes, ecalloc()/efree()/emalloc() should be >>>>>> used. Since they are many crypto sensitive contents, only ecalloc() >>>>>> should >>>>>> be used (no emalloc()). >>>>>> >>>>>> Regarding the Oasis' semantic, I feel that it is important to keep it >>>>>> "as is" so the vanilla documentation would be the upstream Oasis PKCS11 >>>>>> standard. >>>>>> It means, for instance: >>>>>> getInfo() -> C_GetInfo() >>>>>> >>>>>> It is nice to have some sign() methods in order to avoid combining >>>>>> C_SignInit() + C_Sign(), but they are some cases when we need to stick >>>>>> with >>>>>> the Oasis' specifications, so I believe that >>>>>> C_SignInit() >>>>>> C_VerifyInit() >>>>>> C_FindObjectsInit() >>>>>> C_FindObjectsFinal() >>>>>> etc. >>>>>> should still be exposed per the Oasis' specification, along having >>>>>> some nice sign(), verify(), etc. methods too. >>>>>> >>>>>> Regarding: >>>>>> C_GetAttributeValue() >>>>>> it has many "OK" cases: >>>>>> See Oasis' comments: >>>>>> "Note that the error codes CKR_ATTRIBUTE_SENSITIVE, >>>>>> CKR_ATTRIBUTE_TYPE_INVALID, and CKR_BUFFER_TOO_SMALL do not denote true >>>>>> errors for C_GetAttributeValue. If a call to C_GetAttributeValue returns >>>>>> any of these three values, then the call MUST nonetheless have processed >>>>>> every attribute in the template supplied to C_GetAttributeValue. Each >>>>>> attribute in the template whose value can be returned by the call to >>>>>> C_GetAttributeValue will be returned by the call to C_GetAttributeValue." >>>>>> >>>>>> my 2 cents, >>>>>> Vincent >>>>>> >>>>>> ----- Mail original ----- >>>>>> De: "Johannes Schlüter" <johan...@schlueters.de> >>>>>> À: "Guillaume Amringer" <g.amrin...@gmail.com>, "pecl-dev" < >>>>>> pecl-dev@lists.php.net> >>>>>> Envoyé: Lundi 20 Juillet 2020 14:55:33 >>>>>> Objet: Re: [PECL-DEV] PKCS11 Extension >>>>>> >>>>>> Hi, >>>>>> >>>>>> On Sun, 2020-07-19 at 22:33 -0400, Guillaume Amringer wrote: >>>>>> > The extension is currently hosted here: >>>>>> > https://github.com/gamringer/php-pkcs11 >>>>>> >>>>>> I scrolled over it without much attention (thus probably missed other >>>>>> issues) a few comments to this line I noticed: >>>>>> >>>>>> pSlotList = (CK_SLOT_ID_PTR) malloc(ulSlotCount * >>>>>> sizeof(CK_SLOT_ID)); >>>>>> https://github.com/gamringer/php-pkcs11/blob/master/pkcs11.c#L300 >>>>>> >>>>>> 1. The return value of malloc() is not checked. If the system runs >>>>>> out >>>>>> of memory (OOM) or for some other reason can't return a memory >>>>>> block >>>>>> this will return NULL and then lead to undefined behavior later. >>>>>> (unlikely on today's systems, but might happen) >>>>>> 2. emalloc should be used instead of malloc. For one it counts >>>>>> towards >>>>>> PHP's memory_limit, ten it also ensures the memory is freed if >>>>>> something weird happens by the end of the request, thus reduces >>>>>> risk >>>>>> of memory leaks and it fixes point 1. by terminating the >>>>>> request in >>>>>> an OOM situation. >>>>>> 3. ulSlotCount * sizeof(CK_SLOT_ID) could eventually overflow. >>>>>> Better >>>>>> use >>>>>> safe_emalloc(ulSlotCount, sizeof(CK_SLOT_ID), 0) >>>>>> this >>>>>> calculates >>>>>> ulSlotCount * sizeof(CK_SLOT_ID) + 0 >>>>>> in a overflow-safe >>>>>> way and errors out in case of a problem. >>>>>> >>>>>> johannes >>>>>> >>>>>> -- >>>>>> PECL development discussion Mailing List (https://pecl.php.net/) >>>>>> To unsubscribe, visit: https://www.php.net/unsub.php >>>>>> >>>>> >>> >