Store the current object ID in token

When a token is stored and then reloaded during `C_Initialize`, the
token object IDs are reset to zero. Which means new objects will end up
with the same IDs as loaded objects.

This is probably a "bad thing", so let's not do that. With this patch
the next object ID is stored with the token.

Author: LinuxJedi

.gitignore

@@ -34,6 +34,10 @@ coverage.info
 tests/pkcs11test
 tests/pkcs11mtt
 tests/pkcs11str
+tests/object_id_uniqueness_test
+tests/rsa_session_persistence_test
+tests/debug_test
+tests/token_path_test
 examples/add_aes_key
 examples/add_hmac_key
 examples/add_rsa_key

src/internal.c

@@ -477,6 +477,7 @@ typedef struct WP11_Token {
     WP11_Object* object;               /* Linked list of token objects        */
     int objCnt;                        /* Count of objects on token           */
     int tokenFlags;                    /* Flags for token                     */
+    int nextObjId;
 } WP11_Token;
 
 struct WP11_Slot {
@@ -486,7 +487,6 @@ struct WP11_Slot {
     WP11_Lock lock;                    /* Lock for access to slot info        */
 
     int devId;
-    int nextObjId;
 #ifdef WOLFPKCS11_TPM
     WOLFTPM2_DEV tpmDev;
     WOLFTPM2_KEY tpmSrk;
@@ -880,6 +880,7 @@ static int wolfPKCS11_Store_GetMaxSize(int type, int variableSz)
                 FIELD_SIZE(WP11_Token, seed) +
                 FIELD_SIZE(WP11_Token, objCnt) +
                 FIELD_SIZE(WP11_Token, tokenFlags) +
+                FIELD_SIZE(WP11_Token, nextObjId) +
                 variableSz /* soPinLen + userPinLen + (objCnt * long) */
             ;
             break;
@@ -3987,6 +3988,7 @@ static int wp11_Token_Init(WP11_Token* token, const char* label)
     if (ret == 0) {
         token->state = WP11_TOKEN_STATE_INITIALIZED;
         token->loginState = WP11_APP_STATE_RW_PUBLIC;
+        token->nextObjId = 1;
         XMEMCPY(token->label, label, sizeof(token->label));
     }
 
@@ -4130,8 +4132,16 @@ static int wp11_Token_Load(WP11_Slot* slot, int tokenId, WP11_Token* token)
                 if (token->soPinLen > 0) {
                     token->tokenFlags |= WP11_TOKEN_FLAG_SO_PIN_SET;
                 }
+                token->nextObjId = 1;
                 ret = 0;
             }
+            else {
+                ret = wp11_storage_read_int(storage, &token->nextObjId);
+                if (ret == BUFFER_E || token->nextObjId == 0) {
+                    token->nextObjId = 1;
+                    ret = 0;
+                }
+            }
         }
 
         wp11_storage_close(storage);
@@ -4264,6 +4274,11 @@ static int wp11_Token_Store(WP11_Token* token, int tokenId)
             ret = wp11_storage_write_int(storage, token->tokenFlags);
         }
 
+        if (ret == 0) {
+            /* Write next object id. (4) */
+            ret = wp11_storage_write_int(storage, token->nextObjId);
+        }
+
         wp11_storage_close(storage);
 
         object = token->object;
@@ -4414,7 +4429,6 @@ static int wp11_Slot_Init(WP11_Slot* slot, int id)
 
     XMEMSET(slot, 0, sizeof(*slot));
     slot->id = id;
-    slot->nextObjId = 1;
     slot->token.state = WP11_TOKEN_STATE_UNKNOWN;
     slot->token.tokenFlags = 0;
 
@@ -6074,7 +6088,7 @@ int WP11_Session_AddObject(WP11_Session* session, int onToken,
             /* Get next item in list after this object has been added. */
             next = token->object;
             /* Determine handle value */
-            object->handle = OBJ_HANDLE(onToken, session->slot->nextObjId++);
+            object->handle = OBJ_HANDLE(onToken, token->nextObjId++);
             object->next = next;
             token->object = object;
         }
@@ -6092,7 +6106,7 @@ int WP11_Session_AddObject(WP11_Session* session, int onToken,
             /* Get next item in list after this object has been added. */
             next = session->object;
             /* Determine handle value */
-            object->handle = OBJ_HANDLE(onToken, session->slot->nextObjId++);
+            object->handle = OBJ_HANDLE(onToken, token->nextObjId++);
             object->next = next;
             session->object = object;
             object->session = session;

tests/include.am

@@ -31,15 +31,22 @@ noinst_PROGRAMS += tests/debug_test
 tests_debug_test_SOURCES = tests/debug_test.c
 tests_debug_test_LDADD =
 
+check_PROGRAMS += tests/object_id_uniqueness_test
+noinst_PROGRAMS += tests/object_id_uniqueness_test
+tests_object_id_uniqueness_test_SOURCES = tests/object_id_uniqueness_test.c
+tests_object_id_uniqueness_test_LDADD =
+
 if BUILD_STATIC
 tests_pkcs11test_LDADD += src/libwolfpkcs11.la
 tests_pkcs11mtt_LDADD  += src/libwolfpkcs11.la
 tests_pkcs11str_LDADD  += src/libwolfpkcs11.la
 tests_token_path_test_LDADD += src/libwolfpkcs11.la
 tests_rsa_session_persistence_test_LDADD += src/libwolfpkcs11.la
 tests_debug_test_LDADD += src/libwolfpkcs11.la
+tests_object_id_uniqueness_test_LDADD += src/libwolfpkcs11.la
 else
 tests_debug_test_LDADD += src/libwolfpkcs11.la
+tests_object_id_uniqueness_test_LDADD += src/libwolfpkcs11.la
 endif
 
 EXTRA_DIST += tests/unit.h \