Fix repeated insertion of default attributes in SQLite DB

[cryingcatscloud]

This PR fixes repeated insertion of default attributes in the SQLite DB object store.

The DB backend was able to store CKA_PUBLIC_KEY_INFO and CKA_DESTROYABLE, but could not read them back because DBObject::attributeKind() did not classify these attribute types.

Observed with the DB object store:

• CKA_PUBLIC_KEY_INFO / 0x129 / 297 was repeatedly inserted into attribute_binary as X''
• CKA_DESTROYABLE / 0x172 / 370 was repeatedly inserted into attribute_boolean as 1

After several object initializations, duplicate rows accumulated:

2|370|16
3|370|16
4|370|16
5|370|16

and:

2|297|16
3|297|16
4|297|16
5|297|16

The root cause is that P11Attribute::init() calls setDefault() when
osobject->attributeExists(type) returns false. DBObject::attributeExists() depends
on DBObject::accessAttribute(), which uses attributeKind(type) to decide which
attribute table to query. Since these two types returned akUnknown, the attributes
were never found, even though they were already present in SQLite.

At the same time, DBObject::setAttribute() could still insert them because it chooses
the table from the OSAttribute value type:

• CKA_PUBLIC_KEY_INFO is a ByteString and gets inserted into attribute_binary
• CKA_DESTROYABLE is a boolean and gets inserted into attribute_boolean

This made the DB backend repeatedly insert the same default attributes. It also breaks
read-only SQLite token databases, because even operations such as object lookup/signing
can try to initialize these default attributes and write to the DB.

The fix adds the missing mappings:

• CKA_PUBLIC_KEY_INFO -> akBinary
• CKA_DESTROYABLE -> akBoolean

After this, DBObject can read back the attributes it stores, and repeated default
insertion stops.

Summary by CodeRabbit

• New Features
  • Added support for additional PKCS#11 cryptographic key attributes, enhancing compatibility with cryptographic key operations.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 99256aaa-8c5a-4ab1-b19e-d20dcc6aaf4b

📥 Commits

Reviewing files that changed from the base of the PR and between 22b1487 and 42e3869.

📒 Files selected for processing (1)

• src/lib/object_store/DBObject.cpp

---

📝 Walkthrough

Walkthrough

Two new PKCS#11 attribute type cases are added to the attributeKind() switch in DBObject.cpp: CKA_PUBLIC_KEY_INFO is mapped to akBinary and CKA_DESTROYABLE is mapped to akBoolean. No other logic is modified.

Changes

PKCS#11 Attribute Kind Mappings

Layer / File(s)	Summary
New attribute kind cases in attributeKind() src/lib/object_store/DBObject.cpp	Adds CKA_PUBLIC_KEY_INFO → akBinary (line 429) and CKA_DESTROYABLE → akBoolean (line 466) as new case entries in the attributeKind() switch statement.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

Two new attributes hop into the switch,
A binary key and a boolean niche.
🐇 CKA_PUBLIC_KEY_INFO joins the fray,
CKA_DESTROYABLE is here to stay.
The HSM burrows a little deeper today!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Fix repeated insertion of default attributes in SQLite DB' clearly and specifically describes the main bug being fixed in this changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[antoinelochet]

Simple but nice.
Could you add unit tests ?