static void test_expose_transaction (Test* test, gconstpointer unused) { CK_OBJECT_HANDLE handle; GkmManager *manager; GkmObject *check, *object; GkmTransaction *transaction; manager = gkm_session_get_manager (test->session); object = mock_module_object_new (test->session); handle = gkm_object_get_handle (object); transaction = gkm_transaction_new (); /* Should be hidden */ gkm_object_expose (object, FALSE); check = gkm_manager_find_by_handle (manager, handle); g_assert (check == NULL); /* Now it should have a handle, and be visible */ gkm_object_expose_full (object, transaction, TRUE); check = gkm_manager_find_by_handle (manager, handle); g_assert (check == object); gkm_transaction_fail (transaction, CKR_GENERAL_ERROR); gkm_transaction_complete (transaction); /* Now should be invisible */ check = gkm_manager_find_by_handle (manager, handle); g_assert (check == NULL); g_object_unref (transaction); }
static CK_RV gkm_user_module_real_login_change (GkmModule *base, CK_SLOT_ID slot_id, CK_UTF8CHAR_PTR old_pin, CK_ULONG n_old_pin, CK_UTF8CHAR_PTR new_pin, CK_ULONG n_new_pin) { GkmUserModule *self = GKM_USER_MODULE (base); GkmSecret *old_login, *new_login; GkmTransaction *transaction; CK_RV rv; /* * Remember this doesn't affect the currently logged in user. Logged in * sessions will remain logged in, and vice versa. */ old_login = gkm_secret_new_from_login (old_pin, n_old_pin); new_login = gkm_secret_new_from_login (new_pin, n_new_pin); transaction = gkm_transaction_new (); gkm_user_storage_relock (self->storage, transaction, old_login, new_login); g_object_unref (old_login); g_object_unref (new_login); gkm_transaction_complete (transaction); rv = gkm_transaction_get_result (transaction); g_object_unref (transaction); return rv; }
static void self_destruct (GkmObject *self) { GkmTransaction *transaction; CK_RV rv; transaction = gkm_transaction_new (); gkm_object_destroy (self, transaction); gkm_transaction_complete (transaction); rv = gkm_transaction_get_result (transaction); g_object_unref (transaction); if (rv != CKR_OK) g_warning ("Unexpected failure to auto destruct object (code: %lu)", (gulong)rv); }
static void self_destruct (GkmCredential *self) { GkmTransaction *transaction; CK_RV rv; g_assert (GKM_IS_CREDENTIAL (self)); transaction = gkm_transaction_new (); /* Destroy ourselves */ gkm_object_destroy (GKM_OBJECT (self), transaction); gkm_transaction_complete (transaction); rv = gkm_transaction_get_result (transaction); g_object_unref (transaction); if (rv != CKR_OK) g_warning ("Couldn't destroy credential object: (code %lu)", (gulong)rv); }
CK_RV gkm_aes_mechanism_unwrap (GkmSession *session, CK_MECHANISM_PTR mech, GkmObject *wrapper, CK_VOID_PTR input, CK_ULONG n_input, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs, GkmObject **unwrapped) { gcry_cipher_hd_t cih; gcry_error_t gcry; CK_ATTRIBUTE attr; GArray *array; GkmAesKey *key; gpointer padded, value; gsize n_padded, n_value; GkmTransaction *transaction; gsize block, pos; gboolean ret; g_return_val_if_fail (GKM_IS_SESSION (session), CKR_GENERAL_ERROR); g_return_val_if_fail (mech, CKR_GENERAL_ERROR); g_return_val_if_fail (mech->mechanism == CKM_AES_CBC_PAD, CKR_GENERAL_ERROR); g_return_val_if_fail (GKM_IS_OBJECT (wrapper), CKR_GENERAL_ERROR); if (!GKM_IS_AES_KEY (wrapper)) return CKR_WRAPPING_KEY_TYPE_INCONSISTENT; key = GKM_AES_KEY (wrapper); block = gkm_aes_key_get_block_size (key); g_return_val_if_fail (block != 0, CKR_GENERAL_ERROR); if (n_input == 0 || n_input % block != 0) return CKR_WRAPPED_KEY_LEN_RANGE; cih = gkm_aes_key_get_cipher (key, GCRY_CIPHER_MODE_CBC); if (cih == NULL) return CKR_FUNCTION_FAILED; if (!mech->pParameter || gcry_cipher_setiv (cih, mech->pParameter, mech->ulParameterLen) != 0) { gcry_cipher_close (cih); return CKR_MECHANISM_PARAM_INVALID; } padded = egg_secure_alloc (n_input); memcpy (padded, input, n_input); n_padded = n_input; /* In place decryption */ for (pos = 0; pos < n_padded; pos += block) { gcry = gcry_cipher_decrypt (cih, (guchar*)padded + pos, block, NULL, 0); g_return_val_if_fail (gcry == 0, CKR_GENERAL_ERROR); } gcry_cipher_close (cih); /* Unpad the resulting value */ ret = egg_padding_pkcs7_unpad (egg_secure_realloc, block, padded, n_padded, &value, &n_value); egg_secure_free (padded); /* TODO: This is dubious, there doesn't seem to be an rv for 'bad decrypt' */ if (ret == FALSE) return CKR_WRAPPED_KEY_INVALID; /* Now setup the attributes with our new value */ array = g_array_new (FALSE, FALSE, sizeof (CK_ATTRIBUTE)); /* Prepend the value */ attr.type = CKA_VALUE; attr.pValue = value; attr.ulValueLen = n_value; g_array_append_val (array, attr); /* Add the remainder of the attributes */ g_array_append_vals (array, attrs, n_attrs); transaction = gkm_transaction_new (); /* Now create an object with these attributes */ *unwrapped = gkm_session_create_object_for_attributes (session, transaction, (CK_ATTRIBUTE_PTR)array->data, array->len); egg_secure_free (value); g_array_free (array, TRUE); return gkm_transaction_complete_and_unref (transaction); }