diff options
author | Ruchika Gupta <ruchika.gupta@linaro.org> | 2020-12-29 13:09:19 +0530 |
---|---|---|
committer | Jérôme Forissier <jerome@forissier.org> | 2021-01-04 15:21:16 +0100 |
commit | fab914923b94fccbb1e77538a355a8cdcad6b9a4 (patch) | |
tree | 4b1a4bc5fe304de05de2c7811af09c8c033dc98c | |
parent | 08774c86eb563be7b69aab2aa38d3ef6f9de3eb5 (diff) |
ta: pkcs11: Add more checks before destroying object in a session
Few checks were missing in the implementaion of C_DestroyObject()
as per PKCS#11 Specification. These have been added now.
These checks are
- only session objects can be destroyed during a read only session
- only public objects can be destroyed unless the normal user is
logged in
- Certain objects may not be destroyed. Calling C_DestroyObject on
such objects will result in the CKR_ACTION_PROHIBITED error code.
An application can consult the object's CKA_DESTROYABLE
attribute to determine if an object may be destroyed or not.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
-rw-r--r-- | ta/pkcs11/src/object.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/ta/pkcs11/src/object.c b/ta/pkcs11/src/object.c index a9881260..137eeba0 100644 --- a/ta/pkcs11/src/object.c +++ b/ta/pkcs11/src/object.c @@ -402,6 +402,24 @@ enum pkcs11_rc entry_destroy_object(struct pkcs11_client *client, if (!object) return PKCS11_CKR_OBJECT_HANDLE_INVALID; + /* Only session objects can be destroyed during a read-only session */ + if (get_bool(object->attributes, PKCS11_CKA_TOKEN) && + !pkcs11_session_is_read_write(session)) { + DMSG("Can't destroy persistent object"); + return PKCS11_CKR_SESSION_READ_ONLY; + } + + /* + * Only public objects can be destroyed unless normal user is logged in + */ + rc = check_access_attrs_against_token(session, object->attributes); + if (rc) + return PKCS11_CKR_USER_NOT_LOGGED_IN; + + /* Objects with PKCS11_CKA_DESTROYABLE as false aren't destroyable */ + if (!get_bool(object->attributes, PKCS11_CKA_DESTROYABLE)) + return PKCS11_CKR_ACTION_PROHIBITED; + destroy_object(session, object, false); DMSG("PKCS11 session %"PRIu32": destroy object %#"PRIx32, |