From fab914923b94fccbb1e77538a355a8cdcad6b9a4 Mon Sep 17 00:00:00 2001 From: Ruchika Gupta Date: Tue, 29 Dec 2020 13:09:19 +0530 Subject: ta: pkcs11: Add more checks before destroying object in a session Few checks were missing in the implementaion of C_DestroyObject() as per PKCS#11 Specification. These have been added now. These checks are - only session objects can be destroyed during a read only session - only public objects can be destroyed unless the normal user is logged in - Certain objects may not be destroyed. Calling C_DestroyObject on such objects will result in the CKR_ACTION_PROHIBITED error code. An application can consult the object's CKA_DESTROYABLE attribute to determine if an object may be destroyed or not. Signed-off-by: Ruchika Gupta Acked-by: Jens Wiklander --- ta/pkcs11/src/object.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ta/pkcs11/src/object.c b/ta/pkcs11/src/object.c index a9881260..137eeba0 100644 --- a/ta/pkcs11/src/object.c +++ b/ta/pkcs11/src/object.c @@ -402,6 +402,24 @@ enum pkcs11_rc entry_destroy_object(struct pkcs11_client *client, if (!object) return PKCS11_CKR_OBJECT_HANDLE_INVALID; + /* Only session objects can be destroyed during a read-only session */ + if (get_bool(object->attributes, PKCS11_CKA_TOKEN) && + !pkcs11_session_is_read_write(session)) { + DMSG("Can't destroy persistent object"); + return PKCS11_CKR_SESSION_READ_ONLY; + } + + /* + * Only public objects can be destroyed unless normal user is logged in + */ + rc = check_access_attrs_against_token(session, object->attributes); + if (rc) + return PKCS11_CKR_USER_NOT_LOGGED_IN; + + /* Objects with PKCS11_CKA_DESTROYABLE as false aren't destroyable */ + if (!get_bool(object->attributes, PKCS11_CKA_DESTROYABLE)) + return PKCS11_CKR_ACTION_PROHIBITED; + destroy_object(session, object, false); DMSG("PKCS11 session %"PRIu32": destroy object %#"PRIx32, -- cgit v1.2.3