From 9cc891385d586cf2a44387c087e2baf9aa1e6c26 Mon Sep 17 00:00:00 2001
From: ericeberry <eric_berry@cable.comcast.com>
Date: Sat, 28 Jan 2023 15:46:42 -0500
Subject: [PATCH] Issue 26: Update to SecApi 3.1.2 sa_import_parameters_soc
 (#27)

---
 src/sec_adapter_cipher.c    |  4 +---
 src/sec_adapter_key.c       | 22 +++++++++++++++++++---
 src/sec_adapter_processor.h |  5 +++++
 test/main/cpp/keyctrl.cpp   |  3 +--
 test/main/cpp/svp.cpp       |  8 +++-----
 5 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/src/sec_adapter_cipher.c b/src/sec_adapter_cipher.c
index 77192a0..0b070f8 100644
--- a/src/sec_adapter_cipher.c
+++ b/src/sec_adapter_cipher.c
@@ -489,9 +489,7 @@ Sec_Result SecCipher_ProcessCtrWithOpaqueDataShift(Sec_CipherHandle* cipherHandl
 Sec_Result SecCipher_KeyCheckOpaque(Sec_CipherHandle* cipherHandle, Sec_OpaqueBufferHandle* opaqueBufferHandle,
         SEC_SIZE checkLength, SEC_BYTE* expected) {
 
-#if (SA_SPECIFICATION_MAJOR >= 3 && \
-        ((SA_SPECIFICATION_MINOR == 1 && SA_SPECIFICATION_REVISION >= 2) || SA_SPECIFICATION_MINOR > 1))
-
+#if MIN_SA_VERSION(3, 1, 2)
     return SEC_RESULT_UNIMPLEMENTED_FEATURE;
 #else
     if (opaqueBufferHandle == NULL) {
diff --git a/src/sec_adapter_key.c b/src/sec_adapter_key.c
index 3c7d4db..c8d4e8f 100644
--- a/src/sec_adapter_key.c
+++ b/src/sec_adapter_key.c
@@ -1,5 +1,5 @@
 /**
- * Copyright 2020-2022 Comcast Cable Communications Management, LLC
+ * Copyright 2020-2023 Comcast Cable Communications Management, LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -2430,7 +2430,11 @@ static Sec_Result process_key_container(Sec_ProcessorHandle* processorHandle, SE
     sa_import_parameters_rsa_private_key_info rsa_parameters;
     sa_import_parameters_ec_private_bytes ec_parameters;
     sa_import_parameters_typej typej_parameters;
+#if MIN_SA_VERSION(3, 1, 2)
+    sa_import_parameters_soc parameters_soc;
+#else
     sa_import_parameters_soc_legacy parameters_soc_legacy;
+#endif
     Sec_KeyHandle* cipherKeyHandle = NULL;
     Sec_KeyHandle* hmacKeyHandle = NULL;
     sa_status status;
@@ -2563,11 +2567,23 @@ static Sec_Result process_key_container(Sec_ProcessorHandle* processorHandle, SE
             *out_key_container = SEC_KEYCONTAINER_SOC;
             memmove(key_buffer, p_data, *key_length);
             key_format = SA_KEY_FORMAT_SOC;
+#if MIN_SA_VERSION(3, 1, 2)
+            // Not sure of the key type, so just give all rights.
+            rights_set_allow_all(&rights, SEC_KEYTYPE_AES_128);
+            size_t length = sizeof(sa_import_parameters_soc);
+            parameters_soc.length[0] = length >> 8 & 0xff;
+            parameters_soc.length[1] = length & 0xff;
+            parameters_soc.version = VERSION_2_KEY_CONTAINER;
+            parameters_soc.default_rights = rights;
+            parameters_soc.object_id = object_id;
+            parameters = &parameters_soc;
+#else
             if (is_jwt_key_container(key_buffer, *key_length)) {
                 parameters = NULL;
             } else {
-                size_t length = sizeof(sa_import_parameters_soc_legacy);
+                // Not sure of the key type, so just give all rights.
                 rights_set_allow_all(&rights, SEC_KEYTYPE_AES_128);
+                size_t length = sizeof(sa_import_parameters_soc_legacy);
                 parameters_soc_legacy.length[0] = length >> 8 & 0xff;
                 parameters_soc_legacy.length[1] = length & 0xff;
                 parameters_soc_legacy.version = VERSION_2_KEY_CONTAINER;
@@ -2575,7 +2591,7 @@ static Sec_Result process_key_container(Sec_ProcessorHandle* processorHandle, SE
                 parameters_soc_legacy.object_id = object_id;
                 parameters = &parameters_soc_legacy;
             }
-
+#endif
             break;
 
         case SEC_KEYCONTAINER_EXPORTED:
diff --git a/src/sec_adapter_processor.h b/src/sec_adapter_processor.h
index d433afc..a1ccd62 100644
--- a/src/sec_adapter_processor.h
+++ b/src/sec_adapter_processor.h
@@ -38,6 +38,11 @@
 
 #define MAX_QUEUE_SIZE 32
 
+#define MIN_SA_VERSION(x, y, z) ( \
+        (SA_SPECIFICATION_MAJOR > x) || \
+        (SA_SPECIFICATION_MAJOR == x && SA_SPECIFICATION_MINOR > y) || \
+        (SA_SPECIFICATION_MAJOR == x && SA_SPECIFICATION_MINOR == y && SA_SPECIFICATION_REVISION >= z))
+
 typedef struct {
     SA_COMMAND_ID command_id;
     va_list* arguments;
diff --git a/test/main/cpp/keyctrl.cpp b/test/main/cpp/keyctrl.cpp
index 90d50d2..0959718 100644
--- a/test/main/cpp/keyctrl.cpp
+++ b/test/main/cpp/keyctrl.cpp
@@ -1612,8 +1612,7 @@ do {
 }
 
 Sec_Result testKeyCtrlSvpCheckOpaque(int version, const char* alg, TestKey contentKey) {
-#if (SA_SPECIFICATION_MAJOR >= 3 && \
-        ((SA_SPECIFICATION_MINOR == 1 && SA_SPECIFICATION_REVISION >= 2) || SA_SPECIFICATION_MINOR > 1))
+#if MIN_SA_VERSION(3, 1, 2)
     return SEC_RESULT_SUCCESS;
 #else
     TestCtx ctx;
diff --git a/test/main/cpp/svp.cpp b/test/main/cpp/svp.cpp
index 88fc7b5..724a585 100644
--- a/test/main/cpp/svp.cpp
+++ b/test/main/cpp/svp.cpp
@@ -19,9 +19,9 @@
 #include "svp.h" // NOLINT
 #include "digest.h"
 #include "sa.h"
+#include "sec_adapter_processor.h"
 #include "test_ctx.h"
-#if (SA_SPECIFICATION_MAJOR >= 3 && ((SA_SPECIFICATION_MINOR == 1 && SA_SPECIFICATION_REVISION < 2) || \
-        SA_SPECIFICATION_MINOR < 1))
+#if !(MIN_SA_VERSION(3, 1, 2))
 #include "cipher.h"
 #endif
 
@@ -90,9 +90,7 @@ Sec_Result testSetTime() {
 }
 
 Sec_Result testKeycheckOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc) {
-#if (SA_SPECIFICATION_MAJOR >= 3 && \
-        ((SA_SPECIFICATION_MINOR == 1 && SA_SPECIFICATION_REVISION >= 2) || SA_SPECIFICATION_MINOR > 1))
-
+#if MIN_SA_VERSION(3, 1, 2)
     return SEC_RESULT_SUCCESS;
 #else
     TestCtx ctx;