Skip to content

Commit 038c8e6

Browse files
LinuxJediLinuxJedi
committed
Add support for CKR_OPERATION_ACTIVE
Stops overwriting previous state. F-1616
1 parent 4fc6ff8 commit 038c8e6

File tree

8 files changed

+744
-32
lines changed

8 files changed

+744
-32
lines changed

.gitignore

Lines changed: 11 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -35,14 +35,12 @@ coverage.info
3535
cmake/wolfpkcs11Config.cmake
3636
cmake/wolfpkcs11Targets.cmake
3737
cmake/wolfpkcs11ConfigVersion.cmake
38-
tests/pkcs11test
39-
tests/pkcs11mtt
40-
tests/pkcs11str
41-
tests/object_id_uniqueness_test
42-
tests/rsa_session_persistence_test
43-
tests/debug_test
44-
tests/token_path_test
45-
tests/pkcs11v3test
38+
# Test binaries and build artifacts
39+
tests/*
40+
!tests/*.c
41+
!tests/*.h
42+
!tests/*.am
43+
!tests/README.md
4644
examples/add_aes_key
4745
examples/add_hmac_key
4846
examples/add_rsa_key
@@ -53,16 +51,7 @@ examples/mech_info
5351
examples/obj_list
5452
examples/slot_info
5553
examples/token_info
56-
store/wp11*
57-
store/debug
58-
store/empty_pin_test
59-
store/object
60-
store/pkcs11mtt
61-
store/pkcs11test
62-
store/pkcs11v3test
63-
store/rsa
64-
store/str
65-
store/debug
54+
store/*
6655
test/*
6756
*.gcda
6857
*.gcno
@@ -73,18 +62,13 @@ add_cert_file
7362
.cache
7463
compile_commands.json
7564

76-
tests/wp11_rsakey_*
77-
tests/wp11_dhkey_*
78-
tests/wp11_ecckey_*
79-
tests/wp11_symmkey_*
80-
tests/wp11_token_*
81-
tests/wp11_obj_*
82-
tests/token_path_test
83-
tests/rsa_session_persistence_test
84-
tests/empty_pin_store_test
8565

8666
IDE/VisualStudio/.vs
8767

8868
doc/doxygen_warnings
8969
doc/html/
9070
doc/refman.pdf
71+
72+
AGENTS.md
73+
CLAUDE.md
74+
.clangd

src/crypto.c

Lines changed: 47 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1794,7 +1794,6 @@ static CK_RV EncryptInit(CK_SESSION_HANDLE hSession,
17941794
WOLFPKCS11_LEAVE("C_EncryptInit", rv);
17951795
return rv;
17961796
}
1797-
17981797
ret = WP11_Object_Find(session, hKey, &obj);
17991798
if (ret != 0) {
18001799
rv = CKR_OBJECT_HANDLE_INVALID;
@@ -2023,6 +2022,11 @@ static CK_RV EncryptInit(CK_SESSION_HANDLE hSession,
20232022
return CKR_MECHANISM_INVALID;
20242023
}
20252024

2025+
if (WP11_Session_IsOpInitializedExact(session, init)) {
2026+
rv = CKR_OPERATION_ACTIVE;
2027+
WOLFPKCS11_LEAVE("C_EncryptInit", rv);
2028+
return rv;
2029+
}
20262030
WP11_Session_SetMechanism(session, pMechanism->mechanism);
20272031
WP11_Session_SetObject(session, obj);
20282032
WP11_Session_SetOpInitialized(session, init);
@@ -2389,6 +2393,7 @@ CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
23892393
return CKR_MECHANISM_INVALID;
23902394
}
23912395

2396+
WP11_Session_SetOpInitialized(session, 0);
23922397
return CKR_OK;
23932398
}
23942399

@@ -2771,7 +2776,6 @@ static CK_RV DecryptInit(CK_SESSION_HANDLE hSession,
27712776
return CKR_SESSION_HANDLE_INVALID;
27722777
if (pMechanism == NULL)
27732778
return CKR_ARGUMENTS_BAD;
2774-
27752779
ret = WP11_Object_Find(session, hKey, &obj);
27762780
if (ret != 0)
27772781
return CKR_OBJECT_HANDLE_INVALID;
@@ -2990,6 +2994,11 @@ static CK_RV DecryptInit(CK_SESSION_HANDLE hSession,
29902994
return CKR_MECHANISM_INVALID;
29912995
}
29922996

2997+
if (WP11_Session_IsOpInitializedExact(session, init)) {
2998+
rv = CKR_OPERATION_ACTIVE;
2999+
WOLFPKCS11_LEAVE("C_DecryptInit", rv);
3000+
return rv;
3001+
}
29933002
WP11_Session_SetMechanism(session, pMechanism->mechanism);
29943003
WP11_Session_SetObject(session, obj);
29953004
WP11_Session_SetOpInitialized(session, init);
@@ -3356,6 +3365,7 @@ CK_RV C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
33563365
return CKR_MECHANISM_INVALID;
33573366
}
33583367

3368+
WP11_Session_SetOpInitialized(session, 0);
33593369
return CKR_OK;
33603370
}
33613371

@@ -3746,6 +3756,11 @@ CK_RV C_DigestInit(CK_SESSION_HANDLE hSession,
37463756
return rv;
37473757
}
37483758
init = WP11_INIT_DIGEST;
3759+
if (WP11_Session_IsOpInitializedExact(session, init)) {
3760+
rv = CKR_OPERATION_ACTIVE;
3761+
WOLFPKCS11_LEAVE("C_DigestInit", rv);
3762+
return rv;
3763+
}
37493764
ret = WP11_Digest_Init(pMechanism->mechanism, session);
37503765

37513766
if (ret == 0) {
@@ -3806,6 +3821,8 @@ CK_RV C_Digest(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
38063821
session);
38073822
*pulDigestLen = hashLen;
38083823

3824+
if (pDigest != NULL && ret == CKR_OK)
3825+
WP11_Session_SetOpInitialized(session, 0);
38093826
return ret;
38103827
}
38113828

@@ -3941,6 +3958,8 @@ CK_RV C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest,
39413958
ret = WP11_Digest_Final(pDigest, &hashLen, session);
39423959
*pulDigestLen = hashLen;
39433960

3961+
if (pDigest != NULL)
3962+
WP11_Session_SetOpInitialized(session, 0);
39443963
return ret;
39453964
}
39463965

@@ -4120,7 +4139,6 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
41204139
return CKR_SESSION_HANDLE_INVALID;
41214140
if (pMechanism == NULL)
41224141
return CKR_ARGUMENTS_BAD;
4123-
41244142
ret = WP11_Object_Find(session, hKey, &obj);
41254143
#ifdef WOLFSSL_MAXQ10XX_CRYPTO
41264144
if ((ret != 0) && (hKey == 0) && (pMechanism->mechanism == CKM_ECDSA)) {
@@ -4130,6 +4148,11 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
41304148

41314149
/* The private key is pre-provisioned so no object to set. */
41324150
init = WP11_INIT_ECDSA_SIGN;
4151+
if (WP11_Session_IsOpInitializedExact(session, init)) {
4152+
rv = CKR_OPERATION_ACTIVE;
4153+
WOLFPKCS11_LEAVE("C_SignInit", rv);
4154+
return rv;
4155+
}
41334156
WP11_Session_SetMechanism(session, pMechanism->mechanism);
41344157
WP11_Session_SetOpInitialized(session, init);
41354158

@@ -4396,6 +4419,11 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
43964419
return CKR_MECHANISM_INVALID;
43974420
}
43984421

4422+
if (WP11_Session_IsOpInitializedExact(session, init)) {
4423+
rv = CKR_OPERATION_ACTIVE;
4424+
WOLFPKCS11_LEAVE("C_SignInit", rv);
4425+
return rv;
4426+
}
43994427
WP11_Session_SetMechanism(session, pMechanism->mechanism);
44004428
WP11_Session_SetObject(session, obj);
44014429
WP11_Session_SetOpInitialized(session, init);
@@ -4763,9 +4791,12 @@ CK_RV C_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
47634791
(void)pSignature;
47644792
return CKR_MECHANISM_INVALID;
47654793
}
4766-
if (ret < 0)
4794+
if (ret < 0) {
4795+
WP11_Session_SetOpInitialized(session, 0);
47674796
return CKR_FUNCTION_FAILED;
4797+
}
47684798

4799+
WP11_Session_SetOpInitialized(session, 0);
47694800
return CKR_OK;
47704801
}
47714802

@@ -5207,7 +5238,6 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,
52075238
WOLFPKCS11_LEAVE("C_VerifyInit", rv);
52085239
return rv;
52095240
}
5210-
52115241
ret = WP11_Object_Find(session, hKey, &obj);
52125242
if (ret != 0) {
52135243
rv = CKR_OBJECT_HANDLE_INVALID;
@@ -5458,6 +5488,11 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,
54585488
return CKR_MECHANISM_INVALID;
54595489
}
54605490

5491+
if (WP11_Session_IsOpInitializedExact(session, init)) {
5492+
rv = CKR_OPERATION_ACTIVE;
5493+
WOLFPKCS11_LEAVE("C_VerifyInit", rv);
5494+
return rv;
5495+
}
54615496
WP11_Session_SetMechanism(session, pMechanism->mechanism);
54625497
WP11_Session_SetObject(session, obj);
54635498
WP11_Session_SetOpInitialized(session, init);
@@ -5760,6 +5795,7 @@ CK_RV C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
57605795
(void)ulSignatureLen;
57615796
return CKR_MECHANISM_INVALID;
57625797
}
5798+
WP11_Session_SetOpInitialized(session, 0);
57635799
if (ret < 0)
57645800
return CKR_FUNCTION_FAILED;
57655801
if (!stat)
@@ -5998,6 +6034,7 @@ CK_RV C_VerifyFinal(CK_SESSION_HANDLE hSession,
59986034
(void)ulSignatureLen;
59996035
return CKR_MECHANISM_INVALID;
60006036
}
6037+
WP11_Session_SetOpInitialized(session, 0);
60016038
if (ret < 0)
60026039
return CKR_FUNCTION_FAILED;
60036040
if (!stat)
@@ -6088,6 +6125,11 @@ CK_RV C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
60886125
if (ret != CKR_OK)
60896126
return ret;
60906127

6128+
if (WP11_Session_IsOpInitializedExact(session, init)) {
6129+
rv = CKR_OPERATION_ACTIVE;
6130+
WOLFPKCS11_LEAVE("C_VerifyRecoverInit", rv);
6131+
return rv;
6132+
}
60916133
WP11_Session_SetMechanism(session, pMechanism->mechanism);
60926134
WP11_Session_SetObject(session, obj);
60936135
WP11_Session_SetOpInitialized(session, init);

src/internal.c

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -954,6 +954,8 @@ static void wp11_Session_Final(WP11_Session* session)
954954
}
955955
#endif
956956
#endif
957+
/* Clear any remaining active operation state not handled above. */
958+
session->init = 0;
957959
}
958960

959961
#ifndef WOLFPKCS11_NO_STORE
@@ -7122,6 +7124,21 @@ int WP11_Session_IsOpInitialized(WP11_Session* session, int init)
71227124
return (session->init & ~WP11_INIT_DIGEST_MASK) == init;
71237125
}
71247126

7127+
/**
7128+
* Check whether the session is initialized for an exact operation value.
7129+
* Unlike WP11_Session_IsOpInitialized, this compares the full init value
7130+
* including digest hash bits.
7131+
*
7132+
* @param session [in] Session object.
7133+
* @param init [in] Expected full init value (including digest bits).
7134+
* @return 1 when session init matches exactly.
7135+
* 0 otherwise.
7136+
*/
7137+
int WP11_Session_IsOpInitializedExact(WP11_Session* session, int init)
7138+
{
7139+
return session->init == init;
7140+
}
7141+
71257142
int WP11_Session_UpdateData(WP11_Session *session, byte *data, word32 dataLen)
71267143
{
71277144
int ret = 0;
@@ -14727,6 +14744,8 @@ int WP11_SetOperationState(WP11_Session* session, unsigned char* stateData,
1472714744
hashAlg = &session->params.digest.hash.alg;
1472814745
#endif
1472914746

14747+
session->init = WP11_INIT_DIGEST;
14748+
1473014749
switch (session->mechanism) {
1473114750
#ifndef NO_MD5
1473214751
case CKM_MD5:

tests/include.am

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,11 @@ noinst_PROGRAMS += tests/ecb_check_value_error_test
5656
tests_ecb_check_value_error_test_SOURCES = tests/ecb_check_value_error_test.c
5757
tests_ecb_check_value_error_test_LDADD =
5858

59+
check_PROGRAMS += tests/operation_active_test
60+
noinst_PROGRAMS += tests/operation_active_test
61+
tests_operation_active_test_SOURCES = tests/operation_active_test.c
62+
tests_operation_active_test_LDADD =
63+
5964
check_PROGRAMS += tests/pkcs11v3test
6065
noinst_PROGRAMS += tests/pkcs11v3test
6166
tests_pkcs11v3test_SOURCES = tests/pkcs11v3test.c
@@ -73,13 +78,15 @@ tests_empty_pin_store_test_LDADD += src/libwolfpkcs11.la
7378
tests_find_objects_null_template_test_LDADD += src/libwolfpkcs11.la
7479
tests_aes_cbc_pad_padding_test_LDADD += src/libwolfpkcs11.la
7580
tests_ecb_check_value_error_test_LDADD += src/libwolfpkcs11.la
81+
tests_operation_active_test_LDADD += src/libwolfpkcs11.la
7682
tests_pkcs11v3test_LDADD += src/libwolfpkcs11.la
7783
else
7884
tests_object_id_uniqueness_test_LDADD += src/libwolfpkcs11.la
7985
tests_empty_pin_store_test_LDADD += src/libwolfpkcs11.la
8086
tests_find_objects_null_template_test_LDADD += src/libwolfpkcs11.la
8187
tests_aes_cbc_pad_padding_test_LDADD += src/libwolfpkcs11.la
8288
tests_ecb_check_value_error_test_LDADD += src/libwolfpkcs11.la
89+
tests_operation_active_test_LDADD += src/libwolfpkcs11.la
8390
endif
8491

8592
EXTRA_DIST += tests/unit.h \

0 commit comments

Comments
 (0)