WIP: Include URIs for PKCS#11 objects

Fixes: OpenSC#3129 Signed-off-by: Sergio Arroutbi <[email protected]>
sarroutbi · Apr 30, 2024 · 19cf7f3 · 19cf7f3
1 parent 1fb5655
commit 19cf7f3
Show file tree

Hide file tree

Showing 2 changed files with 86 additions and 22 deletions.
diff --git a/src/tests/fuzzing/fuzz_pkcs15init.c b/src/tests/fuzzing/fuzz_pkcs15init.c
@@ -109,7 +109,7 @@ int fuzz_get_reader_data(const uint8_t *from, size_t from_size, const uint8_t **
     size_t i = 0;
     while(i < from_size - 1 && from[i] != '\0')
         i++;
-        
+
     if (from[i] != '\0')
         return 0;
 
@@ -126,6 +126,7 @@ void do_init_app(struct sc_profile *profile, struct sc_pkcs15_card *p15card, sc_
     int                           so_puk_disabled = 0;
 
     memset(&init_args, 0, sizeof(init_args));
+    memset(&info, 0, sizeof(info));
     sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &info);
     if ((info.attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED) &&
         (info.attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
@@ -150,7 +151,7 @@ void do_store_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card, sc
     struct sc_pkcs15init_pinargs pin_args;
     char   pin_id[SC_PKCS15_MAX_ID_SIZE] = "1\0";
     sc_pkcs15init_set_p15card(profile, p15card);
-    
+
     memcpy(pin, "1234555678\0", 11); /* Set new pin */
     memset(&pin_args, 0, sizeof(pin_args));
 
@@ -363,6 +364,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     if (card)
 	    sc_disconnect_card(card);
     sc_release_context(ctx);
-        
+
     return 0;
 }
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
@@ -1648,6 +1648,37 @@ static void list_slots(int tokens, int refresh, int print)
 	}
 }
 
+static const char *
+get_uri(CK_TOKEN_INFO_PTR info)
+{
+	static char URI[1024];
+	unsigned int shift = 0;
+	strcat(URI, "pkcs11:");
+	shift += strlen("pkcs11:");
+	strcat(URI + shift, "model=");
+	shift += strlen("model=");
+	const char *model = percent_encode(info->model, sizeof(info->model));
+	strcat(URI + shift, model);
+	shift += strlen(model);
+	strcat(URI + shift, ";manufacturer=");
+	shift += strlen(";manufacturer=");
+	const char *manufacturer = percent_encode(info->manufacturerID, sizeof(info->manufacturerID));
+	strcat(URI + shift, manufacturer);
+	shift += strlen(manufacturer);
+	strcat(URI + shift, ";serial=");
+	shift += strlen(";serial=");
+	const char *serial = percent_encode(info->serialNumber, sizeof(info->serialNumber));
+	strcat(URI + shift, serial);
+	shift += strlen(serial);
+	strcat(URI + shift, ";token=");
+	shift += strlen(";token=");
+	const char *token = percent_encode(info->label, sizeof(info->label));
+	strcat(URI + shift, token);
+	shift += strlen(token);
+	URI[shift] = '\0';
+	return URI;
+}
+
 static void show_token(CK_SLOT_ID slot)
 {
 	CK_TOKEN_INFO	info;
@@ -1682,14 +1713,7 @@ static void show_token(CK_SLOT_ID slot)
 	printf("  serial num         : %s\n", p11_utf8_to_local(info.serialNumber,
 			sizeof(info.serialNumber)));
 	printf("  pin min/max        : %lu/%lu\n", info.ulMinPinLen, info.ulMaxPinLen);
-	printf("  uri                : pkcs11:");
-	printf("model=%s", percent_encode(info.model, sizeof(info.model)));
-	printf(";manufacturer=");
-	printf("%s", percent_encode(info.manufacturerID, sizeof(info.manufacturerID)));
-	printf(";serial=");
-	printf("%s", percent_encode(info.serialNumber, sizeof(info.serialNumber)));
-	printf(";token=");
-	printf("%s", percent_encode(info.label, sizeof(info.label)));
+	printf("  uri                : %s", get_uri(&info));
 	printf("\n");
 }
 
@@ -5243,7 +5267,6 @@ show_key(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj)
 
 	if ((label = getLABEL(sess, obj, NULL)) != NULL) {
 		printf("  label:      %s\n", label);
-		free(label);
 	}
 
 	if ((id = getID(sess, obj, &size)) != NULL && size) {
@@ -5253,7 +5276,6 @@ show_key(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj)
 		for (n = 0; n < size; n++)
 			printf("%02x", id[n]);
 		printf("\n");
-		free(id);
 	}
 
 	printf("  Usage:      ");
@@ -5355,7 +5377,22 @@ show_key(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj)
 		printf("  Unique ID:  %s\n", unique_id);
 		free(unique_id);
 	}
-
+	CK_TOKEN_INFO info;
+	get_token_info(opt_slot, &info);
+	if (label != NULL) {
+		printf("  uri:        %s;", get_uri(&info));
+		if (id) {
+			printf("id=%%");
+			for (unsigned int n = 0; n < size; n++)
+				printf("%02x", id[n]);
+			free(id);
+		}
+		const char *pelabel = percent_encode((unsigned char *)label, strlen(label));
+		printf(";object=%s;type=public\n", pelabel);
+		free(label);
+	} else {
+		printf("    uri:      %s;type=public", get_uri(&info));
+	}
 	suppress_warn = 0;
 }
 
@@ -5389,7 +5426,6 @@ static void show_cert(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj)
 
 	if ((label = getLABEL(sess, obj, NULL)) != NULL) {
 		printf("  label:      %s\n", label);
-		free(label);
 	}
 
 #if defined(ENABLE_OPENSSL)
@@ -5433,35 +5469,51 @@ static void show_cert(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj)
 		for (n = 0; n < size; n++)
 			printf("%02x", id[n]);
 		printf("\n");
-		free(id);
 	}
 	if ((unique_id = getUNIQUE_ID(sess, obj, NULL)) != NULL) {
 		printf("  Unique ID:  %s\n", unique_id);
 		free(unique_id);
 	}
+	CK_TOKEN_INFO info;
+	get_token_info(opt_slot, &info);
+	if (label != NULL) {
+		printf("  uri:        %s;", get_uri(&info));
+		if (id) {
+			printf("id=%%");
+			for (unsigned int n = 0; n < size; n++)
+				printf("%02x", id[n]);
+			free(id);
+		}
+		const char *pelabel = percent_encode((unsigned char *)label, strlen(label));
+		printf(";object=%s;type=cert\n", pelabel);
+		free(label);
+
+	} else {
+		printf("    uri:      %s;type=cert", get_uri(&info));
+	}
 }
 
 static void show_dobj(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj)
 {
 	unsigned char *oid_buf;
 	char *label;
+	char *application;
 	CK_ULONG    size = 0;
+	CK_TOKEN_INFO info;
 
 	suppress_warn = 1;
 	printf("Data object %u\n", (unsigned int) obj);
 	printf("  label:          ");
 	if ((label = getLABEL(sess, obj, NULL)) != NULL) {
 		printf("'%s'\n", label);
-		free(label);
-	}
-	else   {
+	} else {
 		printf("<empty>\n");
 	}
 
 	printf("  application:    ");
-	if ((label = getAPPLICATION(sess, obj, NULL)) != NULL) {
-		printf("'%s'\n", label);
-		free(label);
+	if ((application = getAPPLICATION(sess, obj, NULL)) != NULL) {
+		printf("'%s'\n", application);
+		free(application);
 	}
 	else   {
 		printf("<empty>\n");
@@ -5494,7 +5546,17 @@ static void show_dobj(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj)
 		printf(" private");
 	if (!getMODIFIABLE(sess, obj) && !getPRIVATE(sess, obj))
 		printf("<empty>");
+	printf("\n");
 
+	get_token_info(opt_slot, &info);
+	if (label != NULL) {
+		printf("  uri:            %s;", get_uri(&info));
+		const char *pelabel = percent_encode((unsigned char *)label, strlen(label));
+		printf("object=%s;type=data\n", pelabel);
+		free(label);
+	} else {
+		printf("    uri:          %s;type=data", get_uri(&info));
+	}
 	printf ("\n");
 	suppress_warn = 0;
 }
@@ -8337,6 +8399,7 @@ static const char *
 percent_encode(CK_UTF8CHAR *string, size_t len)
 {
 	static char buffer[1024];
+	memset(buffer, 0, 1024);
 	size_t output_index, input_index;
 
 	while (len && string[len - 1] == ' ')