Complete trust for Mozilla.

author: Stef Walter <stef@memberwebs.com> 2007-05-06 13:40:52 +0000
committer: Stef Walter <stef@memberwebs.com> 2007-05-06 13:40:52 +0000
commit: 80ca168a6b656dfc7bcc0cc32e90391b66b6bf4c (patch)
tree: 61a23ca635748acfa8d23a98105494ad575bc4f1
parent: 8ae74e82e50a2e4e7e48b6a25aad42fadfbcfaca (diff)
6 files changed, 44 insertions, 35 deletions
diff --git a/ckcapi-builtin.c b/ckcapi-builtin.c
index ad70ea2..b4a7e3f 100644
--- a/ckcapi-builtin.c
+++ b/ckcapi-builtin.c
@@ -103,7 +103,7 @@ builtin_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData* objd
 		return CKR_OBJECT_HANDLE_INVALID;
 
 	objdata->data = (void*)all_builtins[bobj->builtin_index];
-	objdata->data_funcs = builtin_objdata_vtable;
+	objdata->data_funcs = &builtin_objdata_vtable;
 
 	return CKR_OK;
 }
@@ -136,7 +136,7 @@ register_builtin_object(CkCapiSession* sess, CK_ULONG index, CkCapiObject** obj)
 	bobj->builtin_index = index;
 
 	bobj->obj.id = 0;
-	bobj->obj.obj_funcs = builtin_object_vtable;
+	bobj->obj.obj_funcs = &builtin_object_vtable;
 	bobj->obj.unique_key = UNIQUE_KEY_AT(bobj, otype);
 	bobj->obj.unique_len = UNIQUE_KEY_LEN(bobj, otype, builtin_index);
 
@@ -173,7 +173,7 @@ ckcapi_builtin_find(CkCapiSession* sess, CK_OBJECT_CLASS cls, CK_ATTRIBUTE_PTR m
 	for(i = 0; i < num_builtins; ++i)
 	{
 		objdata.data = (void*)all_builtins[i];
-		objdata.data_funcs = builtin_objdata_vtable;
+		objdata.data_funcs = &builtin_objdata_vtable;
 
 		if(ckcapi_object_data_match(&objdata, match, count))
 		{
diff --git a/ckcapi-cert.c b/ckcapi-cert.c
index 887fefb..501f2a2 100644
--- a/ckcapi-cert.c
+++ b/ckcapi-cert.c
@@ -405,7 +405,7 @@ cert_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData* objdata
 	 * certificate object is a CERT_CONTEXT pointer.
 	 */
 	objdata->data = (void*)cert;
-	objdata->data_funcs = cert_objdata_vtable;
+	objdata->data_funcs = &cert_objdata_vtable;
 	return CKR_OK;
 }
 
@@ -448,7 +448,7 @@ register_cert_object(CkCapiSession* sess, const char* store, PCCERT_CONTEXT cert
 	cobj->obj.id = 0;
 	cobj->obj.unique_key = UNIQUE_KEY_AT(cobj, otype);
 	cobj->obj.unique_len = UNIQUE_KEY_VAR_LEN(cobj, otype, cert_data, len);
-	cobj->obj.obj_funcs = cert_object_vtable;
+	cobj->obj.obj_funcs = &cert_object_vtable;
 
 	/* Copy Issuer data in */
 	cobj->issuer.cbData = cert->pCertInfo->Issuer.cbData;
@@ -481,6 +481,10 @@ clear_object_data_for_store(CkCapiSession* sess, CkCapiObject* obj,
 	const char* store = (const char*) arg;
 	CertObject *cobj = (CertObject*)obj;
 
+	// Is it one of ours? 
+	if(obj->obj_funcs != &cert_object_vtable)
+		return;
+
 	if(strcmp(cobj->store, store) == 0)
 		ckcapi_session_clear_object_data(sess, obj);
 }
@@ -517,7 +521,7 @@ find_in_store(CkCapiSession* sess, const char* store_name,
 	while((cert = CertEnumCertificatesInStore(store, cert)) != NULL)
 	{
 		objdata.data = (void*)cert;
-		objdata.data_funcs = cert_objdata_vtable;
+		objdata.data_funcs = &cert_objdata_vtable;
 
 		if(ckcapi_object_data_match(&objdata, match, count))
 		{
@@ -581,7 +585,7 @@ match_in_store(CkCapiSession* sess, const char* store_name, PCERT_INFO info,
 
 	/* Match the certificate */
 	objdata.data = (void*)cert;
-	objdata.data_funcs = cert_objdata_vtable;
+	objdata.data_funcs = &cert_objdata_vtable;
 
 	if(ckcapi_object_data_match(&objdata, match, count))
 	{
diff --git a/ckcapi-object.c b/ckcapi-object.c
index 4bc0ce1..763102c 100644
--- a/ckcapi-object.c
+++ b/ckcapi-object.c
@@ -15,8 +15,9 @@ static void
 object_free(CkCapiObject* obj)
 {
 	ASSERT(obj);
-	ASSERT(obj->obj_funcs.release);
-	(obj->obj_funcs.release)(obj);
+	ASSERT(obj->obj_funcs);
+	ASSERT(obj->obj_funcs->release);
+	(obj->obj_funcs->release)(obj);
 }
 
 void
@@ -312,6 +313,7 @@ ckcapi_object_data_match_attr(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR match)
 
 	ASSERT(match);
 	ASSERT(objdata && objdata->data);
+	ASSERT(objdata->data_funcs);
 
 	/* Get the data type of the attribute */
 	dtype = attribute_data_type(match->type);
@@ -329,16 +331,16 @@ ckcapi_object_data_match_attr(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR match)
 	switch(dtype)
 	{
 	case DATA_BOOL:
-		rv = (objdata->data_funcs.get_bool)(objdata->data, match->type, value, &len);
+		rv = (objdata->data_funcs->get_bool)(objdata->data, match->type, value, &len);
 		break;
 	case DATA_ULONG:
-		rv = (objdata->data_funcs.get_ulong)(objdata->data, match->type, value, &len);
+		rv = (objdata->data_funcs->get_ulong)(objdata->data, match->type, value, &len);
 		break;
 	case DATA_BYTES:
-		rv = (objdata->data_funcs.get_bytes)(objdata->data, match->type, value, &len);
+		rv = (objdata->data_funcs->get_bytes)(objdata->data, match->type, value, &len);
 		break;
 	case DATA_DATE:
-		rv = (objdata->data_funcs.get_date)(objdata->data, match->type, value, &len);
+		rv = (objdata->data_funcs->get_date)(objdata->data, match->type, value, &len);
 		break;
 	default:
 		ASSERT(0 && "unrecognized type");
@@ -392,20 +394,20 @@ ckcapi_object_data_get_attrs(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attrs,
 		switch(attribute_data_type(attrs[i].type))
 		{
 		case DATA_BOOL:
-			rv = (objdata->data_funcs.get_bool)(objdata->data, attrs[i].type, 
-												attrs[i].pValue, &attrs[i].ulValueLen);
+			rv = (objdata->data_funcs->get_bool)(objdata->data, attrs[i].type, 
+												 attrs[i].pValue, &attrs[i].ulValueLen);
 			break;
 		case DATA_ULONG:
-			rv = (objdata->data_funcs.get_ulong)(objdata->data, attrs[i].type, 
-													 attrs[i].pValue, &attrs[i].ulValueLen);
+			rv = (objdata->data_funcs->get_ulong)(objdata->data, attrs[i].type, 
+												  attrs[i].pValue, &attrs[i].ulValueLen);
 			break;
 		case DATA_BYTES:
-			rv = (objdata->data_funcs.get_bytes)(objdata->data, attrs[i].type, 
-												 attrs[i].pValue, &attrs[i].ulValueLen);
+			rv = (objdata->data_funcs->get_bytes)(objdata->data, attrs[i].type, 
+												  attrs[i].pValue, &attrs[i].ulValueLen);
 			break;
 		case DATA_DATE:
-			rv = (objdata->data_funcs.get_date)(objdata->data, attrs[i].type, 
-												attrs[i].pValue, &attrs[i].ulValueLen);
+			rv = (objdata->data_funcs->get_date)(objdata->data, attrs[i].type, 
+												 attrs[i].pValue, &attrs[i].ulValueLen);
 			break;
 		case DATA_UNKNOWN:
 			rv = CKR_ATTRIBUTE_TYPE_INVALID;
diff --git a/ckcapi-session.c b/ckcapi-session.c
index 8d00316..dc35ce0 100644
--- a/ckcapi-session.c
+++ b/ckcapi-session.c
@@ -14,8 +14,9 @@ static SessionList the_sessions = { NULL, 0 };
 static void
 object_data_release(CkCapiObjectData* objdata)
 {
-	ASSERT(objdata->data_funcs.release);
-	(objdata->data_funcs.release)(objdata->data);
+	ASSERT(objdata->data_funcs);
+	ASSERT(objdata->data_funcs->release);
+	(objdata->data_funcs->release)(objdata->data);
 	free(objdata);
 }
 
@@ -359,7 +360,8 @@ ckcapi_session_get_object_data(CkCapiSession* sess, CkCapiObject* obj,
 	ASSERT(sess);
 	ASSERT(sess->object_data);
 	ASSERT(obj);
-	ASSERT(obj->obj_funcs.load_data);
+	ASSERT(obj->obj_funcs);
+	ASSERT(obj->obj_funcs->load_data);
 	ASSERT(objdata);
 
 	id = obj->id;
@@ -373,7 +375,7 @@ ckcapi_session_get_object_data(CkCapiSession* sess, CkCapiObject* obj,
 		return CKR_HOST_MEMORY;
 
 	newdata->object = id;
-	ret = (obj->obj_funcs.load_data)(sess, obj, newdata);
+	ret = (obj->obj_funcs->load_data)(sess, obj, newdata);
 	if(ret != CKR_OK) {
 		free(newdata);
 		return ret;
@@ -381,7 +383,7 @@ ckcapi_session_get_object_data(CkCapiSession* sess, CkCapiObject* obj,
 
 	newdata->object = id;
 	ASSERT(newdata->data);
-	ASSERT(newdata->data_funcs.release);
+	ASSERT(newdata->data_funcs);
 
 	if(!ckcapi_hash_set(sess->object_data, &newdata->object, 
 						sizeof(newdata->object), newdata)) {
diff --git a/ckcapi-trust.c b/ckcapi-trust.c
index 9acbfed..db543a7 100644
--- a/ckcapi-trust.c
+++ b/ckcapi-trust.c
@@ -191,12 +191,15 @@ trust_bytes_attribute(void* obj, CK_ATTRIBUTE_TYPE type,
 											   type, data, len);
 
 	/* 
-	 * TODO: These should probably be implemented
+	 * The hash of the DER encoded certificate.
 	 */
 	case CKA_CERT_MD5_HASH:
 	case CKA_CERT_SHA1_HASH:
-		return CKR_ATTRIBUTE_TYPE_INVALID;
-
+		if(!CryptHashCertificate(0, type == CKA_CERT_MD5_HASH ? CALG_MD5 : CALG_SHA1,
+								 0, trust_data->cert->pbCertEncoded, 
+								 trust_data->cert->cbCertEncoded, data, (DWORD*)len))
+			return ckcapi_winerr_to_ckr(GetLastError());
+		return CKR_OK;
 	};
 
 	return CKR_ATTRIBUTE_TYPE_INVALID;
@@ -319,7 +322,7 @@ trust_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData* objdat
 	trust_data->cert = CertDuplicateCertificateContext((PCCERT_CONTEXT)(certdata->data));
 
 	objdata->data = trust_data;
-	objdata->data_funcs = trust_objdata_vtable;
+	objdata->data_funcs = &trust_objdata_vtable;
 
 	return CKR_OK;
 }
@@ -352,7 +355,7 @@ register_trust_object(CkCapiSession* sess, CkCapiObject* cert, CkCapiObject** ob
 	tobj->cert_obj = cert->id;
 
 	tobj->obj.id = 0;
-	tobj->obj.obj_funcs = trust_object_vtable;
+	tobj->obj.obj_funcs = &trust_object_vtable;
 	tobj->obj.unique_key = UNIQUE_KEY_AT(tobj, otype);
 	tobj->obj.unique_len = UNIQUE_KEY_LEN(tobj, otype, cert_obj);
 
diff --git a/ckcapi.h b/ckcapi.h
index d3ead45..4e69c0d 100644
--- a/ckcapi.h
+++ b/ckcapi.h
@@ -60,7 +60,7 @@ typedef struct _CkCapiObjectData
 {
 	CK_OBJECT_HANDLE object;
 	void* data;
-	CkCapiObjectDataVtable data_funcs;
+	const CkCapiObjectDataVtable* data_funcs;
 }
 CkCapiObjectData;
 
@@ -175,9 +175,7 @@ CkCapiObjectVtable;
 struct _CkCapiObject
 {
 	CK_OBJECT_HANDLE id;
-
-	// These items must remain together in the structure
-	CkCapiObjectVtable obj_funcs;
+	const CkCapiObjectVtable* obj_funcs;
 	void* unique_key;
 	size_t unique_len;
 };
author	Stef Walter <stef@memberwebs.com>	2007-05-06 13:40:52 +0000
committer	Stef Walter <stef@memberwebs.com>	2007-05-06 13:40:52 +0000
commit	80ca168a6b656dfc7bcc0cc32e90391b66b6bf4c (patch)
tree	61a23ca635748acfa8d23a98105494ad575bc4f1
parent	8ae74e82e50a2e4e7e48b6a25aad42fadfbcfaca (diff)