From e6ccf518dab2d53b7eda2dab1a2e1481ff544815 Mon Sep 17 00:00:00 2001
From: fabled <fabled@c6295689-39f2-0310-b995-f0e70906c6a9>
Date: Thu, 24 Jan 2002 16:27:09 +0000
Subject: [PATCH] - many bug fixes in pkcs #11 module - pkcs #11 module now
 creates public key objects too

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@193 c6295689-39f2-0310-b995-f0e70906c6a9
---
 src/pkcs11/Makefile.am        |   9 +++
 src/pkcs11/framework-pkcs15.c | 103 ++++++++++++++++++++++++++++++++--
 src/pkcs11/pkcs11-object.c    |  19 +++++--
 src/pkcs11/pkcs11-session.c   |   6 +-
 src/pkcs11/slot.c             |   8 ++-
 5 files changed, 129 insertions(+), 16 deletions(-)

diff --git a/src/pkcs11/Makefile.am b/src/pkcs11/Makefile.am
index 29213343..3ed3a6dc 100644
--- a/src/pkcs11/Makefile.am
+++ b/src/pkcs11/Makefile.am
@@ -16,3 +16,12 @@ lib_LTLIBRARIES = opensc-pkcs11.la
 
 opensc_pkcs11_la_SOURCES = $(SRC) $(INC)
 opensc_pkcs11_la_LDFLAGS = -module -avoid-version
+
+jar-dir:
+	if test ! -d jar-dir ; then mkdir jar-dir ; fi
+
+pkcs11-jar: jar-dir
+	cp .libs/*.so jar-dir
+	cp opensc_pkcs11_install.js jar-dir
+	signtool -Z"opensc-pkcs11.jar" -i"opensc_pkcs11_install.js" \
+		 -k"testcert" jar-dir
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
index a71d2302..934e4df4 100644
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@@ -37,6 +37,7 @@
 
 extern struct sc_pkcs11_object_ops pkcs15_cert_ops;
 extern struct sc_pkcs11_object_ops pkcs15_prkey_ops;
+extern struct sc_pkcs11_object_ops pkcs15_pubkey_ops;
 
 struct pkcs15_cert_object {
 	struct sc_pkcs11_object object;
@@ -50,6 +51,11 @@ struct pkcs15_prkey_object {
         struct pkcs15_cert_object *cert_object;
 };
 
+struct pkcs15_pubkey_object {
+	struct sc_pkcs11_object object;
+	struct sc_pkcs15_rsa_pubkey *rsakey;
+	struct sc_pkcs15_cert_info *cert;
+};
 
 /* PKCS#15 Framework */
 
@@ -92,14 +98,22 @@ static struct pkcs15_cert_object *pkcs15_add_cert_object(struct sc_pkcs11_slot *
 				   struct sc_pkcs15_cert_info *cert)
 {
 	struct pkcs15_cert_object *object;
+        struct pkcs15_pubkey_object *obj2;
 
+        /* Certificate object */
         object = (struct pkcs15_cert_object*) malloc(sizeof(struct pkcs15_cert_object));
 	object->object.ops = &pkcs15_cert_ops;
 	object->cert_info = cert;
 	sc_pkcs15_read_certificate(card, cert, &object->cert);
-
 	pool_insert(&slot->object_pool, object, NULL);
 
+        /* Corresponding public key */
+        obj2 = (struct pkcs15_pubkey_object*) malloc(sizeof(struct pkcs15_pubkey_object));
+	obj2->object.ops = &pkcs15_pubkey_ops;
+	obj2->rsakey = &object->cert->key;
+        obj2->cert = cert;
+	pool_insert(&slot->object_pool, obj2, NULL);
+
 	/* Mark as seen */
 	cert->com_attr.flags |= SC_PKCS15_CO_FLAG_OBJECT_SEEN;
 
@@ -368,8 +382,13 @@ CK_RV pkcs15_cert_get_attribute(struct sc_pkcs11_session *session,
                 *(CK_CERTIFICATE_TYPE*)attr->pValue = CKC_X_509;
 		break;
 	case CKA_ID:
-		check_attribute_buffer(attr, cert->cert_info->id.len);
-		memcpy(attr->pValue, cert->cert_info->id.value, cert->cert_info->id.len);
+		if (cert->cert_info->authority) {
+			check_attribute_buffer(attr, 1);
+			*(unsigned char*)attr->pValue = 0;
+		} else {
+			check_attribute_buffer(attr, cert->cert_info->id.len);
+			memcpy(attr->pValue, cert->cert_info->id.value, cert->cert_info->id.len);
+                }
                 break;
 	case CKA_TRUSTED:
 		check_attribute_buffer(attr, sizeof(CK_BBOOL));
@@ -418,12 +437,12 @@ CK_RV pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session,
 		*(CK_OBJECT_CLASS*)attr->pValue = CKO_PRIVATE_KEY;
                 break;
 	case CKA_TOKEN:
-	case CKA_PRIVATE:
 	case CKA_LOCAL:
 	case CKA_SENSITIVE:
 	case CKA_ALWAYS_SENSITIVE:
 	case CKA_NEVER_EXTRACTABLE:
 	case CKA_SIGN:
+	case CKA_PRIVATE:
 		check_attribute_buffer(attr, sizeof(CK_BBOOL));
 		*(CK_BBOOL*)attr->pValue = TRUE;
                 break;
@@ -525,3 +544,79 @@ struct sc_pkcs11_object_ops pkcs15_prkey_ops = {
         pkcs15_prkey_sign
 };
 
+/*
+ * PKCS#15 RSA Public Key Object
+ */
+
+CK_RV pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session,
+				void *object,
+				CK_ATTRIBUTE_PTR attr)
+{
+	struct pkcs15_pubkey_object *pubkey = (struct pkcs15_pubkey_object*) object;
+
+	switch (attr->type) {
+	case CKA_CLASS:
+		check_attribute_buffer(attr, sizeof(CK_OBJECT_CLASS));
+		*(CK_OBJECT_CLASS*)attr->pValue = CKO_PUBLIC_KEY;
+                break;
+	case CKA_TOKEN:
+	case CKA_LOCAL:
+	case CKA_SENSITIVE:
+	case CKA_ALWAYS_SENSITIVE:
+	case CKA_NEVER_EXTRACTABLE:
+		check_attribute_buffer(attr, sizeof(CK_BBOOL));
+		*(CK_BBOOL*)attr->pValue = TRUE;
+                break;
+	case CKA_PRIVATE:
+	case CKA_MODIFIABLE:
+	case CKA_ENCRYPT:
+	case CKA_VERIFY:
+	case CKA_VERIFY_RECOVER:
+	case CKA_WRAP:
+	case CKA_DERIVE:
+	case CKA_EXTRACTABLE:
+		check_attribute_buffer(attr, sizeof(CK_BBOOL));
+		*(CK_BBOOL*)attr->pValue = FALSE;
+                break;
+	case CKA_LABEL:
+		check_attribute_buffer(attr, strlen(pubkey->cert->com_attr.label));
+                memcpy(attr->pValue, pubkey->cert->com_attr.label, strlen(pubkey->cert->com_attr.label));
+		break;
+	case CKA_KEY_TYPE:
+		check_attribute_buffer(attr, sizeof(CK_KEY_TYPE));
+                *(CK_KEY_TYPE*)attr->pValue = CKK_RSA;
+                break;
+	case CKA_ID:
+		check_attribute_buffer(attr, pubkey->cert->id.len);
+		memcpy(attr->pValue, pubkey->cert->id.value, pubkey->cert->id.len);
+                break;
+	case CKA_KEY_GEN_MECHANISM:
+		check_attribute_buffer(attr, sizeof(CK_MECHANISM_TYPE));
+                *(CK_MECHANISM_TYPE*)attr->pValue = CK_UNAVAILABLE_INFORMATION;
+		break;
+	case CKA_MODULUS:
+		check_attribute_buffer(attr, pubkey->rsakey->modulus_len);
+		memcpy(attr->pValue,
+		       pubkey->rsakey->modulus,
+		       pubkey->rsakey->modulus_len);
+		break;
+	case CKA_MODULUS_BITS:
+	case CKA_PUBLIC_EXPONENT:
+                //break;
+	default:
+                return CKR_ATTRIBUTE_TYPE_INVALID;
+	}
+
+        return CKR_OK;
+}
+
+struct sc_pkcs11_object_ops pkcs15_pubkey_ops = {
+	NULL,
+	NULL,
+	pkcs15_pubkey_get_attribute,
+	NULL,
+	NULL,
+        NULL
+};
+
+
diff --git a/src/pkcs11/pkcs11-object.c b/src/pkcs11/pkcs11-object.c
index 6bcb653d..95cb8b19 100644
--- a/src/pkcs11/pkcs11-object.c
+++ b/src/pkcs11/pkcs11-object.c
@@ -76,7 +76,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,   /* the session's handle
 		debug(context, "Object %d, Attribute 0x%x\n", hObject, pTemplate[i].type);
 		rv = object->ops->get_attribute(session, object, &pTemplate[i]);
 		if (rv != CKR_OK)
-                        return rv;
+                        pTemplate[i].ulValueLen = -1;
 	}
 
         return CKR_OK;
@@ -152,8 +152,12 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession,   /* the session's handle */
 		if (session->slot->login_user != CKU_USER) {
 			if (object->ops->get_attribute(session, object, &private_attribute) != CKR_OK)
 				continue;
-			if (is_private)
-                                continue;
+			if (is_private) {
+				debug(context, "Object %d/%d: Private object and not logged in.\n",
+                                      session->slot->id,
+				      item->handle);
+				continue;
+			}
 		}
 
 		/* Try to match every attribute */
@@ -168,18 +172,21 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession,   /* the session's handle */
 			    temp_attribute.ulValueLen != pTemplate[j].ulValueLen ||
 			    memcmp(temp_attribute.pValue, pTemplate[j].pValue, temp_attribute.ulValueLen) != 0) {
 
-			    	debug(context, "Object %d: Attribute 0x%x does NOT match.\n",
+			    	debug(context, "Object %d/%d: Attribute 0x%x does NOT match.\n",
+                                      session->slot->id,
 				      item->handle, pTemplate[j].type);
 				match = 0;
                                 break;
 			}
 
-			debug(context, "Object %d: Attribute 0x%x matches.\n",
+			debug(context, "Object %d/%d: Attribute 0x%x matches.\n",
+			      session->slot->id,
                               item->handle, pTemplate[j].type);
 		}
 
 		if (match) {
-			debug(context, "Object %d matches\n", item->handle);
+			debug(context, "Object %d/%d matches\n",
+			      session->slot->id, item->handle);
 			operation->handles[operation->num_handles++] = item->handle;
 		}
 	}
diff --git a/src/pkcs11/pkcs11-session.c b/src/pkcs11/pkcs11-session.c
index 25b4e108..d82c9be7 100644
--- a/src/pkcs11/pkcs11-session.c
+++ b/src/pkcs11/pkcs11-session.c
@@ -78,12 +78,12 @@ CK_RV C_CloseSession(CK_SESSION_HANDLE hSession) /* the session's handle */
 
 CK_RV C_CloseAllSessions(CK_SLOT_ID slotID) /* the token's slot */
 {
-	struct sc_pkcs11_pool_item *item;
+	struct sc_pkcs11_pool_item *item, *next;
         struct sc_pkcs11_session *session;
 
-	for (item = session_pool.head; item != NULL; ) {
+	for (item = session_pool.head; item != NULL; item = next) {
 		session = (struct sc_pkcs11_session*) item->item;
-                item = item->next;
+                next = item->next;
 
 		if (session->slot->id == slotID) {
                         C_CloseSession(item->handle);
diff --git a/src/pkcs11/slot.c b/src/pkcs11/slot.c
index 0fdef5f4..86283378 100644
--- a/src/pkcs11/slot.c
+++ b/src/pkcs11/slot.c
@@ -108,7 +108,7 @@ CK_RV card_removed(int reader)
 	}
 
 	card = &card_table[reader];
-	card->framework->unbind(card->fw_data);
+	card->framework->unbind(card);
 	card->framework = NULL;
 	card->fw_data = NULL;
 
@@ -186,8 +186,10 @@ CK_RV slot_token_removed(int id)
         C_CloseAllSessions(id);
 
 	/* Object pool */
-	while (pool_find_and_delete(&slot->object_pool, 0, (void**) &object) == CKR_OK)
-                object->ops->release(object);
+	while (pool_find_and_delete(&slot->object_pool, 0, (void**) &object) == CKR_OK) {
+                if (object->ops->release)
+			object->ops->release(object);
+	}
 
 	/* Release framework stuff */
 	if (slot->card != NULL && slot->fw_data != NULL) {