Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] Alignment guarantees for CK_ATTRIBUTE #626

Open
H5117 opened this issue Mar 2, 2024 · 5 comments
Open

[Question] Alignment guarantees for CK_ATTRIBUTE #626

H5117 opened this issue Mar 2, 2024 · 5 comments

Comments

@H5117
Copy link

H5117 commented Mar 2, 2024

PKCS#11 2.40 and later describes a CK_ATTRIBUTE in the following way:

typedef struct CK_ATTRIBUTE {
  CK_ATTRIBUTE_TYPE type;
  CK_VOID_PTR pValue;
  CK_ULONG ulValueLen;
} CK_ATTRIBUTE;

Note that pValue is a “void” pointer, facilitating the passing of arbitrary values. 
Both the application and Cryptoki library MUST ensure that the pointer can be safely cast to the expected type (i.e., without word-alignment errors).

And "the application" is defined in the following way:

Application       Any computer program that calls the Cryptoki interface.

But API of p11-kit for URIs in the gray zone here, because parsing a PKCS#11 URI does not require to call Cryptoki interface.

So, the question: what alignment guarantees does p11-kit provide for CK_ATTRIBUTEs returned by p11_kit_uri_get_attributes() or p11_kit_uri_get_attribute()? Can I pass these attributes to C_FindObjectsInit() safely or should I repack them to ensure that *pValue is properly aligned?
@ZoltanFridrich
Copy link
Contributor

When setting attributes of a p11-kit URI, all attribute values are allocated with malloc() which "returns a pointer that is suitably aligned for any object type with fundamental alignment". So I guess the p11_kit_uri_get_attributes() and p11_kit_uri_get_attribute() functions should have the same allignment guarantee, ie. it should be safe to pass them to lets say C_FindObjectsInit().

@H5117
Copy link
Author

H5117 commented Mar 4, 2024

OK, i. e. for now it is safe. But what about future? Is there some policy in p11-kit that guarantees it won't change?

I am going to use this assumption in the code for unlocking a root volume with a PKCS#11 token, and with wrong alignment a system will fail to boot.

@ZoltanFridrich
Copy link
Contributor

It is unlikely to change, but I don't think that currently there is any policy that guarantees this in p11-kit. We might add a guarantee. I will discuss this with @ueno

@H5117
Copy link
Author

H5117 commented Apr 11, 2024

Any decision on this?

@ueno
Copy link
Member

ueno commented Apr 12, 2024
edited
Loading

As far as I recall, we reached the consensus that the API should guarantee the alignment. It may not be possible alone, if the applications set arbitrary attribute through p11_kit_uri_set_attribute; we can add the guidance to the documentation.

@H5117 H5117 mentioned this issue Apr 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ueno @ZoltanFridrich @H5117