Overview
| Comment: | Updated to deal with comparing the MODULUS attribute with non-exact matches |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: | d689039e524e2bcdad37ef90843aab991bb8169b |
| User & Date: | rkeene on 2011-08-24 03:35:38 |
| Other Links: | manifest | tags |
Context
|
2011-08-24
| ||
| 03:36 | Corrected typo check-in: 8cb81a67c7 user: rkeene tags: trunk | |
| 03:35 | Updated to deal with comparing the MODULUS attribute with non-exact matches check-in: d689039e52 user: rkeene tags: trunk | |
| 01:46 | Updated Mac OS X build scripts check-in: e8be04d9cf user: rkeene tags: trunk | |
Changes
Modified cackey.c from [375972947e] to [05aec72ac3].
1733 1733 CACKEY_DEBUG_PRINTF("Read failed, returning in failure"); 1734 1734 1735 1735 return(NULL); 1736 1736 } 1737 1737 1738 1738 vlen = (vlen_buf[1] << 8) | vlen_buf[0]; 1739 1739 1740 - CACKEY_DEBUG_PRINTF("Tag Length = %i, Value Length = %i", tlen, vlen); 1740 + CACKEY_DEBUG_PRINTF("Tag Length = %lu, Value Length = %lu", (unsigned long) tlen, (unsigned long) vlen); 1741 1741 1742 1742 offset_t += 2; 1743 1743 offset_v += 2; 1744 1744 1745 1745 if (tlen > sizeof(tval_buf)) { 1746 1746 CACKEY_DEBUG_PRINTF("Tag length is too large, returning in failure"); 1747 1747 ................................................................................ 4625 4625 return(CKR_GENERAL_ERROR); 4626 4626 } 4627 4627 4628 4628 CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK); 4629 4629 4630 4630 return(CKR_OK); 4631 4631 } 4632 + 4633 +static int cackey_pkcs11_compare_attributes(CK_ATTRIBUTE *a, CK_ATTRIBUTE *b) { 4634 + unsigned char *smallbuf, *largebuf; 4635 + size_t smallbuf_len, largebuf_len; 4636 + 4637 + CACKEY_DEBUG_PRINTF("Called."); 4638 + 4639 + if (a->type != b->type) { 4640 + return(0); 4641 + } 4642 + 4643 + CACKEY_DEBUG_PRINTF(" ... found matching type ..."); 4644 + 4645 + CACKEY_DEBUG_PRINTBUF(" ... our value:", a->pValue, a->ulValueLen); 4646 + 4647 + if (b->pValue == NULL) { 4648 + CACKEY_DEBUG_PRINTF(" ... found wildcard match"); 4649 + 4650 + return(1); 4651 + } 4652 + 4653 + if (a->pValue == NULL) { 4654 + return(0); 4655 + } 4656 + 4657 + if (b->ulValueLen == a->ulValueLen && memcmp(a->pValue, b->pValue, b->ulValueLen) == 0) { 4658 + CACKEY_DEBUG_PRINTF(" ... found exact match"); 4659 + 4660 + return(1); 4661 + } 4662 + 4663 + switch (a->type) { 4664 + case CKA_MODULUS: 4665 + if (a->ulValueLen == b->ulValueLen) { 4666 + break; 4667 + } 4668 + 4669 + if (a->ulValueLen > b->ulValueLen) { 4670 + smallbuf = b->pValue; 4671 + smallbuf_len = b->ulValueLen; 4672 + 4673 + largebuf = a->pValue; 4674 + largebuf_len = a->ulValueLen; 4675 + } else { 4676 + smallbuf = a->pValue; 4677 + smallbuf_len = a->ulValueLen; 4678 + 4679 + largebuf = b->pValue; 4680 + largebuf_len = b->ulValueLen; 4681 + } 4682 + 4683 + for (; largebuf_len != smallbuf_len; largebuf++,largebuf_len--) { 4684 + if (largebuf[0] != 0) { 4685 + break; 4686 + } 4687 + } 4688 + 4689 + if (largebuf_len != smallbuf_len) { 4690 + break; 4691 + } 4692 + 4693 + if (memcmp(largebuf, smallbuf, smallbuf_len) == 0) { 4694 + CACKEY_DEBUG_PRINTF(" ... found approximate match"); 4695 + 4696 + return(1); 4697 + } 4698 + 4699 + break; 4700 + } 4701 + 4702 + return(0); 4703 +} 4632 4704 4633 4705 CK_DEFINE_FUNCTION(CK_RV, C_FindObjects)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount) { 4634 4706 struct cackey_identity *curr_id; 4635 4707 CK_ATTRIBUTE *curr_attr; 4636 4708 CK_ULONG curr_id_idx, curr_out_id_idx, curr_attr_idx, sess_attr_idx; 4637 4709 CK_ULONG matched_count, prev_matched_count; 4638 4710 int mutex_retval; ................................................................................ 4714 4786 4715 4787 curr_attr = &cackey_sessions[hSession].search_query[curr_attr_idx]; 4716 4788 4717 4789 CACKEY_DEBUG_PRINTF(" Checking for attribute 0x%08lx in identity:%i...", (unsigned long) curr_attr->type, (int) curr_id_idx); 4718 4790 CACKEY_DEBUG_PRINTBUF(" Value looking for:", curr_attr->pValue, curr_attr->ulValueLen); 4719 4791 4720 4792 for (sess_attr_idx = 0; sess_attr_idx < curr_id->attributes_count; sess_attr_idx++) { 4721 - if (curr_id->attributes[sess_attr_idx].type == curr_attr->type) { 4722 - CACKEY_DEBUG_PRINTF(" ... found matching type ..."); 4723 - CACKEY_DEBUG_PRINTBUF(" ... our value:", curr_id->attributes[sess_attr_idx].pValue, curr_id->attributes[sess_attr_idx].ulValueLen); 4793 + if (cackey_pkcs11_compare_attributes(&curr_id->attributes[sess_attr_idx], curr_attr)) { 4794 + matched_count++; 4724 4795 4725 - if (curr_attr->pValue == NULL) { 4726 - CACKEY_DEBUG_PRINTF(" ... found wildcard match"); 4727 - 4728 - matched_count++; 4729 - 4730 - break; 4731 - } 4732 - 4733 - if (curr_attr->ulValueLen == curr_id->attributes[sess_attr_idx].ulValueLen && memcmp(curr_attr->pValue, curr_id->attributes[sess_attr_idx].pValue, curr_id->attributes[sess_attr_idx].ulValueLen) == 0) { 4734 - CACKEY_DEBUG_PRINTF(" ... found exact match"); 4735 - 4736 - matched_count++; 4737 - 4738 - break; 4739 - } 4796 + break; 4740 4797 } 4741 4798 } 4742 4799 4743 4800 /* If the attribute could not be matched, do not try to match additional attributes */ 4744 4801 if (prev_matched_count == matched_count) { 4745 4802 break; 4746 4803 }