/* * pkcs11-object.c: PKCS#11 object management and handling functions * * Copyright (C) 2002  Timo Ter鋝 <timo.teras@iki.fi> * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */#include <stdlib.h>#include <string.h>#include "sc-pkcs11.h"/* Pseudo mechanism for the Find operation */static sc_pkcs11_mechanism_type_t	find_mechanism = {	0, { 0 }, 0, 	sizeof(struct sc_pkcs11_find_operation),};CK_RV C_CreateObject(CK_SESSION_HANDLE hSession,    /* the session's handle */		     CK_ATTRIBUTE_PTR  pTemplate,   /* the object's template */		     CK_ULONG          ulCount,     /* attributes in template */		     CK_OBJECT_HANDLE_PTR phObject) /* receives new object's handle. */{	struct sc_pkcs11_session *session;	struct sc_pkcs11_card *card;        int rv;	rv = sc_pkcs11_lock();	if (rv != CKR_OK)		return rv;        dump_template("C_CreateObject()", pTemplate, ulCount);	rv = pool_find(&session_pool, hSession, (void**) &session);	if (rv != CKR_OK)		goto out;	card = session->slot->card;	if (card->framework->create_object == NULL)		rv = CKR_FUNCTION_NOT_SUPPORTED;	else		rv = card->framework->create_object(card, session->slot,			pTemplate, ulCount, phObject);out:	sc_pkcs11_unlock();	return rv;}CK_RV C_CopyObject(CK_SESSION_HANDLE    hSession,    /* the session's handle */		   CK_OBJECT_HANDLE     hObject,     /* the object's handle */		   CK_ATTRIBUTE_PTR     pTemplate,   /* template for new object */		   CK_ULONG             ulCount,     /* attributes in template */		   CK_OBJECT_HANDLE_PTR phNewObject) /* receives handle of copy */{        return CKR_FUNCTION_NOT_SUPPORTED;}CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession,  /* the session's handle */		      CK_OBJECT_HANDLE  hObject)   /* the object's handle */{        return CKR_FUNCTION_NOT_SUPPORTED;}CK_RV C_GetObjectSize(CK_SESSION_HANDLE hSession,  /* the session's handle */		      CK_OBJECT_HANDLE  hObject,   /* the object's handle */		      CK_ULONG_PTR      pulSize)   /* receives size of object */{        return CKR_FUNCTION_NOT_SUPPORTED;}CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,   /* the session's handle */			  CK_OBJECT_HANDLE  hObject,    /* the object's handle */			  CK_ATTRIBUTE_PTR  pTemplate,  /* specifies attributes, gets values */			  CK_ULONG          ulCount)    /* attributes in template */{	static int precedence[] = {		CKR_OK,		CKR_BUFFER_TOO_SMALL,		CKR_ATTRIBUTE_TYPE_INVALID,		CKR_ATTRIBUTE_SENSITIVE,		-1	};	char	object_name[64];        int i, j, rv;	struct sc_pkcs11_session *session;	struct sc_pkcs11_object *object;	int	res, res_type;	rv = sc_pkcs11_lock();	if (rv != CKR_OK)		return rv;	rv = pool_find(&session_pool, hSession, (void**) &session);	if (rv != CKR_OK)		goto out;	rv = pool_find(&session->slot->object_pool, hObject, (void**) &object);	if (rv != CKR_OK)		goto out;	/* Debug printf */	snprintf(object_name, sizeof(object_name), "Object %lu",			(unsigned long) hObject);	res_type = 0;	for (i = 0; i < ulCount; i++) {		res = object->ops->get_attribute(session,					object, &pTemplate[i]);		if (res != CKR_OK)                        pTemplate[i].ulValueLen = (CK_ULONG) -1;		dump_template(object_name, &pTemplate[i], 1);		/* the pkcs11 spec has complicated rules on		 * what errors take precedence:		 * 	CKR_ATTRIBUTE_SENSITIVE		 * 	CKR_ATTRIBUTE_INVALID		 * 	CKR_BUFFER_TOO_SMALL		 * It does not exactly specify how other errors		 * should be handled - we give them highest		 * precedence		 */		for (j = 0; precedence[j] != -1; j++) {			if (precedence[j] == res)				break;		}		if (j > res_type) {			res_type = j;			rv = res;		}	}out:	sc_pkcs11_unlock();        return rv;}CK_RV C_SetAttributeValue(CK_SESSION_HANDLE hSession,   /* the session's handle */			  CK_OBJECT_HANDLE  hObject,    /* the object's handle */			  CK_ATTRIBUTE_PTR  pTemplate,  /* specifies attributes and values */			  CK_ULONG          ulCount)    /* attributes in template */{        int i, rv;	struct sc_pkcs11_session *session;	struct sc_pkcs11_object *object;	rv = sc_pkcs11_lock();	if (rv != CKR_OK)		return rv;        dump_template("C_SetAttributeValue", pTemplate, ulCount);	rv = pool_find(&session_pool, hSession, (void**) &session);	if (rv != CKR_OK)		goto out;	rv = pool_find(&session->slot->object_pool, hObject, (void**) &object);	if (rv != CKR_OK)		goto out;	if (object->ops->set_attribute == NULL)                rv = CKR_FUNCTION_NOT_SUPPORTED;	else {		for (i = 0; i < ulCount; i++) {			rv = object->ops->set_attribute(session, object, &pTemplate[i]);			if (rv != CKR_OK)				break;		}	}out:	sc_pkcs11_unlock();        return rv;}CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession,   /* the session's handle */			CK_ATTRIBUTE_PTR  pTemplate,  /* attribute values to match */			CK_ULONG          ulCount)    /* attributes in search template */{        CK_BBOOL is_private = TRUE;	CK_ATTRIBUTE private_attribute = { CKA_PRIVATE, &is_private, sizeof(is_private) };	int j, rv, match, hide_private;	struct sc_pkcs11_session *session;	struct sc_pkcs11_object *object;	struct sc_pkcs11_find_operation *operation;        struct sc_pkcs11_pool_item *item;	struct sc_pkcs11_slot *slot;	rv = sc_pkcs11_lock();	if (rv != CKR_OK)		return rv;	rv = pool_find(&session_pool, hSession, (void**) &session);	if (rv != CKR_OK)		goto out;	sc_debug(context, "C_FindObjectsInit(slot = %d)\n", session->slot->id);        dump_template("C_FindObjectsInit()", pTemplate, ulCount);	rv = session_start_operation(session, SC_PKCS11_OPERATION_FIND,                                     &find_mechanism,				     (struct sc_pkcs11_operation**) &operation);	if (rv != CKR_OK)                goto out;        operation->current_handle = 0;	operation->num_handles = 0;	slot = session->slot;	/* Check whether we should hide private objects */	hide_private = 0;	if (slot->login_user != CKU_USER	 && (slot->token_info.flags & CKF_LOGIN_REQUIRED))		hide_private = 1;	/* For each object in token do */	for (item = slot->object_pool.head; item != NULL; item = item->next) {		object = (struct sc_pkcs11_object*) item->item;		/* User not logged in and private object? */		if (hide_private) {			if (object->ops->get_attribute(session, object, &private_attribute) != CKR_OK)				continue;			if (is_private) {				sc_debug(context, "Object %d/%d: Private object and not logged in.\n",                                      slot->id,				      item->handle);				continue;			}		}		/* Try to match every attribute */                match = 1;		for (j = 0; j < ulCount; j++) {			rv = object->ops->cmp_attribute(session, object,					&pTemplate[j]);			if (rv == 0) {				if (context->debug >= 4) {					sc_debug(context, "Object %d/%d: Attribute 0x%x does NOT match.\n",					      slot->id,					      item->handle, pTemplate[j].type);				}				match = 0;                                break;			}			if (context->debug >= 4) {				sc_debug(context, "Object %d/%d: Attribute 0x%x matches.\n",				      slot->id,				      item->handle, pTemplate[j].type);			}		}		if (match) {			sc_debug(context, "Object %d/%d matches\n",			      slot->id, item->handle);			/* Avoid buffer overflow --okir */			if (operation->num_handles >= SC_PKCS11_FIND_MAX_HANDLES) {				sc_debug(context, "Too many matching objects\n");				break;			}			operation->handles[operation->num_handles++] = item->handle;		}	}	rv = CKR_OK;	sc_debug(context, "%d matching objects\n", operation->num_handles);out:	sc_pkcs11_unlock();        return rv;}CK_RV C_FindObjects(CK_SESSION_HANDLE    hSession,          /* the session's handle */		    CK_OBJECT_HANDLE_PTR phObject,          /* receives object handle array */		    CK_ULONG             ulMaxObjectCount,  /* max handles to be returned */		    CK_ULONG_PTR         pulObjectCount)    /* actual number returned */{        int rv, to_return;	struct sc_pkcs11_session *session;	struct sc_pkcs11_find_operation *operation;	rv = sc_pkcs11_lock();	if (rv != CKR_OK)		return rv;	rv = pool_find(&session_pool, hSession, (void**) &session);	if (rv != CKR_OK)		goto out;	rv = session_get_operation(session, SC_PKCS11_OPERATION_FIND,				(sc_pkcs11_operation_t **) &operation);	if (rv != CKR_OK)		goto out;	to_return = operation->num_handles - operation->current_handle;	if (to_return > ulMaxObjectCount)		to_return = ulMaxObjectCount;	*pulObjectCount = to_return;	memcpy(phObject,	       &operation->handles[operation->current_handle],	       to_return * sizeof(CK_OBJECT_HANDLE));        operation->current_handle += to_return;out:	sc_pkcs11_unlock();	return rv;}CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession) /* the session's handle */{        int rv;	struct sc_pkcs11_session *session;	rv = sc_pkcs11_lock();	if (rv != CKR_OK)		return rv;	rv = pool_find(&session_pool, hSession, (void**) &session);	if (rv != CKR_OK)		goto out;	rv = session_get_operation(session, SC_PKCS11_OPERATION_FIND, NULL);	if (rv == CKR_OK)		session_stop_operation(session, SC_PKCS11_OPERATION_FIND);out:	sc_pkcs11_unlock();	return rv;}/* * Below here all functions are wrappers to pass all object attribute and method * handling to appropriate object layer. */CK_RV C_DigestInit(CK_SESSION_HANDLE hSession,   /* the session's handle */		   CK_MECHANISM_PTR  pMechanism) /* the digesting mechanism */{        int rv;	struct sc_pkcs11_session *session;	rv = sc_pkcs11_lock();	if (rv != CKR_OK)		return rv;	rv = pool_find(&session_pool, hSession, (void**) &session);	if (rv == CKR_OK)		rv = sc_pkcs11_md_init(session, pMechanism);        sc_debug(context, "C_DigestInit returns %d\n", rv);	sc_pkcs11_unlock();        return rv;}