From beda24b7a7315c269ae6ba852483a800c60fd1ec Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich Date: Mon, 18 Sep 2023 11:25:23 +0200 Subject: [PATCH 1/3] Small error message fixups Signed-off-by: Zoltan Fridrich --- p11-kit/add-profile.c | 8 ++++---- p11-kit/delete-object.c | 4 ++-- p11-kit/delete-profile.c | 8 ++++---- p11-kit/export-object.c | 4 ++-- p11-kit/generate-keypair.c | 4 ++-- p11-kit/list-objects.c | 6 +++--- p11-kit/list-profiles.c | 7 +++---- 7 files changed, 20 insertions(+), 21 deletions(-) diff --git a/p11-kit/add-profile.c b/p11-kit/add-profile.c index 9062d80a..24a42a65 100644 --- a/p11-kit/add-profile.c +++ b/p11-kit/add-profile.c @@ -81,7 +81,7 @@ profile_exists (CK_FUNCTION_LIST *module, while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { rv = p11_kit_iter_get_attributes (iter, &attr, 1); if (rv != CKR_OK) { - p11_message (_("failed to retrieve attribute of an object")); + p11_message (_("failed to retrieve attribute of an object: %s"), p11_kit_strerror (rv)); p11_kit_iter_free (iter); return false; } @@ -118,12 +118,12 @@ add_profile (const char *token_str, uri = p11_kit_uri_new (); if (uri == NULL) { - p11_message (_("failed to allocate memory for URI")); + p11_message (_("failed to allocate memory")); goto cleanup; } if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse the token URI")); + p11_message (_("failed to parse URI")); goto cleanup; } @@ -150,7 +150,7 @@ add_profile (const char *token_str, session = p11_kit_iter_get_session (iter); rv = module->C_CreateObject (session, template, template_len, &object); if (rv != CKR_OK) { - p11_message (_("failed to create the profile object: %s"), p11_kit_strerror (rv)); + p11_message (_("failed to create profile object: %s"), p11_kit_strerror (rv)); goto cleanup; } diff --git a/p11-kit/delete-object.c b/p11-kit/delete-object.c index 1c89f86e..a7295e28 100644 --- a/p11-kit/delete-object.c +++ b/p11-kit/delete-object.c @@ -66,12 +66,12 @@ delete_object (const char *token_str) uri = p11_kit_uri_new (); if (uri == NULL) { - p11_message (_("failed to allocate memory for URI")); + p11_message (_("failed to allocate memory")); goto cleanup; } if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse the token URI")); + p11_message (_("failed to parse URI")); goto cleanup; } diff --git a/p11-kit/delete-profile.c b/p11-kit/delete-profile.c index 0c7fe650..885435f8 100644 --- a/p11-kit/delete-profile.c +++ b/p11-kit/delete-profile.c @@ -73,12 +73,12 @@ delete_profile (const char *token_str, uri = p11_kit_uri_new (); if (uri == NULL) { - p11_message (_("failed to allocate memory for URI")); + p11_message (_("failed to allocate memory")); goto cleanup; } if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse the token URI")); + p11_message (_("failed to parse URI")); goto cleanup; } @@ -99,14 +99,14 @@ delete_profile (const char *token_str, while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { rv = p11_kit_iter_get_attributes (iter, &attr, 1); if (rv != CKR_OK) { - p11_message (_("failed to retrieve attribute of an object")); + p11_message (_("failed to retrieve attribute of an object: %s"), p11_kit_strerror (rv)); goto cleanup; } if (profile_id == profile) { rv = p11_kit_iter_destroy_object (iter); if (rv != CKR_OK) - p11_message (_("failed to delete the profile")); + p11_message (_("failed to delete profile: %s"), p11_kit_strerror (rv)); } } diff --git a/p11-kit/export-object.c b/p11-kit/export-object.c index b68600f5..2c697a33 100644 --- a/p11-kit/export-object.c +++ b/p11-kit/export-object.c @@ -141,12 +141,12 @@ export_object (const char *token_str) uri = p11_kit_uri_new (); if (uri == NULL) { - p11_message (_("failed to allocate memory for URI")); + p11_message (_("failed to allocate memory")); goto cleanup; } if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse the token URI")); + p11_message (_("failed to parse URI")); goto cleanup; } diff --git a/p11-kit/generate-keypair.c b/p11-kit/generate-keypair.c index 7e003ca6..d5058a50 100644 --- a/p11-kit/generate-keypair.c +++ b/p11-kit/generate-keypair.c @@ -268,12 +268,12 @@ generate_keypair (const char *token_str, uri = p11_kit_uri_new (); if (uri == NULL) { - p11_message (_("failed to allocate memory for URI")); + p11_message (_("failed to allocate memory")); goto cleanup; } if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse the token URI")); + p11_message (_("failed to parse URI")); goto cleanup; } diff --git a/p11-kit/list-objects.c b/p11-kit/list-objects.c index 00742456..b4a52b8e 100644 --- a/p11-kit/list-objects.c +++ b/p11-kit/list-objects.c @@ -181,7 +181,7 @@ get_object_uri (P11KitIter *iter, uri = p11_kit_uri_new (); if (uri == NULL) { - p11_message (_("failed to allocate memory for URI")); + p11_message (_("failed to allocate memory")); return NULL; } @@ -345,12 +345,12 @@ list_objects (const char *token_str) uri = p11_kit_uri_new (); if (uri == NULL) { - p11_message (_("failed to allocate memory for URI")); + p11_message (_("failed to allocate memory")); goto cleanup; } if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse the token URI")); + p11_message (_("failed to parse URI")); goto cleanup; } diff --git a/p11-kit/list-profiles.c b/p11-kit/list-profiles.c index a3239052..cd437760 100644 --- a/p11-kit/list-profiles.c +++ b/p11-kit/list-profiles.c @@ -44,7 +44,6 @@ #include #include -#include #ifdef ENABLE_NLS #include @@ -73,12 +72,12 @@ list_profiles (const char *token_str) uri = p11_kit_uri_new (); if (uri == NULL) { - p11_message (_("failed to allocate memory for URI")); + p11_message (_("failed to allocate memory")); goto cleanup; } if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse the token URI")); + p11_message (_("failed to parse URI")); goto cleanup; } @@ -99,7 +98,7 @@ list_profiles (const char *token_str) while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { rv = p11_kit_iter_get_attributes (iter, &attr, 1); if (rv != CKR_OK) { - p11_message (_("failed to retrieve attribute of an object")); + p11_message (_("failed to retrieve attribute of an object: %s"), p11_kit_strerror (rv)); goto cleanup; } From 896a11cb53421c639c2f9235c9f3533b910a669e Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich Date: Mon, 18 Sep 2023 11:30:17 +0200 Subject: [PATCH 2/3] Fix add-profile command to create token objects Signed-off-by: Zoltan Fridrich --- p11-kit/add-profile.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/p11-kit/add-profile.c b/p11-kit/add-profile.c index 24a42a65..e79b2e7d 100644 --- a/p11-kit/add-profile.c +++ b/p11-kit/add-profile.c @@ -109,9 +109,11 @@ add_profile (const char *token_str, CK_FUNCTION_LIST **modules = NULL; P11KitUri *uri = NULL; P11KitIter *iter = NULL; + CK_BBOOL token = CK_TRUE; CK_OBJECT_CLASS klass = CKO_PROFILE; CK_ATTRIBUTE template[] = { { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_TOKEN, &token, sizeof (token) }, { CKA_PROFILE_ID, &profile, sizeof (profile) } }; CK_ULONG template_len = sizeof (template) / sizeof (template[0]); From 66a8336492d02888abb059dd06e0f08c4f1f2a3e Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich Date: Mon, 18 Sep 2023 14:13:05 +0200 Subject: [PATCH 3/3] Rework add-profile Signed-off-by: Zoltan Fridrich --- p11-kit/add-profile.c | 114 +++++++++++++++++++++++------------------- 1 file changed, 63 insertions(+), 51 deletions(-) diff --git a/p11-kit/add-profile.c b/p11-kit/add-profile.c index e79b2e7d..312556be 100644 --- a/p11-kit/add-profile.c +++ b/p11-kit/add-profile.c @@ -44,8 +44,8 @@ #include "tool.h" #include -#include #include +#include #ifdef ENABLE_NLS #include @@ -58,53 +58,17 @@ int p11_kit_add_profile (int argc, char *argv[]); -static bool -profile_exists (CK_FUNCTION_LIST *module, - CK_PROFILE_ID profile) -{ - CK_RV rv; - P11KitIter *iter = NULL; - CK_OBJECT_CLASS klass = CKO_PROFILE; - CK_PROFILE_ID profile_id = CKP_INVALID_ID; - CK_ATTRIBUTE matching = { CKA_CLASS, &klass, sizeof (klass) }; - CK_ATTRIBUTE attr = { CKA_PROFILE_ID, &profile_id, sizeof (profile_id) }; - CK_FUNCTION_LIST *modules[] = { module, NULL }; - - iter = p11_kit_iter_new (NULL, 0); - if (iter == NULL) { - p11_message (_("failed to initialize iterator")); - return false; - } - - p11_kit_iter_add_filter (iter, &matching, 1); - p11_kit_iter_begin (iter, modules); - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - rv = p11_kit_iter_get_attributes (iter, &attr, 1); - if (rv != CKR_OK) { - p11_message (_("failed to retrieve attribute of an object: %s"), p11_kit_strerror (rv)); - p11_kit_iter_free (iter); - return false; - } - - if (profile_id == profile) { - p11_kit_iter_free (iter); - return true; - } - } - p11_kit_iter_free (iter); - - return false; -} - static int add_profile (const char *token_str, CK_PROFILE_ID profile) { int ret = 1; CK_RV rv; + const char *pin = NULL; + CK_ULONG count = 0; CK_OBJECT_HANDLE object = 0; CK_SESSION_HANDLE session = 0; - CK_FUNCTION_LIST *prev_module = NULL; + CK_SLOT_ID slot = 0; CK_FUNCTION_LIST *module = NULL; CK_FUNCTION_LIST **modules = NULL; P11KitUri *uri = NULL; @@ -135,33 +99,81 @@ add_profile (const char *token_str, goto cleanup; } - iter = p11_kit_iter_new (uri, P11_KIT_ITER_WANT_WRITABLE); + iter = p11_kit_iter_new (uri, P11_KIT_ITER_WITH_TOKENS | P11_KIT_ITER_WITHOUT_OBJECTS); if (iter == NULL) { p11_message (_("failed to initialize iterator")); goto cleanup; } p11_kit_iter_begin (iter, modules); - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - module = p11_kit_iter_get_module (iter); - if (module == prev_module || profile_exists (module, profile)) { - prev_module = module; - continue; - } + rv = p11_kit_iter_next (iter); + if (rv != CKR_OK) { + p11_message (_("failed to find the token: %s"), p11_kit_strerror (rv)); + goto cleanup; + } - session = p11_kit_iter_get_session (iter); - rv = module->C_CreateObject (session, template, template_len, &object); + module = p11_kit_iter_get_module (iter); + if (module == NULL) { + p11_message (_("failed to obtain module")); + goto cleanup; + } + + slot = p11_kit_iter_get_slot (iter); + if (slot == 0) { + p11_message (_("failed to obtain slot")); + goto cleanup; + } + + rv = module->C_OpenSession (slot, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session); + if (rv != CKR_OK) { + p11_message (_("failed to open session: %s"), p11_kit_strerror (rv)); + goto cleanup; + } + + pin = p11_kit_uri_get_pin_value (uri); + if (pin != NULL) { + rv = module->C_Login (session, CKU_USER, (unsigned char *)pin, strlen (pin)); if (rv != CKR_OK) { - p11_message (_("failed to create profile object: %s"), p11_kit_strerror (rv)); + p11_message (_("failed to login: %s"), p11_kit_strerror (rv)); goto cleanup; } + } + + rv = module->C_FindObjectsInit (session, template, template_len); + if (rv != CKR_OK) { + p11_message (_("failed to initialize search for objects: %s"), p11_kit_strerror (rv)); + goto cleanup; + } + + rv = module->C_FindObjects (session, &object, 1, &count); + if (rv != CKR_OK) { + module->C_FindObjectsFinal (session); + p11_message (_("failed to search for objects: %s"), p11_kit_strerror (rv)); + goto cleanup; + } - prev_module = module; + rv = module->C_FindObjectsFinal (session); + if (rv != CKR_OK) { + p11_message (_("failed to finalize search for objects: %s"), p11_kit_strerror (rv)); + goto cleanup; + } + + if (count != 0) { + p11_message (_("profile already exists")); + goto cleanup; + } + + rv = module->C_CreateObject (session, template, template_len, &object); + if (rv != CKR_OK) { + p11_message (_("failed to create profile object: %s"), p11_kit_strerror (rv)); + goto cleanup; } ret = 0; cleanup: + if (session != 0) + module->C_CloseSession (session); p11_kit_iter_free (iter); p11_kit_uri_free (uri); if (modules != NULL)