static void
test_expose_transaction (Test* test, gconstpointer unused)
{
CK_OBJECT_HANDLE handle;
GkmManager *manager;
GkmObject *check, *object;
GkmTransaction *transaction;
manager = gkm_session_get_manager (test->session);
object = mock_module_object_new (test->session);
handle = gkm_object_get_handle (object);
transaction = gkm_transaction_new ();
/* Should be hidden */
gkm_object_expose (object, FALSE);
check = gkm_manager_find_by_handle (manager, handle);
g_assert (check == NULL);
/* Now it should have a handle, and be visible */
gkm_object_expose_full (object, transaction, TRUE);
check = gkm_manager_find_by_handle (manager, handle);
g_assert (check == object);
gkm_transaction_fail (transaction, CKR_GENERAL_ERROR);
gkm_transaction_complete (transaction);
/* Now should be invisible */
check = gkm_manager_find_by_handle (manager, handle);
g_assert (check == NULL);
g_object_unref (transaction);
}
static CK_RV
gkm_user_module_real_login_change (GkmModule *base, CK_SLOT_ID slot_id, CK_UTF8CHAR_PTR old_pin,
CK_ULONG n_old_pin, CK_UTF8CHAR_PTR new_pin, CK_ULONG n_new_pin)
{
GkmUserModule *self = GKM_USER_MODULE (base);
GkmSecret *old_login, *new_login;
GkmTransaction *transaction;
CK_RV rv;
/*
* Remember this doesn't affect the currently logged in user. Logged in
* sessions will remain logged in, and vice versa.
*/
old_login = gkm_secret_new_from_login (old_pin, n_old_pin);
new_login = gkm_secret_new_from_login (new_pin, n_new_pin);
transaction = gkm_transaction_new ();
gkm_user_storage_relock (self->storage, transaction, old_login, new_login);
g_object_unref (old_login);
g_object_unref (new_login);
gkm_transaction_complete (transaction);
rv = gkm_transaction_get_result (transaction);
g_object_unref (transaction);
return rv;
}
static void
self_destruct (GkmObject *self)
{
GkmTransaction *transaction;
CK_RV rv;
transaction = gkm_transaction_new ();
gkm_object_destroy (self, transaction);
gkm_transaction_complete (transaction);
rv = gkm_transaction_get_result (transaction);
g_object_unref (transaction);
if (rv != CKR_OK)
g_warning ("Unexpected failure to auto destruct object (code: %lu)", (gulong)rv);
}
static void
self_destruct (GkmCredential *self)
{
GkmTransaction *transaction;
CK_RV rv;
g_assert (GKM_IS_CREDENTIAL (self));
transaction = gkm_transaction_new ();
/* Destroy ourselves */
gkm_object_destroy (GKM_OBJECT (self), transaction);
gkm_transaction_complete (transaction);
rv = gkm_transaction_get_result (transaction);
g_object_unref (transaction);
if (rv != CKR_OK)
g_warning ("Couldn't destroy credential object: (code %lu)", (gulong)rv);
}
CK_RV
gkm_aes_mechanism_unwrap (GkmSession *session, CK_MECHANISM_PTR mech,
GkmObject *wrapper, CK_VOID_PTR input, CK_ULONG n_input,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs,
GkmObject **unwrapped)
{
gcry_cipher_hd_t cih;
gcry_error_t gcry;
CK_ATTRIBUTE attr;
GArray *array;
GkmAesKey *key;
gpointer padded, value;
gsize n_padded, n_value;
GkmTransaction *transaction;
gsize block, pos;
gboolean ret;
g_return_val_if_fail (GKM_IS_SESSION (session), CKR_GENERAL_ERROR);
g_return_val_if_fail (mech, CKR_GENERAL_ERROR);
g_return_val_if_fail (mech->mechanism == CKM_AES_CBC_PAD, CKR_GENERAL_ERROR);
g_return_val_if_fail (GKM_IS_OBJECT (wrapper), CKR_GENERAL_ERROR);
if (!GKM_IS_AES_KEY (wrapper))
return CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
key = GKM_AES_KEY (wrapper);
block = gkm_aes_key_get_block_size (key);
g_return_val_if_fail (block != 0, CKR_GENERAL_ERROR);
if (n_input == 0 || n_input % block != 0)
return CKR_WRAPPED_KEY_LEN_RANGE;
cih = gkm_aes_key_get_cipher (key, GCRY_CIPHER_MODE_CBC);
if (cih == NULL)
return CKR_FUNCTION_FAILED;
if (!mech->pParameter || gcry_cipher_setiv (cih, mech->pParameter, mech->ulParameterLen) != 0) {
gcry_cipher_close (cih);
return CKR_MECHANISM_PARAM_INVALID;
}
padded = egg_secure_alloc (n_input);
memcpy (padded, input, n_input);
n_padded = n_input;
/* In place decryption */
for (pos = 0; pos < n_padded; pos += block) {
gcry = gcry_cipher_decrypt (cih, (guchar*)padded + pos, block, NULL, 0);
g_return_val_if_fail (gcry == 0, CKR_GENERAL_ERROR);
}
gcry_cipher_close (cih);
/* Unpad the resulting value */
ret = egg_padding_pkcs7_unpad (egg_secure_realloc, block, padded, n_padded, &value, &n_value);
egg_secure_free (padded);
/* TODO: This is dubious, there doesn't seem to be an rv for 'bad decrypt' */
if (ret == FALSE)
return CKR_WRAPPED_KEY_INVALID;
/* Now setup the attributes with our new value */
array = g_array_new (FALSE, FALSE, sizeof (CK_ATTRIBUTE));
/* Prepend the value */
attr.type = CKA_VALUE;
attr.pValue = value;
attr.ulValueLen = n_value;
g_array_append_val (array, attr);
/* Add the remainder of the attributes */
g_array_append_vals (array, attrs, n_attrs);
transaction = gkm_transaction_new ();
/* Now create an object with these attributes */
*unwrapped = gkm_session_create_object_for_attributes (session, transaction,
(CK_ATTRIBUTE_PTR)array->data, array->len);
egg_secure_free (value);
g_array_free (array, TRUE);
return gkm_transaction_complete_and_unref (transaction);
}
