diff --git a/ta/pkcs11/src/object.c b/ta/pkcs11/src/object.c index d8276d81ad4..2ec9d87e1cd 100644 --- a/ta/pkcs11/src/object.c +++ b/ta/pkcs11/src/object.c @@ -271,7 +271,6 @@ uint32_t entry_destroy_object(struct pkcs11_client *client, TEE_PARAM_TYPE_NONE); TEE_Param *ctrl = ¶ms[0]; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; uint32_t object_handle = 0; struct pkcs11_session *session = NULL; struct pkcs11_object *object = NULL; @@ -282,7 +281,7 @@ uint32_t entry_destroy_object(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; @@ -293,10 +292,6 @@ uint32_t entry_destroy_object(struct pkcs11_client *client, if (serialargs_remaining_bytes(&ctrlargs)) return PKCS11_CKR_ARGUMENTS_BAD; - session = pkcs11_handle2session(session_handle, client); - if (!session) - return PKCS11_CKR_SESSION_HANDLE_INVALID; - if (session_is_active(session)) return PKCS11_CKR_OPERATION_ACTIVE; @@ -308,7 +303,7 @@ uint32_t entry_destroy_object(struct pkcs11_client *client, handle_put(&session->object_handle_db, object_handle); DMSG("PKCS11 session %"PRIu32": destroy object %#"PRIx32, - session_handle, object_handle); + session->handle, object_handle); return rv; } @@ -424,7 +419,6 @@ uint32_t entry_find_objects_init(struct pkcs11_client *client, TEE_Param *ctrl = ¶ms[0]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; struct pkcs11_object_head *template = NULL; struct pkcs11_attrs_head *req_attrs = NULL; @@ -436,7 +430,7 @@ uint32_t entry_find_objects_init(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; @@ -449,12 +443,6 @@ uint32_t entry_find_objects_init(struct pkcs11_client *client, goto bail; } - session = pkcs11_handle2session(session_handle, client); - if (!session) { - rv = PKCS11_CKR_SESSION_HANDLE_INVALID; - goto bail; - } - /* Search objects only if no operation is on-going */ if (session_is_active(session)) { rv = PKCS11_CKR_OPERATION_ACTIVE; @@ -606,7 +594,6 @@ uint32_t entry_find_objects(struct pkcs11_client *client, TEE_Param *out = ¶ms[2]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; struct pkcs11_find_objects *ctx = NULL; char *out_handles = NULL; @@ -622,17 +609,13 @@ uint32_t entry_find_objects(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; if (serialargs_remaining_bytes(&ctrlargs)) return PKCS11_CKR_ARGUMENTS_BAD; - session = pkcs11_handle2session(session_handle, client); - if (!session) - return PKCS11_CKR_SESSION_HANDLE_INVALID; - ctx = session->find_ctx; /* @@ -665,7 +648,7 @@ uint32_t entry_find_objects(struct pkcs11_client *client, /* Update output buffer according the number of handles provided */ out->memref.size = count * sizeof(uint32_t); - DMSG("PKCS11 session %"PRIu32": finding objects", session_handle); + DMSG("PKCS11 session %"PRIu32": finding objects", session->handle); return PKCS11_CKR_OK; } @@ -686,7 +669,6 @@ uint32_t entry_find_objects_final(struct pkcs11_client *client, TEE_Param *ctrl = ¶ms[0]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 9; struct pkcs11_session *session = NULL; if (!client || ptypes != exp_pt) @@ -694,17 +676,13 @@ uint32_t entry_find_objects_final(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; if (serialargs_remaining_bytes(&ctrlargs)) return PKCS11_CKR_ARGUMENTS_BAD; - session = pkcs11_handle2session(session_handle, client); - if (!session) - return PKCS11_CKR_SESSION_HANDLE_INVALID; - if (!session->find_ctx) return PKCS11_CKR_OPERATION_NOT_INITIALIZED; @@ -724,7 +702,6 @@ uint32_t entry_get_attribute_value(struct pkcs11_client *client, TEE_Param *out = ¶ms[2]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; struct pkcs11_object_head *template = NULL; struct pkcs11_object *obj = NULL; @@ -741,7 +718,7 @@ uint32_t entry_get_attribute_value(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; @@ -758,12 +735,6 @@ uint32_t entry_get_attribute_value(struct pkcs11_client *client, goto bail; } - session = pkcs11_handle2session(session_handle, client); - if (!session) { - rv = PKCS11_CKR_SESSION_HANDLE_INVALID; - goto bail; - } - obj = pkcs11_handle2object(object_handle, session); if (!obj) { rv = PKCS11_CKR_ARGUMENTS_BAD; @@ -864,7 +835,7 @@ uint32_t entry_get_attribute_value(struct pkcs11_client *client, TEE_MemMove(out->memref.buffer, template, out->memref.size); DMSG("PKCS11 session %"PRIu32": get attributes %#"PRIx32, - session_handle, object_handle); + session->handle, object_handle); bail: TEE_Free(template); diff --git a/ta/pkcs11/src/pkcs11_token.c b/ta/pkcs11/src/pkcs11_token.c index 804dd9b6adb..4ad6cefc0b3 100644 --- a/ta/pkcs11/src/pkcs11_token.c +++ b/ta/pkcs11/src/pkcs11_token.c @@ -947,7 +947,6 @@ uint32_t entry_ck_close_session(struct pkcs11_client *client, TEE_Param *ctrl = ¶ms[0]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; if (!client || ptypes != exp_pt) @@ -955,17 +954,13 @@ uint32_t entry_ck_close_session(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; if (serialargs_remaining_bytes(&ctrlargs)) return PKCS11_CKR_ARGUMENTS_BAD; - session = pkcs11_handle2session(session_handle, client); - if (!session) - return PKCS11_CKR_SESSION_HANDLE_INVALID; - close_ck_session(session); return PKCS11_CKR_OK; @@ -1022,7 +1017,6 @@ uint32_t entry_ck_session_info(struct pkcs11_client *client, TEE_Param *out = ¶ms[2]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; struct pkcs11_session_info info = { .flags = PKCS11_CKFSS_SERIAL_SESSION, @@ -1033,17 +1027,13 @@ uint32_t entry_ck_session_info(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; if (serialargs_remaining_bytes(&ctrlargs)) return PKCS11_CKR_ARGUMENTS_BAD; - session = pkcs11_handle2session(session_handle, client); - if (!session) - return PKCS11_CKR_SESSION_HANDLE_INVALID; - info.slot_id = get_token_id(session->token); info.state = session->state; if (pkcs11_session_is_read_write(session)) @@ -1143,7 +1133,6 @@ uint32_t entry_init_pin(struct pkcs11_client *client, TEE_Param *ctrl = ¶ms[0]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; uint32_t pin_size = 0; void *pin = NULL; @@ -1153,7 +1142,7 @@ uint32_t entry_init_pin(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; @@ -1168,16 +1157,12 @@ uint32_t entry_init_pin(struct pkcs11_client *client, if (serialargs_remaining_bytes(&ctrlargs)) return PKCS11_CKR_ARGUMENTS_BAD; - session = pkcs11_handle2session(session_handle, client); - if (!session) - return PKCS11_CKR_SESSION_HANDLE_INVALID; - if (!pkcs11_session_is_so(session)) return PKCS11_CKR_USER_NOT_LOGGED_IN; assert(session->token->db_main->flags & PKCS11_CKFT_TOKEN_INITIALIZED); - DMSG("PKCS11 session %"PRIu32": init PIN", session_handle); + DMSG("PKCS11 session %"PRIu32": init PIN", session->handle); return set_pin(session, pin, pin_size, PKCS11_CKU_USER); } @@ -1357,7 +1342,6 @@ uint32_t entry_set_pin(struct pkcs11_client *client, TEE_Param *ctrl = ¶ms[0]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; uint32_t old_pin_size = 0; uint32_t pin_size = 0; @@ -1369,7 +1353,7 @@ uint32_t entry_set_pin(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; @@ -1392,10 +1376,6 @@ uint32_t entry_set_pin(struct pkcs11_client *client, if (serialargs_remaining_bytes(&ctrlargs)) return PKCS11_CKR_ARGUMENTS_BAD; - session = pkcs11_handle2session(session_handle, client); - if (!session) - return PKCS11_CKR_SESSION_HANDLE_INVALID; - if (!pkcs11_session_is_read_write(session)) return PKCS11_CKR_SESSION_READ_ONLY; @@ -1419,7 +1399,7 @@ uint32_t entry_set_pin(struct pkcs11_client *client, if (rv) return rv; - DMSG("PKCS11 session %"PRIu32": set PIN", session_handle); + DMSG("PKCS11 session %"PRIu32": set PIN", session->handle); return set_pin(session, pin, pin_size, PKCS11_CKU_USER); } @@ -1434,7 +1414,6 @@ uint32_t entry_login(struct pkcs11_client *client, TEE_Param *ctrl = ¶ms[0]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; struct pkcs11_session *sess = NULL; uint32_t user_type = 0; @@ -1446,7 +1425,7 @@ uint32_t entry_login(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; @@ -1465,10 +1444,6 @@ uint32_t entry_login(struct pkcs11_client *client, if (serialargs_remaining_bytes(&ctrlargs)) return PKCS11_CKR_ARGUMENTS_BAD; - session = pkcs11_handle2session(session_handle, client); - if (!session) - return PKCS11_CKR_SESSION_HANDLE_INVALID; - switch ((enum pkcs11_user_type)user_type) { case PKCS11_CKU_SO: if (pkcs11_session_is_so(session)) @@ -1540,7 +1515,7 @@ uint32_t entry_login(struct pkcs11_client *client, } if (!rv) - DMSG("PKCS11 session %"PRIu32": login", session_handle); + DMSG("PKCS11 session %"PRIu32": login", session->handle); return rv; } @@ -1555,7 +1530,6 @@ uint32_t entry_logout(struct pkcs11_client *client, TEE_Param *ctrl = ¶ms[0]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; if (!client || ptypes != exp_pt) @@ -1563,23 +1537,19 @@ uint32_t entry_logout(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; if (serialargs_remaining_bytes(&ctrlargs)) return PKCS11_CKR_ARGUMENTS_BAD; - session = pkcs11_handle2session(session_handle, client); - if (!session) - return PKCS11_CKR_SESSION_HANDLE_INVALID; - if (pkcs11_session_is_public(session)) return PKCS11_CKR_USER_NOT_LOGGED_IN; session_logout(session); - DMSG("PKCS11 session %"PRIu32": logout", session_handle); + DMSG("PKCS11 session %"PRIu32": logout", session->handle); return PKCS11_CKR_OK; } diff --git a/ta/pkcs11/src/processing.c b/ta/pkcs11/src/processing.c index 494d9c12f6f..0ca54b38ebd 100644 --- a/ta/pkcs11/src/processing.c +++ b/ta/pkcs11/src/processing.c @@ -20,21 +20,11 @@ #include "processing.h" #include "serializer.h" -static uint32_t get_ready_session(struct pkcs11_session **sess, - uint32_t session_handle, - struct pkcs11_client *client) +static uint32_t get_ready_session(struct pkcs11_session *session) { - struct pkcs11_session *session = NULL; - - session = pkcs11_handle2session(session_handle, client); - if (!session) - return PKCS11_CKR_SESSION_HANDLE_INVALID; - if (session_is_active(session)) return PKCS11_CKR_OPERATION_ACTIVE; - *sess = session; - return PKCS11_CKR_OK; } @@ -69,23 +59,14 @@ static bool func_matches_state(enum processing_func function, } } -static uint32_t get_active_session(struct pkcs11_session **sess, - uint32_t session_handle, - struct pkcs11_client *client, +static uint32_t get_active_session(struct pkcs11_session *session, enum processing_func function) { - struct pkcs11_session *session = NULL; uint32_t rv = PKCS11_CKR_OPERATION_NOT_INITIALIZED; - session = pkcs11_handle2session(session_handle, client); - if (!session) - return PKCS11_CKR_SESSION_HANDLE_INVALID; - if (session->processing && - func_matches_state(function, session->processing->state)) { - *sess = session; + func_matches_state(function, session->processing->state)) rv = PKCS11_CKR_OK; - } return rv; } @@ -136,7 +117,6 @@ uint32_t entry_import_object(struct pkcs11_client *client, TEE_Param *out = ¶ms[2]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; struct pkcs11_attrs_head *head = NULL; struct pkcs11_object_head *template = NULL; @@ -153,7 +133,7 @@ uint32_t entry_import_object(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; @@ -166,7 +146,7 @@ uint32_t entry_import_object(struct pkcs11_client *client, goto bail; } - rv = get_ready_session(&session, session_handle, client); + rv = get_ready_session(session); if (rv) goto bail; @@ -221,7 +201,7 @@ uint32_t entry_import_object(struct pkcs11_client *client, out->memref.size = sizeof(obj_handle); DMSG("PKCS11 session %"PRIu32": import object %#"PRIx32, - session_handle, obj_handle); + session->handle, obj_handle); bail: TEE_Free(template); @@ -316,7 +296,6 @@ uint32_t entry_generate_secret(struct pkcs11_client *client, TEE_Param *out = ¶ms[2]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; struct pkcs11_attribute_head *proc_params = NULL; struct pkcs11_attrs_head *head = NULL; @@ -330,7 +309,7 @@ uint32_t entry_generate_secret(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(session_handle)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; @@ -347,7 +326,7 @@ uint32_t entry_generate_secret(struct pkcs11_client *client, goto bail; } - rv = get_ready_session(&session, session_handle, client); + rv = get_ready_session(session); if (rv) goto bail; @@ -424,7 +403,7 @@ uint32_t entry_generate_secret(struct pkcs11_client *client, out->memref.size = sizeof(obj_handle); DMSG("PKCS11 session %"PRIu32": generate secret %#"PRIx32, - session_handle, obj_handle); + session->handle, obj_handle); bail: TEE_Free(proc_params); @@ -495,7 +474,6 @@ uint32_t entry_generate_key_pair(struct pkcs11_client *client, TEE_Param *out = ¶ms[2]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; struct pkcs11_attribute_head *proc_params = NULL; struct pkcs11_attrs_head *pub_head = NULL; @@ -512,7 +490,7 @@ uint32_t entry_generate_key_pair(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; @@ -526,7 +504,7 @@ uint32_t entry_generate_key_pair(struct pkcs11_client *client, if (rv) goto bail; - rv = get_ready_session(&session, session_handle, client); + rv = get_ready_session(session); if (rv) goto bail; @@ -637,7 +615,7 @@ uint32_t entry_generate_key_pair(struct pkcs11_client *client, TEE_MemMove(hdl_ptr + 1, &privkey_handle, sizeof(privkey_handle)); DMSG("PKCS11 session %"PRIu32": create key pair %#"PRIx32"/%#"PRIx32, - session_handle, privkey_handle, pubkey_handle); + session->handle, privkey_handle, pubkey_handle); bail: TEE_Free(proc_params); @@ -670,7 +648,6 @@ uint32_t entry_processing_init(struct pkcs11_client *client, TEE_Param *ctrl = ¶ms[0]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; struct pkcs11_attribute_head *proc_params = NULL; uint32_t key_handle = 0; @@ -681,7 +658,7 @@ uint32_t entry_processing_init(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; @@ -698,7 +675,7 @@ uint32_t entry_processing_init(struct pkcs11_client *client, goto bail; } - rv = get_ready_session(&session, session_handle, client); + rv = get_ready_session(session); if (rv) goto bail; @@ -737,7 +714,7 @@ uint32_t entry_processing_init(struct pkcs11_client *client, if (rv == PKCS11_CKR_OK) { session->processing->mecha_type = proc_params->id; DMSG("PKCS11 session %"PRIu32": init processing %s %s", - session_handle, id2str_proc(proc_params->id), + session->handle, id2str_proc(proc_params->id), id2str_function(function)); } @@ -770,7 +747,6 @@ uint32_t entry_processing_step(struct pkcs11_client *client, TEE_Param *ctrl = ¶ms[0]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; uint32_t mecha_type = 0; @@ -780,14 +756,14 @@ uint32_t entry_processing_step(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; if (serialargs_remaining_bytes(&ctrlargs)) return PKCS11_CKR_ARGUMENTS_BAD; - rv = get_active_session(&session, session_handle, client, function); + rv = get_active_session(session, function); if (rv) return rv; @@ -810,7 +786,7 @@ uint32_t entry_processing_step(struct pkcs11_client *client, if (rv == PKCS11_CKR_OK) { session->processing->updated = true; DMSG("PKCS11 session%"PRIu32": processing %s %s", - session_handle, id2str_proc(mecha_type), + session->handle, id2str_proc(mecha_type), id2str_function(function)); } @@ -851,7 +827,6 @@ uint32_t entry_verify_oneshot(struct pkcs11_client *client, TEE_Param *ctrl = ¶ms[0]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; uint32_t mecha_type = 0; @@ -862,14 +837,14 @@ uint32_t entry_verify_oneshot(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; if (serialargs_remaining_bytes(&ctrlargs)) return PKCS11_CKR_ARGUMENTS_BAD; - rv = get_active_session(&session, session_handle, client, function); + rv = get_active_session(session, function); if (rv) return rv; @@ -889,7 +864,7 @@ uint32_t entry_verify_oneshot(struct pkcs11_client *client, else rv = PKCS11_CKR_MECHANISM_INVALID; - DMSG("PKCS11 session %"PRIu32": verify %s %s: %s", session_handle, + DMSG("PKCS11 session %"PRIu32": verify %s %s: %s", session->handle, id2str_proc(mecha_type), id2str_function(function), id2str_rc(rv)); @@ -911,7 +886,6 @@ uint32_t entry_derive_key(struct pkcs11_client *client, TEE_Param *out = ¶ms[2]; uint32_t rv = 0; struct serialargs ctrlargs = { }; - uint32_t session_handle = 0; struct pkcs11_session *session = NULL; struct pkcs11_attribute_head *proc_params = NULL; uint32_t parent_handle = 0; @@ -928,7 +902,7 @@ uint32_t entry_derive_key(struct pkcs11_client *client, serialargs_init(&ctrlargs, ctrl->memref.buffer, ctrl->memref.size); - rv = serialargs_get(&ctrlargs, &session_handle, sizeof(uint32_t)); + rv = serialargs_get_session(&ctrlargs, client, &session); if (rv) return rv; @@ -949,7 +923,7 @@ uint32_t entry_derive_key(struct pkcs11_client *client, goto bail; } - rv = get_ready_session(&session, session_handle, client); + rv = get_ready_session(session); if (rv) goto bail; @@ -1067,7 +1041,7 @@ uint32_t entry_derive_key(struct pkcs11_client *client, out->memref.size = sizeof(out_handle); DMSG("PKCS11 session %"PRIu32": derive key %#"PRIx32"/%s", - session_handle, out_handle, id2str_proc(mecha_id)); + session->handle, out_handle, id2str_proc(mecha_id)); bail: release_active_processing(session); diff --git a/ta/pkcs11/src/serializer.c b/ta/pkcs11/src/serializer.c index 9e0860487b8..d4d48d30dad 100644 --- a/ta/pkcs11/src/serializer.c +++ b/ta/pkcs11/src/serializer.c @@ -17,6 +17,7 @@ #include "serializer.h" #include "pkcs11_helpers.h" +#include "pkcs11_token.h" /* * Util routines for serializes unformatted arguments in a client memref @@ -173,6 +174,32 @@ bool serialargs_remaining_bytes(struct serialargs *args) return args->next < args->start + args->size; } +/* + * Specific helper has PKCS11_CKR_SESSION_HANDLE_INVALID shall take precedence + * other errors when a request is invoked with a bad PKCS#11 session handle + * as specified by the PKCS#11 specification. + */ +uint32_t serialargs_get_session(struct serialargs *args, + struct pkcs11_client *client, + struct pkcs11_session **session) +{ + uint32_t rv = PKCS11_CKR_GENERAL_ERROR; + uint32_t session_handle = 0; + struct pkcs11_session *sess = NULL; + + rv = serialargs_get(args, &session_handle, sizeof(session_handle)); + if (rv) + return rv; + + sess = pkcs11_handle2session(session_handle, client); + if (!sess) + return PKCS11_CKR_SESSION_HANDLE_INVALID; + + *session = sess; + + return PKCS11_CKR_OK; +} + /* * serialize - serialize input data in buffer * diff --git a/ta/pkcs11/src/serializer.h b/ta/pkcs11/src/serializer.h index 00392e4ca37..52d60e36b81 100644 --- a/ta/pkcs11/src/serializer.h +++ b/ta/pkcs11/src/serializer.h @@ -12,6 +12,9 @@ #include #include +struct pkcs11_client; +struct pkcs11_session; + /* * Util routines for serializes unformated arguments in a client memref */ @@ -38,6 +41,10 @@ uint32_t serialargs_alloc_and_get(struct serialargs *args, bool serialargs_remaining_bytes(struct serialargs *args); +uint32_t serialargs_get_session(struct serialargs *args, + struct pkcs11_client *client, + struct pkcs11_session **session); + #define PKCS11_MAX_BOOLPROP_SHIFT 64 #define PKCS11_MAX_BOOLPROP_ARRAY (PKCS11_MAX_BOOLPROP_SHIFT / \ sizeof(uint32_t))