p11kit: allow servers to overwrite generated object CK_OBJECT_HANDLE

google · Jun 3, 2022 · 29bc85e · 29bc85e
1 parent e9ff994
commit 29bc85e
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 0 deletions.
diff --git a/p11kit/attribute.go b/p11kit/attribute.go
@@ -70,6 +70,15 @@ func (o *Object) matches(tmpl attribute) bool {
 	return false
 }
 
+// SetID assigns a pre-determined identifier for an object, overriding the
+// random one generated by this package. This is required for some clients,
+// such as Chrome, to identify the same object over multiple sessions.
+//
+// SetID should only be required when combined with Slot.GetObjects.
+func (o *Object) SetID(id uint64) {
+	o.id = id
+}
+
 // SetLabel applies a label to the object, allowing clients to differentiate
 // between different objects of the same type on a single slot.
 func (o *Object) SetLabel(label string) {

diff --git a/p11kit/p11kit_test.go b/p11kit/p11kit_test.go
@@ -207,13 +207,29 @@ func newTestServer(t *testing.T) *Handler {
 	if err := ecdsaPrivObj.SetCertificate(ecdsaCert); err != nil {
 		t.Fatalf("ecdsaPrivObject.SetCertificate failed: %v", err)
 	}
+	ecdsaCertObj2, ecdsaCert2 := parseCert(t, testECDSACert)
+	ecdsaPubObj2 := parsePub(t, testECDSAPrivKey)
+	ecdsaPrivObj2 := parsePriv(t, testECDSAPrivKey)
+	if err := ecdsaPubObj2.SetCertificate(ecdsaCert2); err != nil {
+		t.Fatalf("ecdsaPubObject.SetCertificate failed: %v", err)
+	}
+	if err := ecdsaPrivObj2.SetCertificate(ecdsaCert2); err != nil {
+		t.Fatalf("ecdsaPrivObject2.SetCertificate failed: %v", err)
+	}
 
 	rsaCertObj.SetLabel("foo")
 	rsaPubObj.SetLabel("foo")
 	rsaPrivObj.SetLabel("fookey")
 	ecdsaCertObj.SetLabel("bar")
 	ecdsaPubObj.SetLabel("bar")
 	ecdsaPrivObj.SetLabel("barkey")
+	ecdsaCertObj2.SetLabel("baz")
+	ecdsaPubObj2.SetLabel("baz")
+	ecdsaPrivObj2.SetLabel("bazkey")
+
+	ecdsaCertObj2.SetID(1)
+	ecdsaPubObj2.SetID(2)
+	ecdsaPrivObj2.SetID(3)
 
 	objects := []Object{
 		rsaCertObj,
@@ -225,6 +241,11 @@ func newTestServer(t *testing.T) *Handler {
 		ecdsaPubObj,
 		ecdsaPrivObj,
 	}
+	objects3 := []Object{
+		ecdsaCertObj2,
+		ecdsaPubObj2,
+		ecdsaPrivObj2,
+	}
 
 	hwVersion := Version{0x01, 0x01}
 	fwVersion := Version{0x02, 0x02}
@@ -256,6 +277,16 @@ func newTestServer(t *testing.T) *Handler {
 				FirmwareVersion: fwVersion,
 				Objects:         objects2,
 			},
+			{
+				ID:              0x03,
+				Label:           "slot-0x03",
+				Manufacturer:    "test_man",
+				Model:           "test_model",
+				Serial:          "serial-0x03",
+				HardwareVersion: hwVersion,
+				FirmwareVersion: fwVersion,
+				Objects:         objects3,
+			},
 		},
 	}
 }