ta: pkcs11: Add more checks before destroying object in a session

Few checks were missing in the implementaion of C_DestroyObject()
as per PKCS#11 Specification. These have been added now.
These checks are
- only session objects can be destroyed during a read only session
- only public objects can be destroyed unless the normal user is
logged in
- Certain objects may not be destroyed. Calling C_DestroyObject on
such objects will result in the CKR_ACTION_PROHIBITED error code.
An application can consult the object's CKA_DESTROYABLE
attribute to determine if an object may be destroyed or not.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

1 files changed, 18 insertions, 0 deletions

diff --git a/ta/pkcs11/src/object.c b/ta/pkcs11/src/object.c
index a9881260..137eeba0 100644
--- a/ta/pkcs11/src/object.c
+++ b/ta/pkcs11/src/object.c
@@ -402,6 +402,24 @@ enum pkcs11_rc entry_destroy_object(struct pkcs11_client *client,
 	if (!object)
 		return PKCS11_CKR_OBJECT_HANDLE_INVALID;
 
+	/* Only session objects can be destroyed during a read-only session */
+	if (get_bool(object->attributes, PKCS11_CKA_TOKEN) &&
+	    !pkcs11_session_is_read_write(session)) {
+		DMSG("Can't destroy persistent object");
+		return PKCS11_CKR_SESSION_READ_ONLY;
+	}
+
+	/*
+	 * Only public objects can be destroyed unless normal user is logged in
+	 */
+	rc = check_access_attrs_against_token(session, object->attributes);
+	if (rc)
+		return PKCS11_CKR_USER_NOT_LOGGED_IN;
+
+	/* Objects with PKCS11_CKA_DESTROYABLE as false aren't destroyable */
+	if (!get_bool(object->attributes, PKCS11_CKA_DESTROYABLE))
+		return PKCS11_CKR_ACTION_PROHIBITED;
+
 	destroy_object(session, object, false);
 
 	DMSG("PKCS11 session %"PRIu32": destroy object %#"PRIx32,