Add more precondition checks and debug messages.
This commit is contained in:
+2
-2
@@ -1,8 +1,8 @@
|
|||||||
#ifndef DEBUG_H
|
#ifndef DEBUG_H
|
||||||
#define DEBUG_H
|
#define DEBUG_H
|
||||||
|
|
||||||
#define YKCS11_DBG 1 // General debug, must be either 1 or 0
|
#define YKCS11_DBG 0 // General debug, must be either 1 or 0
|
||||||
#define YKCS11_DINOUT 1 // Function in/out debug, must be either 1 or 0
|
#define YKCS11_DINOUT 0 // Function in/out debug, must be either 1 or 0
|
||||||
|
|
||||||
#define D(x) do { \
|
#define D(x) do { \
|
||||||
printf ("debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \
|
printf ("debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \
|
||||||
|
|||||||
+41
-19
@@ -149,7 +149,11 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(
|
|||||||
int i;
|
int i;
|
||||||
int j;
|
int j;
|
||||||
|
|
||||||
// TODO: check more preconditions
|
if (piv_state == NULL) {
|
||||||
|
DBG(("libykpiv is not initialized or already finalized"));
|
||||||
|
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||||
|
}
|
||||||
|
|
||||||
if (pSlotList == NULL_PTR) {
|
if (pSlotList == NULL_PTR) {
|
||||||
// Just return the number of slots
|
// Just return the number of slots
|
||||||
*pulCount = n_slots;
|
*pulCount = n_slots;
|
||||||
@@ -196,8 +200,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotInfo)(
|
|||||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (slotID >= n_slots)
|
if (slotID >= n_slots) {
|
||||||
return CKR_ARGUMENTS_BAD;
|
DBG(("Invalid slot ID %lu, slotID"));
|
||||||
|
return CKR_SLOT_ID_INVALID;
|
||||||
|
}
|
||||||
|
|
||||||
memcpy(pInfo, &slots[slotID].info, sizeof(CK_SLOT_INFO));
|
memcpy(pInfo, &slots[slotID].info, sizeof(CK_SLOT_INFO));
|
||||||
|
|
||||||
@@ -220,12 +226,14 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(
|
|||||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (slotID >= n_slots)
|
if (slotID >= n_slots) {
|
||||||
return CKR_ARGUMENTS_BAD;
|
DBG(("Invalid slot ID %lu, slotID"));
|
||||||
|
return CKR_SLOT_ID_INVALID;
|
||||||
|
}
|
||||||
|
|
||||||
if (slots[slotID].vid == UNKNOWN) {
|
if (slots[slotID].vid == UNKNOWN) {
|
||||||
DBG(("No support for slot %lu", slotID));
|
DBG(("No support for slot %lu", slotID));
|
||||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
return CKR_SLOT_ID_INVALID;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!has_token(slots + slotID)) {
|
if (!has_token(slots + slotID)) {
|
||||||
@@ -242,7 +250,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(
|
|||||||
|
|
||||||
memcpy(pInfo, &slots[slotID].token->info, sizeof(CK_TOKEN_INFO));
|
memcpy(pInfo, &slots[slotID].token->info, sizeof(CK_TOKEN_INFO));
|
||||||
|
|
||||||
// Overwrite value that are application specific
|
// Overwrite values that are application specific
|
||||||
pInfo->ulMaxSessionCount = CK_UNAVAILABLE_INFORMATION; // TODO: should this be 1?
|
pInfo->ulMaxSessionCount = CK_UNAVAILABLE_INFORMATION; // TODO: should this be 1?
|
||||||
pInfo->ulSessionCount = CK_UNAVAILABLE_INFORMATION; // number of sessions that this application currently has open with the token
|
pInfo->ulSessionCount = CK_UNAVAILABLE_INFORMATION; // number of sessions that this application currently has open with the token
|
||||||
|
|
||||||
@@ -287,8 +295,15 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismList)(
|
|||||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (slotID > n_slots || pulCount == NULL_PTR)
|
if (slotID >= n_slots) {
|
||||||
|
DBG(("Invalid slot ID %lu", slotID));
|
||||||
|
return CKR_SLOT_ID_INVALID;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pulCount == NULL_PTR) {
|
||||||
|
DBG(("Wrong/Missing parameter"));
|
||||||
return CKR_ARGUMENTS_BAD;
|
return CKR_ARGUMENTS_BAD;
|
||||||
|
}
|
||||||
|
|
||||||
if (slots[slotID].vid == UNKNOWN) {
|
if (slots[slotID].vid == UNKNOWN) {
|
||||||
DBG(("Slot %lu is tokenless/unsupported", slotID));
|
DBG(("Slot %lu is tokenless/unsupported", slotID));
|
||||||
@@ -296,7 +311,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismList)(
|
|||||||
}
|
}
|
||||||
|
|
||||||
// TODO: check more return values
|
// TODO: check more return values
|
||||||
// TODO: user NULL_PTR more for coherence
|
|
||||||
|
|
||||||
token = get_token_vendor(slots[slotID].vid);
|
token = get_token_vendor(slots[slotID].vid);
|
||||||
|
|
||||||
@@ -315,8 +329,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismList)(
|
|||||||
return CKR_BUFFER_TOO_SMALL;
|
return CKR_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (token.get_token_mechanism_list(pMechanismList, *pulCount) != CKR_OK)
|
if (token.get_token_mechanism_list(pMechanismList, *pulCount) != CKR_OK) {
|
||||||
|
DBG(("Unable to retrieve mechanism list"));
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
|
}
|
||||||
|
|
||||||
DOUT;
|
DOUT;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
@@ -336,21 +352,27 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismInfo)(
|
|||||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (slotID > n_slots || pInfo == NULL_PTR)
|
if (slotID >= n_slots) {
|
||||||
|
DBG(("Invalid slot ID %lu, slotID"));
|
||||||
|
return CKR_SLOT_ID_INVALID;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pInfo == NULL_PTR) {
|
||||||
|
DBG(("Wrong/Missing parameter"));
|
||||||
return CKR_ARGUMENTS_BAD;
|
return CKR_ARGUMENTS_BAD;
|
||||||
|
}
|
||||||
|
|
||||||
if (slots[slotID].vid == UNKNOWN) {
|
if (slots[slotID].vid == UNKNOWN) {
|
||||||
DBG(("Slot %lu is tokenless/unsupported", slotID));
|
DBG(("Slot %lu is tokenless/unsupported", slotID));
|
||||||
return CKR_SLOT_ID_INVALID;
|
return CKR_SLOT_ID_INVALID;
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: check more return values
|
|
||||||
// TODO: user NULL_PTR more for coherence
|
|
||||||
|
|
||||||
token = get_token_vendor(slots[slotID].vid);
|
token = get_token_vendor(slots[slotID].vid);
|
||||||
|
|
||||||
if (token.get_token_mechanism_info(type, pInfo) != CKR_OK)
|
if (token.get_token_mechanism_info(type, pInfo) != CKR_OK) {
|
||||||
|
DBG(("Unable to retrieve mechanism information"));
|
||||||
return CKR_MECHANISM_INVALID;
|
return CKR_MECHANISM_INVALID;
|
||||||
|
}
|
||||||
|
|
||||||
DOUT;
|
DOUT;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
@@ -767,7 +789,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Logout)(
|
|||||||
session.info.state = CKS_RW_PUBLIC_SESSION;
|
session.info.state = CKS_RW_PUBLIC_SESSION;
|
||||||
|
|
||||||
// TODO: more things to clean?
|
// TODO: more things to clean?
|
||||||
|
|
||||||
DOUT;
|
DOUT;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
@@ -1660,7 +1682,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GenerateKeyPair)(
|
|||||||
piv_obj_id_t *obj_ptr;
|
piv_obj_id_t *obj_ptr;
|
||||||
CK_BYTE cert_data[2100];
|
CK_BYTE cert_data[2100];
|
||||||
CK_ULONG cert_len;
|
CK_ULONG cert_len;
|
||||||
|
|
||||||
|
|
||||||
if (piv_state == NULL) {
|
if (piv_state == NULL) {
|
||||||
DBG(("libykpiv is not initialized or already finalized"));
|
DBG(("libykpiv is not initialized or already finalized"));
|
||||||
@@ -1759,7 +1781,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GenerateKeyPair)(
|
|||||||
dobj_id = op_info.op.gen.key_id - PIV_PVTK_OBJ_PIV_AUTH; // TODO: make function for these
|
dobj_id = op_info.op.gen.key_id - PIV_PVTK_OBJ_PIV_AUTH; // TODO: make function for these
|
||||||
cert_id = PIV_DATA_OBJ_LAST + 1 + dobj_id;
|
cert_id = PIV_DATA_OBJ_LAST + 1 + dobj_id;
|
||||||
pvtk_id = op_info.op.gen.key_id;
|
pvtk_id = op_info.op.gen.key_id;
|
||||||
pubk_id = PIV_PVTK_OBJ_LAST + 1 + dobj_id;
|
pubk_id = PIV_PVTK_OBJ_LAST + 1 + dobj_id;
|
||||||
|
|
||||||
// Check whether we created a new object or updated an existing one
|
// Check whether we created a new object or updated an existing one
|
||||||
if (is_new == CK_TRUE) {
|
if (is_new == CK_TRUE) {
|
||||||
@@ -1811,7 +1833,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GenerateKeyPair)(
|
|||||||
*obj_ptr++ = cert_id;
|
*obj_ptr++ = cert_id;
|
||||||
*obj_ptr++ = pvtk_id;
|
*obj_ptr++ = pvtk_id;
|
||||||
*obj_ptr++ = pubk_id;*/
|
*obj_ptr++ = pubk_id;*/
|
||||||
|
|
||||||
*phPrivateKey = op_info.op.gen.key_id;
|
*phPrivateKey = op_info.op.gen.key_id;
|
||||||
*phPublicKey = op_info.op.gen.key_id - PIV_PVTK_OBJ_KM + PIV_PUBK_OBJ_KM; // TODO: make function for these?
|
*phPublicKey = op_info.op.gen.key_id - PIV_PVTK_OBJ_KM + PIV_PUBK_OBJ_KM; // TODO: make function for these?
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user